Azure Dev Ops security architecture connecting to different tenancies/subscriptions

Occasional Visitor

Hi ,

Can someone help me understanding Dev Ops Security Architect connecting to tenancies/subscriptions?

1 Reply



If you need Azure DevOps to connect to the other subscription, you will need a Service Principal account.  This can be created from inside Azure DevOps if you are a user with owner access on the subscription to create a Service Principal or you can use an existing Service Principal account. https://docs.microsoft.com/en-us/powershell/azure/create-azure-service-principal-azureps?view=azps-2...


Once you have that account you can create a service connection in Azure DevOps for your project. This account can be used in your pipelines. You will need to pick the subscription during the creation of tasks so make sure you label the service connection so its easy to find.



One point to look at for is the access levels the service principal account has, It will need read access to the subscription but only contributure access to any resource groups if you want to lock it down.


Related Conversations
Tabs and Dark Mode
cjc2112 in Discussions on
46 Replies
Extentions Synchronization
Deleted in Discussions on
3 Replies
Stable version of Edge insider browser
HotCakeX in Discussions on
35 Replies
How to Prevent Teams from Auto-Launch
chenrylee in Microsoft Teams on
29 Replies
flashing a white screen while open new tab
Deleted in Discussions on
14 Replies
Security Community Webinars
Valon_Kolica in Security, Privacy & Compliance on
13 Replies