Azure DevOps - Azure Service Connection

To deploy a website, an Azure function or a WebJob in Azure, via Azure DevOps, the easiest and most efficient way is to use the Azure Web App Deployment task.

If your Azure DevOps account is the same as the one used in the Azure portal, you will probably have no trouble to select your Azure Subscription from the list of subscriptions displayed on this screen.

However, if you need to deploy to an Azure environment that you don’t own (the customer’s, for example), it becomes much more complicated because you must first register this account in your list of Azure Subscriptions. But once this Subscription is defined, the rest is a piece of cake.

Recover access settings for Azure services

To link a subscription to your Azure Subscriptions list (via the Manage link), you must have security settings:

• Subscription ID
• Subscription Name
• Tenant ID
• Application ID (Service Principal ID)
• Password (Service Principal Key)

This must be done using the Administrator account of the Azure Subscription (of the customer, for example). From the Azure portal, logged in with this user, you open the PowerShell Command Line panel (at the top of the screen).

You run the first command az ad sp create-for-rbac --name ServicePrincipalName which shows you the last two parameters we’ll need.

You run the second command az account show which displays the first three parameters we will need.

Keep these values for use in the following steps.

Manage your Connections Services

In Azure DevOps, display your project settings, then click on the New service connection button on the “Services connections” page.

Complete the registration screens as follows:

• Connection type: Azure Resource Manager
• Authentification method: Service principal (manual)
• Subscription settings:
  • Subscription ID
  • Subscription Name
  • Tenant ID
  • Application ID (Service Principal ID)
  • Password (Service Principal Key)

Press the Verify and save button to validate that all settings are correct and to save your service.

Using the new Service Connection

Go back to your Azure DevOps Pipeline (build or release) and add the task Azure Web App Deployment.

Your new Azure Services connection should show up in the Azure Subscriptions list. If it does not, press the refresh button on the list (right); you can click Manage to return to the configuration screen and to verify the settings.

The other parameters are automatically found by Microsoft : App Type, App Name, Folder, …

Select the Zip Deploy deployment method to ensure that the task will push the files from your package or from your folder, to the wwwroot folder in the App Service (this is easier to verify later the deployment, via FTP or Kudu).