What Is Azure DevOps in DevOps?
On This Page
What do you want to do?
Quick Definition
Azure DevOps is a set of tools that helps teams plan, code, test, and deliver software faster. It is like a digital workshop where developers can track tasks, store code, run tests automatically, and release updates without doing everything by hand. You can connect it with many programming languages and cloud services.
Common Commands & Configuration
az pipelines run --name "MyPipeline" --branch mainTriggers a pipeline run for a specific pipeline and branch.
Tests knowledge of Azure CLI to manage pipelines, often in scenario-based questions where manual trigger is required.
az repos create --name "MyRepo" --organization https://dev.azure.com/MyOrg --project "MyProject"Creates a new Git repository in an Azure DevOps project.
Exams assess understanding of Azure DevOps resource creation via CLI, especially for automation scenarios.
az devops configure --defaults organization=https://dev.azure.com/MyOrg project=MyProjectSets default organization and project for subsequent Azure DevOps CLI commands.
Common prerequisite step in exam tasks; tests ability to configure context before running commands.
az pipelines build queue --definition-id 5Queues a build using the pipeline definition ID.
Tests familiarity with build queue commands, including pipeline IDs and build definitions.
az boards work-item create --title "Fix login bug" --type Bug --assigned-to "user@domain.com"Creates a new work item (Bug) in Azure Boards.
Exams may ask about work item types and creation via CLI; emphasizes integration with DevOps workflows.
az artifacts universal download --feed MyFeed --name MyPackage --version 1.0.0 --path ./downloadsDownloads a universal package from Azure Artifacts.
Tests understanding of artifact management commands, often used in CI/CD pipeline stages.
az devops security group create --name "Developers" --organization https://dev.azure.com/MyOrgCreates a security group in Azure DevOps.
Covers security and permissions management, a frequent topic in AZ-400 and AZ-104 exams.
Azure DevOps appears directly in 205exam-style practice questions in Courseiva's question bank — one of the most-tested concepts on AZ-104. Practise them →
Must Know for Exams
Azure DevOps appears prominently in several certifications, most notably the Azure DevOps Engineer Expert (AZ-400) exam. This exam is entirely focused on designing and implementing DevOps practices, including source control, CI/CD, package management, and testing. Candidates must know how to configure branch policies, set up multi-stage pipelines, manage self-hosted agents, and integrate security tools like dependency scanning and secret management with Azure Key Vault.
The Azure Administrator (AZ-104) exam also touches on Azure DevOps, though less deeply. Questions may ask how to deploy resources using Azure Resource Manager (ARM) templates through Azure Pipelines, or how to configure managed identities for pipeline agents. You might see a scenario where an administrator needs to grant a pipeline access to a storage account, understanding service connections and Azure RBAC is key.
For the Azure Fundamentals (AZ-900) exam, the focus is on high-level concepts. You need to know that Azure DevOps is a tool for CI/CD and collaboration, and that it is part of the DevOps culture promoted by Microsoft. Questions are usually straightforward, like "Which service enables continuous integration and continuous delivery?"
Even AWS certifications like the AWS Certified Developer Associate (DVA-C02) and AWS Solutions Architect Associate (SAA-C03) include DevOps concepts. While the tools are different (e.g., AWS CodePipeline vs. Azure Pipelines), the principles are the same. Knowing Azure DevOps helps you understand the broader DevOps landscape, which is often tested through scenario-based questions about automated deployment, rollback strategies, and artifact management.
In Google Cloud exams (like Google Associate Cloud Engineer), DevOps is covered through Cloud Build and Deployment Manager. However, the underlying concepts of infrastructure as code, automated testing, and artifact repositories are universal. If you understand Azure DevOps thoroughly, you can map those concepts to any cloud provider.
Common question types include: - Scenario: A team wants to ensure every code change passes unit tests and code analysis before merging. Which Azure DevOps feature? Answer: Branch policy with required build. - Configuration: A YAML pipeline snippet with errors. Identify the fix. - Troubleshooting: The pipeline fails with an access denied error when connecting to an Azure subscription. What is missing? Service connection or managed identity.
