Hi,
I want to use Azure DevOps with PS and M365 DSC to automate the configuration of different tenants.
The Azure Devops component will be in a dedicated tenant.
My question now is about staging. For the tenants that should be configured with M365DSC, it is clear to me (either apply M365 config to a test tenant or to a Prod tenant).
I wonder how I should do the staging for the Azure Devops itself. Whether I should have 2 tenants for Azure DevOps. One for dev and one for Prod. The reason for this separation is also related to the companies change management process. While I can simply change things in dev, I need a change approval for PROD, even though this tenant is just for automation purposes and nothing else.
I wonder what are my options for this besides having 2 dedicated tenants with a dedicated Azure AD.
Maybe:
- One Azure AD and below management and resource groups under one subcription. (How can I prevent configuration drift when I change AzureDevops settings)
- One Azure AD and only different build pipelines for Dev and Test. Usage of different ACLs for the Dev and PROD build to prevent changes to the prod build.
- ...
Advise would be much appreciated.
KR
Chris
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(217.60000000000002, 38%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EC%3C/text%3E%3C/svg%3E)
