AzDO: AzureAD pipeline task

So I was trying to add owners on AzureAD groups and found that this was not something you currently could do by using the Az-module from the built-in Azure Powershell task. I knew this was supported using the AzureAD modules, though there was no existing way of using this directly in AzDO. I therefor set out on a journey to figure out how to get this done.

I started with learning how the built-in tasks Microsoft has published works. Especially the one found here.

After much testing, what I found to be the biggest hurdle to get over was that I could not get Connect-AzureAD to work with the code targeting the module through the task. It would just error out with not authenticated, and could therefore not run the code.

This took some doing to figure out, but after combining MSAL.PS module and using the token it attains on Connect-AzureAD I finally managed to get it working. This after also realizing that the service connection used for the task, or more correctly the ServicePrincipal in AzureAD also needed to be given the correct access level to the Azure Active Directory Grap api. The example below I only needed to read, but if changes is to be allowed one would need to add the Directory.ReadWrite.All role to the SP.

Now we can import the new task published here. Just follow the instruction found in the repo on how to build and get the task into AzDO.

Once done you have a new task to be used in the pipeline.

Then for testing just add some PS code that uses the AzureAD(Preview) module inline like this.

Triggering the pipeline will give a similar output to below.

Hope someone will find this useful.

Happy tinkering!

Leave a Comment

Your email address will not be published. Required fields are marked *