ALM4Dataverse Azure DevOps Extensions

Enhance your Power Platform ALM pipeline with modern authentication support including WorkloadIdentityFederation.

Key Features

🔐 Modern Authentication Support

• WorkloadIdentityFederation - Secure, passwordless authentication using Azure AD Workload Identity
• Service Principal with Client Secret - Traditional SPN authentication
• Username/Password - Basic authentication support

⚡ Set Connection Variables Task

Sets BuildTools.* pipeline variables from Power Platform service connections, providing downstream tasks with standardized authentication credentials.

Output Variables

• BuildTools.EnvironmentUrl - Power Platform environment URL
• BuildTools.ApplicationId - Application/Service Principal ID
• BuildTools.TenantId - Azure AD Tenant ID
• BuildTools.DataverseConnectionString - Complete connection string
• BuildTools.AuthenticationType - Authentication method used
• Additional auth-specific variables (secrets, tokens, etc.)

Quick Start

- task: ALM4DataverseSetConnectionVariables@1
  inputs:
    authenticationType: 'PowerPlatformSPN'
    PowerPlatformSPN: 'MyPowerPlatformConnection'
    Environment: 'https://myorg.crm.dynamics.com'
    setAzureEnvironmentVariables: true

# Use output variables in subsequent steps
- task: PowerShell@2
  inputs:
    targetType: 'inline'
    script: |
      Write-Host "Environment: $(BuildTools.EnvironmentUrl)"
      Write-Host "App ID: $(BuildTools.ApplicationId)"

Azure SDK Integration

Automatic Integration (New!) - Enable seamless Azure SDK authentication:

- task: ALM4DataverseSetConnectionVariables@1
  inputs:
    authenticationType: 'PowerPlatformSPN'
    PowerPlatformSPN: 'MyPowerPlatformConnection'
    Environment: 'https://myorg.crm.dynamics.com'
    setAzureEnvironmentVariables: true  # 🔥 New parameter!

# Azure CLI, PowerShell Az, and .NET apps now auto-authenticate
- task: AzureCLI@2
  inputs:
    scriptType: 'pscore'
    scriptLocation: 'inlineScript'
    inlineScript: 'az account show'  # No manual auth needed!

Manual Integration - For advanced scenarios, map output variables manually:

- task: PowerShell@2
  inputs:
    targetType: 'inline'
    script: |
      Write-Host "##vso[task.setvariable variable=AZURE_TENANT_ID]$(BuildTools.TenantId)"
      Write-Host "##vso[task.setvariable variable=AZURE_CLIENT_ID]$(BuildTools.ApplicationId)"
      
      if ("$(BuildTools.AuthenticationType)" -eq "ClientSecret") {
        Write-Host "##vso[task.setvariable variable=AZURE_CLIENT_SECRET;issecret=true]$(BuildTools.ClientSecret)"
      }

This enables automatic authentication for Azure CLI, PowerShell Az modules, and .NET applications without code changes. For Azure Pipelines Workload Identity Federation, fetches and stores OIDC tokens in temporary files and sets additional environment variables (AZURESUBSCRIPTION_*, AZURE_FEDERATED_TOKEN_FILE) for optimal compatibility with both DefaultAzureCredential and WorkloadIdentityCredential.

Why WorkloadIdentityFederation?

• Enhanced Security - No client secrets to manage or rotate
• Simplified Setup - Leverages Azure AD federated credentials
• Modern Standard - Microsoft's recommended authentication approach
• Passwordless - Eliminates credential storage risks

Perfect for organizations adopting modern DevOps security practices and zero-trust architectures.