Sure Pass Exam AZ-400 PDF

Task 6: Create a Service Connection for Resource Group Deployment using Managed Identity and Workload Identity Federation

Step 1: Understand the Requirements

You want to deploy resources in the RGHod489Q1628 resource group.

The service connection must:

Use the ManagedJd1 managed identity.

Use workload identity federation (OIDC-based authentication for enhanced security).

Step 2: Verify Prerequisites

You need to ensure:

The ManagedJd1 managed identity exists in your Azure subscription.

Your Azure DevOps project (Project1) is linked to an Azure Active Directory tenant (for OIDC support).

You have the Owner or User Access Administrator role on the RGHod489Q1628 resource group.

Step 3: Assign Role to Managed Identity

Go to the Azure Portal.

In the search bar, type Managed Identities and select Managed Identities.

Locate and click on the ManagedJd1 identity.

In the left menu, click Azure role assignments.

Click + Add role assignment.

Set the following:

Scope: Resource Group

Subscription: Your subscription

Resource Group: RGHod489Q1628

Role: Contributor (or appropriate role)

Click Save.

This step ensures ManagedJd1 has permissions to deploy resources to RGHod489Q1628.

Step 4: Create a Federated Credential for Workload Identity Federation

In the Azure Portal, navigate to the ManagedJd1 managed identity.

In the left menu, click Workload identity federation (preview).

Click + Add a federated credential.

Configure as follows:

Federated credential name: devops-oidc

Issuer: (or use the default for Azure DevOps)

Subject identifier: Use the following format for Azure DevOps:

css

Copy

system:azuredevops:{organizationName}:{projectName}

For example:

css

Copy

system:azuredevops:{YourOrganizationName}:{Project1}

Audience: api://AzureADTokenExchange

Click Add.

This federated credential establishes trust between your Azure DevOps project and the managed identity.

Step 5: Create a Service Connection in Azure DevOps

Go to your Azure DevOps project (Project1) in the browser.

In the left menu, click Project settings.

Under Pipelines, click Service connections.

Click New service connection.

Choose Azure Resource Manager.

Choose the authentication method:

Select Workload identity federation.

Configure the service connection:

Scope level: Resource Group.

Resource Group: RGHod489Q1628.

Subscription: Your subscription.

Authentication method: Managed Identity with workload identity federation.

Managed Identity: Enter the client ID or select ManagedJd1.

Service connection name: e.g., Project1-RGHod489Q1628-Conn.

Grant access permission to all pipelines (recommended).

Click Save.

Step 6: Validate the Service Connection

After creation, click on the new service connection to Verify it.

Ensure the connection test is successful.

You can now use this service connection in your pipelines for deploying resources to RGHod489Q1628.

1. Open Microsoft Azure Portal and Log into your Azure account.

2. Select network security group (NSG) named az400-9940427-nsg1

3. Select Settings, Outbound security rules, and click Add

4. Click Advanced

5. Change the following settings:

Destination Port range: 8080

Protocol. TCP

Action: Allow

Note: Bydefault, Azure DevOps Server uses TCP Port 8080.

Task 12: Configure Iterations in Project1 for Azure Boards

Step 1: Navigate to Project Settings

In your Azure DevOps Project (Project1), click on the Project settings gear icon in the lower-left corner.

Step 2: Manage Project Iterations (Sprints)

In the Boards section of the Project settings, click Project configuration.

In the left menu, click on Iterations.

Step 3: Add Iterations

Click on the + New child link to add a new iteration under the root node (e.g., Project1).

Enter the following details:

Name: Sprint 1

Leave the start and end dates empty (or set them as needed for your planning).

Click Save and close.

Repeat the process:

Click + New child again.

Name: Sprint 2

Leave the start and end dates empty.

Click Save and close.

Finally, create Sprint 3 with specific dates:

Click + New child.

Name: Sprint 3

Start date: January 1 of next year (e.g., 2026-01-01).

End date: January 31 of next year (e.g., 2026-01-31).

Click Save and close.

Step 4: Assign Iterations to Work Items

With these iterations created, you can now assign them to work items (e.g., tasks, bugs, features) using Azure Boards.

In Boards, click on Work items.

Open any work item.

In the Iteration Path field, select one of your newly created iterations (Sprint 1, Sprint 2, or Sprint 3).

This ensures that work items can be tracked under the appropriate sprint.