Exam candidates should practice creating pipelines in a free Azure DevOps organization, as hands-on experience is invaluable. Focus on understanding YAML syntax, the difference between artifacts and packages, and how approval gates work in release pipelines.
Simple Meaning
Imagine you are building a house with a team of friends. Without a good system, you might have people painting walls before the foundation is dry, or two people trying to install the same window. Azure DevOps is like your super-organized project manager and toolset combined. It gives you a place to keep all your blueprints (code), a board to track who is doing what (work items), a way to automatically test if the walls are straight (automated tests), and a machine that can put up wallpaper and install lights in the right order every time (release pipeline).
Before Azure DevOps, teams often struggled with manual work. A developer would write code on their laptop, then email it to someone else who would try to put it on a server. That server might have different settings, so things would break. It was like baking a cake in one kitchen, wrapping it in foil, and asking a friend to finish baking it in another oven, it rarely turned out right. Azure DevOps solves this by having a single, consistent platform where the whole "kitchen" is automated and repeatable.
For IT certification learners, Azure DevOps is important because it shows how modern companies move from writing code to having it run live on the internet. It is not just for developers; system administrators and operations staff use it to manage infrastructure as code and automate deployments. The service includes five main areas: Azure Boards for planning with Kanban boards and backlogs, Azure Repos for storing code using Git, Azure Pipelines for building and testing code automatically, Azure Test Plans for manual and exploratory testing, and Azure Artifacts for storing packages like NuGet or npm. These tools all work together to support a "DevOps" culture, where developers and operations teams collaborate closely.
Think of it like cooking in a restaurant kitchen. The recipe (code) is written by the chef (developer). Azure Repos keeps that recipe safe. Azure Boards helps the team decide which dish to cook next. Azure Pipelines is like the automated oven that always cooks at exactly the right temperature, no guesswork. Azure Test Plans is the taste tester who checks every dish before it goes to the customer. And Azure Artifacts is the pantry where you keep your special ingredients. With Azure DevOps, the entire cooking process becomes fast, consistent, and less error-prone.
Full Technical Definition
Azure DevOps is a Software as a Service (SaaS) platform from Microsoft that provides a comprehensive set of development and deployment tools. It was originally launched as Visual Studio Online in 2013 and then rebranded as Visual Studio Team Services before becoming Azure DevOps in 2018. The platform supports the entire application lifecycle management (ALM) from initial planning through code development, continuous integration and continuous delivery (CI/CD), testing, and monitoring.
At its core, Azure DevOps is built on a microservices architecture hosted in Microsoft's Azure data centers. It uses a REST API and a web-based interface for interaction, and it also provides command-line tools (Azure CLI with devops extension) and integrations with popular IDEs like Visual Studio, VS Code, and Eclipse. Authentication relies on Azure Active Directory (Azure AD), supporting organizational accounts and conditional access policies. Permissions are managed through security groups and access control lists (ACLs) at the project and organization levels.
The service comprises five primary service components, each addressing a specific part of the DevOps lifecycle:
1. Azure Boards: This is an agile planning tool that supports Scrum, Kanban, and custom work item tracking. Work items include user stories, tasks, bugs, features, and epics. The system uses a hierarchical structure and supports queries, dashboards, and widgets. It integrates with GitHub and other version control systems through service hooks. The backend uses a relational database to store work items and their relationships, and it supports real-time updates via SignalR.
2. Azure Repos: This provides unlimited private and public Git repositories. It uses the standard Git protocol (HTTPS and SSH) and extends it with pull request (PR) workflows, branch policies, and code reviews. Branch policies enforce requirements such as a minimum number of reviewers, successful builds, and linked work items before a PR can be merged. The platform also supports TFVC (Team Foundation Version Control), a centralized version control system, though it is less commonly used in new projects. Git LFS (Large File Storage) is supported for binary files.
3. Azure Pipelines: This is the CI/CD engine that builds, tests, and deploys code to any target, including Azure, AWS, Google Cloud, on-premises servers, or containers. Pipelines are defined using YAML files stored in the repository (pipeline as code) or through a classic editor with a graphical interface. Each pipeline consists of stages, jobs, and steps. Agents can be Microsoft-hosted (provided by Azure with predefined software images for Linux, Windows, and macOS) or self-hosted (running on your own infrastructure). The pipeline engine supports parallel execution, multi-stage deployments with approvals and gates, and integration with container registries like Docker Hub and Azure Container Registry. It uses a job-based architecture where each job runs on an agent, and steps within a job are sequential.
