How to add Azure Resource Manager Service Endpoint?

VSTS: Visual Studio Team Services
Prerequisite(s): Having a Microsoft account (personal or organisational) and a valid Azure subscription

So far so good. You have created your team project in VSTS and started with release definition for Azure App Service :). Now you want to configure your first release task, and you have decided to create a new Service Endpoint for that. Then you get to this OMG (or WTF if you really feel it) moment.

Where am I going to find all these names, IDs and keys?

Connection name: easy… put some name for this new endpoint.

Then we have to jump in to your Azure portal.

Subscription ID and Name: use the Azure portal search and get your subscriptions list. Then select the specific subscription item to open up the details (Overview section), and copy ID and Name.

Service Principal Client ID: use the Azure portal search and open your Active Directory section.

Go to App registrations tab.

Click New application registration button.

Create new app registration by entering your app details. URL can just be http://<your app name> as you can change this later.

Now select your newly created app from the App registrations list and copy the Application ID. This will be your Service Principal Client ID. Please don’t close this panel as we need it to find your Service Principal Key. Go to Keys tab of app settings and create a new key.

You can type your own values and select one of available Expires options. Then click Save.

Copy the encrypted key value. You just got your Service Principal Key.

OK. one more to go. :)

Tenant ID: use the Azure portal search and open your Active Directory section.

Go to Properties tab.

Copy the Directory ID. There we go… We just got our final piece of the puzzle — Tenant ID.

Now you can jump back to VSTS and fill-in the Add Service Endpoint dialog. But, as soon as you click Verify connection link, BOOM… :(

This is a permission issue, as we haven’t assigned a role to our app. To fix this we need one more step.

Use the Azure portal search and get your subscriptions list. Then select the specific subscription item.

Go to Access control tab.

Click Add button.

Select a role (Contributor in this case) and app registration name. Then click Save button.

Then go back to VSTS and Verify connection again.

Bingo… All good and that’s is.

Thanks for going through this long post. Hope it’s worth the effort.