Prevent Employees from using Company Email to Create Azure DevOps Organizations

Individuals who have company email which is added to an organization's Azure Active Directory can create their own personal Azure DevOps organizations using the company email. But, Azure DevOps has a feature to restrict creating Azure DevOps organizations using organization's email. As explained in the previous blog (Making Personal Access Token More Secure in Azure DevOps), Add "Azure DevOps administrator" user role to the Azure DevOps admin user to enable the feature. 

Go to Azure Active Directory Section of Organizations settings page of  Azure DevOps to enable the feature.

Making Personal Access Token More Secure in Azure DevOps

Personal Access Token (PAT) is used to authenticate Azure DevOps. But, once a new PAT created, it can be shared across multiple organization. It might not be the ideal solution when considering the security aspect. So, Azure DevOps has a new feature to restrict the PAT shared across multiple Azure DevOps organizations.

Pre requisites: Azure DevOps organization which connected to Azure AD

Go to Azure DevOps organization settings and select Azure Active Directory under general section. In there, you would be able to connect to Azure Active Directory. 

GitHub Action Pipeline with Terraform State File in Azure Blob

In previous blog, we discussed how to do infrastructure automation while maintaining the Terraform state file in Terraform cloud. But, teams can maintain terraform state file in Azure portal along with  other resources. You can learn how to maintain terraform state file in azure blob in this blog.

You can create a resource group, storage account and container in azure to keep the terraform state file. Then add storage container details to Terraform script as follows.

Note the backend section of the provider.tf below which specifies the Azure blob storage and container to maintain the Terraform state. It is required to create the blob storage container manually before trying out the pipeline.