I was recently tasked with deploying applications to Azure resources and setting up a CI/CD pipeline in Azure DevOps. A crucial part of this process is creating a Service Connection, which allows Azure DevOps to interact with Azure resources securely.

This tutorial will guide you through the process of setting up a Service Connection in Azure DevOps using Azure Managed Identity. This method enhances security by leveraging Azure's built-in authentication mechanisms, eliminating the need to store sensitive credentials.

By following this guide, you'll learn how to:

1. Set up a Service Connection in Azure DevOps
2. Configure Azure Managed Identity for use with your Service Connection

Let's begin with the step-by-step process to create your Service Connection and configure the necessary Azure resources.

1. Navigate to Project Settings and locate "Service Connections" under the Pipelines section. Click on "New Service Connection".

2. From the list of options, select "Azure Resource Manager". Then, choose "Workload Identity Federation (Manual)" as the authentication method.

   

   

3. Provide a descriptive name for your Service Connection in the designated field.

4. When proceeding to next step, you will see a form with several fields
   to complete :

   • Subscription ID
   • Subscription Name
   • Service Principal ID
   • Tenant ID

   

5. For the Subscription ID and Subscription Name, you can retrieve these details from the Resource Group information in the Azure Portal:

6. Navigate to your Resource Group in the Azure Portal

7. Look for the Subscription ID and Subscription Name in the Resource Group's overview section

   

   Setup Azure Managed Identity for Service Principal ID & Tenant ID

8. In the Azure Portal, navigate to Managed Identity > Settings > Federated Credentials. Click on "Add Credential".

   

9. In the "Add Federated Credential" page, locate the "Federated credential scenario" field and select the "Other" option.

   

10. In the "Connect Your Account" section, populate the "Issuer URL" and "Subject Identifier" fields using the data provided in the Azure DevOps Service Connection Setup.

    

11. Assign a descriptive name to the Federated Credential, then click "Add" to create it.

12. After the Federated Credential is successfully saved, return to Managed Identity > Settings > Properties

13. In the Properties section, locate and copy the following data from the Managed Identity to the corresponding fields in the Azure DevOps Service Connection settings:

    Managed Identity Field	Azure DevOps Service Connection Field
    Client Id	Service Principal Id
    Tenant Id	Tenant Id

14. Click on "Verify and Save". Ensure that the Managed Identity has the appropriate Role Assignments for the Service Connection to function correctly.

    

Congratulations! You've now set up a Service Connection in Azure DevOps using Azure Managed Identity. Here's a quick recap:

1. You created a Service Connection in Azure DevOps
2. You configured Azure Managed Identity for improved security
3. Your Azure DevOps project is now linked to Azure resources without storing credentials

Remember to:

• Keep your Service Connection settings up to date
• Ensure your Managed Identity has the right permissions in Azure
• Test your new Service Connection with a simple pipeline

Happy Deploying!