Using Azure Managed Identities in applications hosted om Azure VMs?

We have an on-prem solution where a Windows Service (on a Windows Server VM) accesses a SQL Server database on another Windows Server VM. The Windows Service runs under a certain domain user (Log On), Integrated Security is specified in the connection string, and that user has been granted access to the database.

We are now moving this to Azure. How would you set this up?

Is it possible to use Azure Managed Identity in this scenario (a Windows Service on a VM, connecting to a SQL Server database on another VM)? Which user would the Windows Service run under, Local System? And would I specify Managed Identity instead of Integrated Security in the connection string? How would I grant access to the Managed Identity in SQL server? Would I have to setup RBAC somehow for the Windows Service VM to be able to access the SQL Server VM?

Or am I getting all of this wrong? Would it help if we moved the database from inside a VM to become a Azure SQL Managed Intance or Azure SQL database?