AZ-400 Exam Dumps : Microsoft Azure DevOps Solutions

QUESTIONNO: 4

You need !0 the merge the POC branch into the default branch. The solution must meet the technical requirements. Which command should you run?

A. it push

B. git merge -- allow-unrelated-histories

C. git rebase

D. git merge --squash

Answer: C

Task 6: Create a Service Connection for Resource Group Deployment using Managed Identity and Workload Identity Federation

Step 1: Understand the Requirements

You want to deploy resources in the RGHod489Q1628 resource group.

The service connection must:

Use the ManagedJd1 managed identity.

Use workload identity federation (OIDC-based authentication for enhanced security).

Step 2: Verify Prerequisites

You need to ensure:

The ManagedJd1 managed identity exists in your Azure subscription.

Your Azure DevOps project (Project1) is linked to an Azure Active Directory tenant (for OIDC support).

You have the Owner or User Access Administrator role on the RGHod489Q1628 resource group.

Step 3: Assign Role to Managed Identity

Go to the Azure Portal.

In the search bar, type Managed Identities and select Managed Identities.

Locate and click on the ManagedJd1 identity.

In the left menu, click Azure role assignments.

Click + Add role assignment.

Set the following:

Scope: Resource Group

Subscription: Your subscription

Resource Group: RGHod489Q1628

Role: Contributor (or appropriate role)

Click Save.

This step ensures ManagedJd1 has permissions to deploy resources to RGHod489Q1628.

Step 4: Create a Federated Credential for Workload Identity Federation

In the Azure Portal, navigate to the ManagedJd1 managed identity.

In the left menu, click Workload identity federation (preview).

Click + Add a federated credential.

Configure as follows:

Federated credential name: devops-oidc

Issuer: (or use the default for Azure DevOps)

Subject identifier: Use the following format for Azure DevOps:

css

Copy

system:azuredevops:{organizationName}:{projectName}

For example:

css

Copy

system:azuredevops:{YourOrganizationName}:{Project1}

Audience: api://AzureADTokenExchange

Click Add.

This federated credential establishes trust between your Azure DevOps project and the managed identity.

Step 5: Create a Service Connection in Azure DevOps

Go to your Azure DevOps project (Project1) in the browser.

In the left menu, click Project settings.

Under Pipelines, click Service connections.

Click New service connection.

Choose Azure Resource Manager.

Choose the authentication method:

Select Workload identity federation.

Configure the service connection:

Scope level: Resource Group.

Resource Group: RGHod489Q1628.

Subscription: Your subscription.

Authentication method: Managed Identity with workload identity federation.

Managed Identity: Enter the client ID or select ManagedJd1.

Service connection name: e.g., Project1-RGHod489Q1628-Conn.

Grant access permission to all pipelines (recommended).

Click Save.

Step 6: Validate the Service Connection

After creation, click on the new service connection to Verify it.

Ensure the connection test is successful.

You can now use this service connection in your pipelines for deploying resources to RGHod489Q1628.