I've noticed that when users create service connections in Azure DevOps, it automatically generates service principals in Entra. This has happened multiple times in the past, leading to a mess of unnecessary app registrations. I'm wondering if deleting a service connection will also remove the corresponding enterprise app or app registration?
3 Answers
For sure! Cleaning up the service connections should also take care of those app registrations created automatically. But remember, these service connections are essentially service accounts acting as applications. You want to enforce the principle of least privilege. A good tip might be to establish a naming convention for your service connections and help teams with proper permissions. If they're auto-registered, they may inherit permissions based on what resources they're accessing, and those won't clean up automatically when you delete the service connection.
It sounds like you might need to reconsider how you're managing these connections. It can be useful to go back to a more manual process with specific App Registrations for better control instead of relying on automatic creation. You definitely want to clean up those app identities that were generated without oversight.
Yes, deleting the service connection should clean up the app registration if it was set to auto-register. If a connection was created manually, though, it won’t get cleaned up automatically. Also, it’s important to manage access properly, as these service connections are scoped to projects, and too many users creating them can lead to additional clutter.
Related Questions
How To: Running Codex CLI on Windows with Azure OpenAI
Set Wordpress Featured Image Using Javascript
How To Fix PHP Random Being The Same
Why no WebP Support with Wordpress
Replace Wordpress Cron With Linux Cron
Customize Yoast Canonical URL Programmatically