Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Features
- Azure Classic Service Connections are being retired
- Managed DevOps Pools is generally available
- New tasks to implement secret-less access to Azure storage accounts
Azure Classic Service Connections are being retired
Cloud Services, also known as Azure Service Manager (ASM), was the original deployment model for Azure. Since its replacement by Azure Resource Manager (ARM) in 2014, it has now been retired. Consequently, we are discontinuing the ability to create new Azure Classic service connections. However, existing Azure Classic service connections will remain unaffected.
Managed DevOps Pools is generally available
Managed DevOps Pools is an evolution of Azure DevOps Virtual Machine Scale Set agent pools. It provides better pool scalability and reliability, simplifies pool management, and allows you to use the VM images from Microsoft-hosted agents on custom Azure VMs.
Managed DevOps Pools is now generally available. You can read about Managed DevOps Pools features and the features newly added for GA here and here.
New tasks to implement secret-less access to Azure storage accounts
The AzureVmssDeployment, JavaToolInstaller, JenkinsDownloadArtifacts tasks can be configured to use Azure Storage:
- task: AzureVmssDeployment@1
inputs:
(required properties)
azureSubscription: <service connection>
customScriptsStorageAccount: <storage account>
- task: JavaToolInstaller@2
inputs:
(required properties)
jdkSourceOption: 'AzureStorage'
azureResourceManagerEndpoint: <service connection>
azureStorageAccountName: <storage account>
- task: JenkinsDownloadArtifacts@2
inputs:
(required properties)
artifactProvider: 'azureStorage'
ConnectedServiceNameARM: <service connection>
storageAccountName: <storage account>
New task versions have been created that now use Azure RBAC instead of storage account key/sas. The new tasks require the Storage Blob Data Contributor role to be assigned to the identity of the service connection configured.
You will need to assign the appropriate Azure RBAC role for service connection used in the task to be able to access the Azure Storage Account. See Assign an Azure role for access to blob data.
The AzureVmssDeployment@1 task needs additional RBAC roles configured to access the storage account configured in customScriptsStorageAccount:
- The
azureSubscriptionService Connection: Contributor or Virtual Machine Contributor role on the Virtual Machine Scale Set - The
azureSubscriptionService Connection: Storage Blob Data Contributor role on the storage account that holds the custom script - The Virtual Machine Scale Set System-assigned Managed Identity: Storage Blob Data Reader role on the storage account that holds the custom script
Next steps
Note
These features will roll out over the next two to three weeks.
Head over to Azure DevOps and take a look.
How to provide feedback
We would love to hear what you think about these features. Use the help menu to report a problem or provide a suggestion.
You can also get advice and your questions answered by the community on Stack Overflow.