Authenticate your Azure deployment pipeline by using service principals

Module
8 Units

Intermediate

Developer

Administrator

Solution Architect

Azure

Microsoft Entra ID

Azure DevOps

Azure Resource Manager

Service principals enable your deployment pipelines to authenticate securely with Azure. In this module, you'll learn what service principals are, how they work, and how to create them. You'll also learn how to grant them permission to your Azure resources so that your pipelines can deploy your Bicep files.

Learning objectives

After completing this module, you'll be able to:

Explain what a service principal is, how it works, and how it compares to a managed identity
Create a service principal and manage its keys
Configure the appropriate authorization for a service principal to deploy Azure resources

Prerequisites

You should be familiar with:

Creating and deploying basic Bicep templates.
Azure, including the Azure portal, subscriptions, resource groups, and resource definitions.

To follow along with the exercises in the module, you'll need:

An Azure account, with the ability to create resource groups and to create Microsoft Entra applications and service principals.
Visual Studio Code, installed locally.
The Bicep extension for Visual Studio Code, installed locally.
Either:
- The latest Azure CLI tools, installed locally.
- The latest version of Azure PowerShell, installed locally.

Introduction min
Understand service principals min
Create a service principal and key min
Exercise - Create a service principal and key min
Grant a service principal access to Azure min
Exercise - Authorize your service principal for deployments min
Knowledge check min
Summary min