Hi Thomas Falck,
Thanks for reaching out to Microsoft Q&A.
The error message you're seeing typically indicates that there's an issue with the Managed Identity configuration, but it can be a bit misleading in some contexts.
Verify Managed Identity Configuration
- Ensure the managed identity is properly configured in your azure subscription. It should be listed under "Identity" in the resource menu for the appropriate resource (ex. App Service, VM, etc).
- Verify the managed identity has the necessary permissions to perform the desired actions, such as the "Owner" role on the subscription as you mentioned.
Check Service Connection Settings
- Double check the service connection settings in Azure DevOps. Make sure the correct managed identity is selected and that it has the expected permissions.
- Try creating a new service connection to rule out any issues with the existing one.
Troubleshoot Pipeline Execution
- Add additional logging and debugging steps to your pipeline to get more information about the failure. For example, add a script to list all the resource groups in the subscription to verify connectivity.
- Ensure the pipeline is running on a Microsoft-hosted agent, as user-assigned managed identities are not supported on self-hosted agents.
- If using a self-hosted agent, make sure the agent VM has the managed identity assigned and has network connectivity to the Azure endpoints.
- Verify the pipeline is targeting the correct Azure subscription and resource group.
Verify Managed Identity Permissions
- Ensure the managed identity has the necessary permissions to perform the desired actions, such as modifying the storage account configuration.
- Check the Azure role assignments for the managed identity to confirm it has the required permissions.
- If using a user-assigned managed identity, make sure it is properly linked to the Azure resources in the pipeline.
If the issue persists, you can try the following:
- Create a new managed identity and update the service connection to use the new identity.
- Recreate the pipeline and service connection from scratch to rule out any configuration issues.
Please 'Upvote'(Thumbs-up) and 'Accept' as an answer if the reply was helpful. This will benefit other community members who face the same issue.