I have a hosted agent VM in a VNET in my Azure subscription that is supposed to do Bicep deployments to my Azure subscription. It is working well.

I am noticing that Microsoft-hosted agents also can deploy resources or do updates in my Azure subscription once they have a valid service connection. The same pipeline can run on both Self-hosted VM agents or Microsoft-hosted agents. This is a concern for our security department. The preference is that no external entity (outside a designated VNET in the subscription) should be able to access the subscription. We want to establish network isolation between subscription and external access, whether a valid service connection is available or not.

CodePudding user response：

If you have private agent you can limit access to your resources by filtering IP address. I don't know your infrstracture so I cannot say preciesly but for App Services of Function App you could use scm restrictions to limits deployments just to your private agent.

You won't be able to establish that on subcription level, but you could try something different. If you host you agent on Azure (vritual machine or scale set), you could use Managed Identity, then you could use this instead of service connection (or try service connection with Managed Identity), and then using Service Connection outside of your agent become pointless.

Please check this tutorial for more details:

If you use the Managed Identity enabled on a (Windows) Virtual Machine in Azure you can only request an Azure AD bearer token from that Virtual Machine, unlike a Service Principal.