I want to use the "ARM template deployment" task in Azure pipelines, and for this, I need to set up a service connection of type "Azure Resource Manager connection". So I head over to the Service connections pane. And it turns out that in order to configure this service connection, one of the authentication methods is using a service principal.

So I'v tried learning a little bit about service principals, and what I've understood so far is as such:

App registration is the process of registering applications which I want to delegate identity and access management to Azure AD for. A service principal is a concrete instantiation of the Application object that I create in my Azure AD tenant.

I didn't yet get my head around all these concepts well enough, but what I don't even start to understand is what does all that have to do with an authentication method for a Azure Resource Manager service connection in Azure DevOps??

Can someone please clear up the fog for me?

CodePudding user response：

1. Azure Devops is not integrated with Azure portal by any means. Also, Azure Devops is not a trusted service even by Microsoft itself.
2. The Service Connection will help you to establish a connection between Azure portal and Azure Devops. Here, the service principal acts like a user account to establish the connection.

CodePudding user response：

First of all, for using the task "ARM template deployment" in Azure DevOps pipeline, this task is used to deploy Azure Resource Manager templates at resource group deployment scope, subscription deployment scope and management group deployment scopes. The task is also used to create or update a resource group in Azure.

And you should select your Azure Resource and specified subscription which are the prerequisites of the task usage, then for connecting to a subscription which is associated with an Azure Active Directory tenant when building pipeline, it is needed to create a Service connection to help work between pipeline and connect to Azure Subscription. For more info, you can refer to doc: Azure DevOps Connection Services. And you should also login authenticate via service principle instead of user, it is just like Azure log in.

Besides, you can also manage your Azure subscriptions at scale with management groups via this doc: Organize subscriptions into management groups and assign roles to users for Microsoft Defender for Cloud | Microsoft Learn .