Setup Resource Group, service principal and keyvault. The service principal is created and has Owner on the resource group as well as the ability to read and write to the storage account. This can be done manually but the follow gist can be used to perform these actions automatically if executed by someone who has the ability to create service principals and resource groups. See (https://gist.github.com/brentmcconnell/d1bb14d31ab69578c5d9ef816015ddda).
Example execution (no arguments are required but for instance -r is recommended as eastus is the default ./az-terraform-basic -g name_of_rg_to_create (optional) -r region (eastus by default).
After this program executes you will have a resource group that contains a storage account and a keyvault. These will be used by Azure DevOps to execute pipelines using the service principal's credentials in the keyvault.
- Create Resource Group (take note of name will be used later)