4. Azure Test Plans: This provides tools for manual and exploratory testing. Test plans can be created from work items, and testers can step through test cases with detailed instructions and capture screenshots, videos, and screen recordings. Results are tracked and linked to builds and releases. The system also supports exploratory testing where testers can discover bugs without predefined scripts.
5. Azure Artifacts: This is a package management service for hosting NuGet, npm, Maven, Python, and Universal packages. It acts as a private feed that can be connected to upstream sources like NuGet Gallery or npmjs.com, allowing teams to cache and control dependencies. Packages can be promoted, deprecated, and deleted with proper permissions.
From a security perspective, Azure DevOps integrates with Azure AD for identity management. It supports OAuth 2.0, PATs (Personal Access Tokens), and SSH keys for authentication. Auditing and logging are available through the Azure Portal and the Azure Monitor suite. Data is encrypted at rest and in transit, and compliance certifications include ISO 27001, SOC 1/2/3, and HIPAA BAA for eligible accounts.
Real IT implementation often involves connecting Azure DevOps with other tools. For example, a company might use Azure Repos for Git, Azure Pipelines to build a Docker image from that code, push the image to Azure Container Registry, and deploy it to Azure Kubernetes Service (AKS). Or an organization might use Jenkins as their build tool but still use Azure Boards for tracking. Service hooks allow webhook-based integration with Slack, Teams, Jira, and many other platforms.
Exam candidates should understand the difference between Azure DevOps Services (the cloud SaaS version) and Azure DevOps Server (formerly Team Foundation Server, TFS), which is the on-premises version. The cloud version receives monthly updates and has no infrastructure management overhead for users. The server version is for organizations that need to keep data on-premises for regulatory or compliance reasons. Both use the same basic concepts but differ in installation, maintenance, and some feature availability.
Real-Life Example
Think about how a large restaurant chain like a pizza delivery company operates. They have dozens of stores, each needing to produce consistent pizzas. The central office has a master recipe book (the code). But if each store manager changes the recipe based on what they feel like, some stores will have crispy crusts and others will have soggy ones. Chaos. Azure DevOps is the system that ensures every store uses the same recipe and follows the same process, every time.
Let me map this more concretely. Imagine you are that pizza chain. Your head chef writes a new recipe for a spicy Hawaiian pizza. That recipe is stored in Azure Repos, it is like the master binder of recipes kept at headquarters. Nobody can change it without approval. When the chef wants to propose a new version of the recipe, they create a branch, make changes, and then request a pull request. Another chef reviews it, maybe suggests adding more pineapple, and only after both agree does the recipe get merged into the official binder. This prevents bad pizzas from ever being created.
Now, the stores need to actually make the pizza. Azure Pipelines is like the automated kitchen equipment that controls the oven temperature, dough preparation time, and sauce dispensing. Suppose a new oven controller software is created. Instead of sending a technician to every store to manually update the settings, Azure Pipelines automatically pushes the new configuration to every store in a controlled rollout. First, it updates one store (a "canary" deployment), verifies the pizzas taste right, then rolls out to 10% of stores, then 50%, then all. If something goes wrong at any stage, the rollout stops immediately and automatically rolls back to the previous configuration. This is exactly what modern IT teams do with Azure Pipelines when deploying to servers.
Azure Boards is like the shift manager's whiteboard in each store. It shows which tasks are pending, like "order more cheese" or "calibrate the oven," and who is doing what. Developers use the same concept to track features, bugs, and technical debt. Azure Test Plans is the quality assurance inspector who visits random stores anonymously, orders a pizza, and evaluates it against standards. In software, this equivalent runs automated tests that check if a login screen works or if the checkout process fails under load.
Finally, Azure Artifacts is like the central warehouse that supplies ingredients to all stores. If a store needs special gluten-free flour, it is stored in one place and pulled by each store as needed. In software, this is where you store pre-built libraries, like a logging library or a payment processing module, so every project does not have to rewrite them from scratch.
