Documentation related to component

Sidecar, Managed Identity, Workload Identity, AgentID, Managed Identity for containers (AKS, Kubernetes, Docker)

Please check all that apply

• documentation needs clarification
• error(s) in the example
• needs an example

Description of the issue

Current documentation and usage guidelines for managed identity in containerized environments describe using:

- name: AzureAd__ClientCredentials__0__SourceType
  value: "SignedAssertionFromManagedIdentity"

This is not correct for containers (Kubernetes, AKS, Docker, etc.) using Azure AD Workload Identity.

Per CredentialDescription specification, and latest guidance, client credentials in this scenario should use:

- name: AzureAd__ClientCredentials__0__SourceType
  value: "SignedAssertionFilePath"
- name: AzureAd__ClientCredentials__0__SignedAssertionFilePath
  value: "/var/run/secrets/azure/tokens/azure-identity-token"

Please update the following:

• Replace or deprecate documented patterns using SignedAssertionFromManagedIdentity for container workload identity scenarios with SignedAssertionFilePath.
• For managed identity in AKS/containers, document SignedAssertionFilePath as the required parameter, with an example of the projected token file path.
• Retain SignedAssertionFromManagedIdentity only for classic MSI scenarios (VMs, App Services).
• Cross-reference the correct CredentialDescription usage: AzureAD/microsoft-identity-abstractions-for-dotnet/docs/credentialdescription.md
• Confirm and clarify in sidecar/configuration.md, sidecar/scenarios/managed-identity.md, and any scenario or security documentation referencing AKS, Kubernetes, or container deployment.

Context

A repo-wide scrub found that all container-managed identity documentation either leaves out the correct pattern or references SignedAssertionFromManagedIdentity, which is not supported for containers. Correct support requires SignedAssertionFilePath.