Azure Dev Ops security architecture connecting to different tenancies/subscriptions

Occasional Visitor

Hi ,

Can someone help me understanding Dev Ops Security Architect connecting to tenancies/subscriptions?

1 Reply



If you need Azure DevOps to connect to the other subscription, you will need a Service Principal account.  This can be created from inside Azure DevOps if you are a user with owner access on the subscription to create a Service Principal or you can use an existing Service Principal account. https://docs.microsoft.com/en-us/powershell/azure/create-azure-service-principal-azureps?view=azps-2...


Once you have that account you can create a service connection in Azure DevOps for your project. This account can be used in your pipelines. You will need to pick the subscription during the creation of tasks so make sure you label the service connection so its easy to find.



One point to look at for is the access levels the service principal account has, It will need read access to the subscription but only contributure access to any resource groups if you want to lock it down.


Related Conversations
Security Community Webinars
Valon_Kolica in Security, Privacy & Compliance on
15 Replies
Email encryption with office 365 and azure
Jay Hampton in Office 365 on
1 Replies
Edge insider Dev Group Policy files are missing
HotCakeX in Enterprise on
4 Replies
Join Our Security Community
Ryan Heffernan in Security, Privacy & Compliance on
2 Replies
Edge Dev Tabs Crash
cronhan in Discussions on
7 Replies