Deploying to Azure Web App from Azure DevOps Using UAMI

The document outlines the process of deploying an Azure Web App using a User Assigned Managed Identity (UAMI) for authentication within an Azure DevOps pipeline. First, you create a UAMI without any specific configuration for later use. Then, you configure diagnostic settings for logging on the target Azure Web App. After that, the UAMI is assigned the Website Contributor role via Access Control (IAM). Next, an ARM service connection is created in Azure DevOps, linking the UAMI and granting required resource group permissions. During the service connection setup, you'll be prompted to authenticate with your personal account. When a deployment pipeline runs using this configuration, it adds extra deployment steps. Finally, examining logs confirms the UAMI's Object ID as the deployment initiator in the AppServiceAuditLogs. This also indicates that Azure DevOps initiated the deployment action. Your user context authorizes the UAMI. The logs show the UAMI's authorization and Azure DevOps's role in the deployment.