cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Azure Dev Ops security architecture connecting to different tenancies/subscriptions

santoshpandey11
Copper Contributor

‎Sep 18 2019 11:19 PM

‎Sep 18 2019 11:19 PM

Azure Dev Ops security architecture connecting to different tenancies/subscriptions

Hi ,

Can someone help me understanding Dev Ops Security Architect connecting to tenancies/subscriptions?

Labels:
688 Views
0 Likes
1 Reply
Reply
1 Reply
Craig Wilson

‎Oct 14 2019 01:26 PM

‎Oct 14 2019 01:26 PM

Re: Azure Dev Ops security architecture connecting to different tenancies/subscriptions

@santoshpandey11 

 

If you need Azure DevOps to connect to the other subscription, you will need a Service Principal account.  This can be created from inside Azure DevOps if you are a user with owner access on the subscription to create a Service Principal or you can use an existing Service Principal account. https://docs.microsoft.com/en-us/powershell/azure/create-azure-service-principal-azureps?view=azps-2...

 

Once you have that account you can create a service connection in Azure DevOps for your project. This account can be used in your pipelines. You will need to pick the subscription during the creation of tasks so make sure you label the service connection so its easy to find.

https://docs.microsoft.com/en-us/azure/devops/pipelines/library/service-endpoints?view=azure-devops&...

 

One point to look at for is the access levels the service principal account has, It will need read access to the subscription but only contributure access to any resource groups if you want to lock it down.

 

0 Likes
Reply