You have an Azure subscription that contains an Azure Active Directory (Azure AD) tenant.
You are configuring a build pipeline in Azure Pipelines that will include a task named Task1. Task1 will authenticate by using an Azure AD service principal.
Which three values should you configure for Task1? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
To configure Task1 to use an Azure Active Directory (Azure AD) service principal in Azure Pipelines, you will need three key pieces of information: the tenant ID, the app ID (also known as the client ID), and the client secret. The tenant ID uniquely identifies the Azure AD tenant. The app ID identifies the service principal's application within the tenant. The client secret is used as the password for the service principal to authenticate. The subscription ID and object ID are not necessary for the configuration of the service principal in this context.
Should be A. the tenant ID D. the app ID C. the client secret
From https://azuredevopslabs.com/labs/devopsserver/azureserviceprincipal/ (see also the screenshots there) ... 4. Run "az ad sp create-for-rbac --name ServicePrincipalName" 5. Azure will generate an appID, which is the Service principal client ID used by Azure DevOps Server. It will also generate a strong password, which is the Service principal key. The final value of interest is the tenant, which is the Tenant ID... 6. Execute "az account show" 7. The id is the Subscription ID you need to create the service connection. The name is the Subscription name you need. >> I validated this approach . >> Conclusion: The given answer ABD is correct. It is a bit confusing because the fields in Azure Devops "Create service connection" have different names than in the CLI output. But there is no "client secret" and no "object id".
This answer is well supported, and most legit.
Correct, in task1 we can use powershell for connection, so could use Tenant ID, App ID, secret https://docs.microsoft.com/en-us/powershell/azure/authenticate-azureps?view=azps-7.3.0#sign-in-with-a-service-principal
A. the tenant ID C. the client secret D. the app ID
The Azure Resource Manager service connection asks for the following config: A. the tenant ID B. the subscription ID C. the client secret D. the app ID To test an azure service principal you will need 1. Service principal application ID. 2. Service principal key. 3. Your Azure AD tenant ID. Therefore i'd be inclined to put: A. the tenant ID C. the client secret D. the app ID
there is no ask for subscriptionID when using app credentials, but only tenant, client ID (ie. app ID) and client secret (ie. app secret)
A. the tenant ID C. the client secret D. the app ID
Acd is the correct answer
Should be A, C, D
A C & D are correct answers.
Go to Azure Devops-->Projects Settings-->Service Connection. Then you will see the ✑ Tenant ID ✑ Subscription ID ✑ Subscription name ✑ Service principal ID
On exam 20220727. Question was phrased a little different there, with combinations of the different components.
From https://docs.microsoft.com/en-us/learn/modules/authenticate-azure-deployment-pipeline-service-principals/6-exercise-authorize-service-principal-deployments?pivots=powershell#deploy-the-bicep-file-by-using-the-service-principal ...you'll simulate what a pipeline does to deploy ... Use the service principal's application ID and key (so D and C) to get the credentials. Then, to sign in by using the service principal's credentials, you are asked also the tenant id (A)
I think ABD is correct. If you deploy with SP it will not asked secret when deploying through Azure Pipelines. But if you are deploying through PowerShell you have define secret and app ID. So for this answer should be ABD. Below are the steps for PS deployment: 1. Define tenant 2. Define Subscription 3. Provide App registration details .(APP ID and Password) For Azure Pipeline 1. Tenant is already defined 2. APP ID or SPN 3. Subscription ID
ABD verified
IMHO answer is correct. To allow a build pipeline task to authenticate to AAD with an existing Service Principal you have to follow the procedure "Create an Azure Resource Manager service connection with an existing service principal" in the documented below https://docs.microsoft.com/en-us/azure/devops/pipelines/library/connect-to-azure?view=azure-devops#create-an-azure-resource-manager-service-connection-with-an-existing-service-principal
Having those, anyone can impersonate as your app.
https://docs.microsoft.com/en-us/azure/devops/pipelines/library/connect-to-azure?view=azure-devops Enter the information about your service principal into the Azure subscription dialog textboxes: Subscription ID ABD is the answer
Sorry after reviewing it should be ACD https://docs.microsoft.com/en-us/azure/active-directory/develop/app-objects-and-service-principals "When you've completed the app registration, you've a globally unique instance of the app (the application object) which lives within your home tenant or directory. You also have a globally unique ID for your app (the app or client ID). In the portal, you can then add secrets or certificates and scopes to make your app work, customize the branding of your app in the sign-in dialog, and more."
Answer and its explanation are correct, as in Az DevOps we have to input the fileds listed in the explanation. However, the Service principal ID in Az Devops is actually the app ID used for creating the service rpincipal. So when you follow the steps from this link https://docs.microsoft.com/en-us/azure/devops/pipelines/library/connect-to-azure ti fill in the service principal ID you have to paste there the appID -> see Task 2, point 5 of this lab https://azuredevopslabs.com/labs/devopsserver/azureserviceprincipal/