In real life, I have seen teams waste hours copying files between servers and debugging why the code that worked on their laptop fails on the server. With Azure DevOps, that never happens because the deployment pipeline is the same every time, it is like having a cooking robot that follows the exact same steps for every pizza, ensuring consistency and saving huge amounts of time.
Why This Term Matters
Azure DevOps matters because it directly addresses the biggest bottleneck in modern IT: the gap between writing code and getting it to run reliably in production. In the past, developers would write code for weeks, then hand it over to an operations team who would spend more weeks configuring servers and debugging deployment issues. This manual handoff was slow, error-prone, and caused friction between teams. Azure DevOps automates that entire process, reducing deployment times from weeks to minutes.
For IT professionals, especially those studying for certifications like AZ-400 (Azure DevOps Engineer) or AZ-104 (Azure Administrator), understanding Azure DevOps is not optional, it is fundamental. Companies are adopting DevOps practices to stay competitive. They want to release features faster, recover from failures quickly, and have clear traceability from a requirement to the deployed code. Azure DevOps provides the tooling to achieve this.
Even if you are a cloud architect or a sysadmin, you will interact with Azure DevOps. You might need to set up permissions for pipelines, manage agent pools, or configure security policies. The platform also integrates with Azure Policy and Azure Blueprints, allowing governance teams to enforce compliance across multiple subscriptions. Ignoring Azure DevOps means missing out on the central orchestration layer that many organizations use to manage their cloud resources.
Another reason it matters is cost. Manual deployments lead to configuration drift, servers that have slight differences from each other, causing bugs that are hard to reproduce. Azure Pipelines ensures that environments are provisioned consistently, reducing troubleshooting time. The platform's built-in testing capabilities help catch bugs early in the development cycle, which is significantly cheaper than fixing them after production. For a company with hundreds of developers, this translates to millions of dollars in savings.
How It Appears in Exam Questions
Azure DevOps questions appear in several distinct patterns across certification exams. The most common pattern is the scenario-based question where you are given a development team's requirements and asked to select the appropriate Azure DevOps feature or configuration.
One typical question pattern involves branch policies. For example: "A development team wants to ensure that all code changes to the main branch are reviewed by at least two developers and pass automated build tests before being merged. What should they configure?" The correct answer is a branch policy in Azure Repos with a minimum number of reviewers and a build validation policy. Incorrect answers might involve setting up a release gate or configuring a service hook, which are relevant for deployment, not code merging.
Another pattern deals with pipeline agents. A question might state: "A company has security requirements that prevent using Microsoft-hosted agents. The pipeline needs to run on a Linux environment with specific dependencies. How should they configure the build pipeline?" The answer is to deploy a self-hosted agent on a Linux VM and register it with the Azure DevOps organization. Learners often confuse this with using a different pool of Microsoft-hosted agents or creating a container job.
Configuration-based questions ask you to interpret a YAML pipeline snippet. For example, they might show a pipeline with a typo in the trigger section, like "trigger: none" instead of "trigger: none" (but with incorrect indentation). The question would ask why the pipeline does not run automatically. Understanding YAML syntax and structure is essential.
Troubleshooting questions present a failure scenario. For instance: "A pipeline that deploys an Azure web app fails with an error that the resource group does not exist. The deployment was working previously. What is the most likely cause?" The answer could be that the service connection has expired or the permissions changed. Another common troubleshooting scenario involves secret variables. "A pipeline uses a variable named $(db_password) but the value is not available during runtime. What is wrong?" The answer is that secret variables must be explicitly marked as secret in the pipeline settings and cannot be used in some contexts like checkout tasks.
Multi-stage deployment scenarios are also common. A question might describe a release pipeline with development, staging, and production stages, with manual approval gates. The team wants to automatically deploy to development and staging after a build but require manual approval for production. The correct configuration would set auto-approve on the first two stages and add a pre-deployment approval gate on production.
Finally, integration questions ask about connecting Azure DevOps with other Azure services. For example: "A team wants to store Docker images built by their pipeline in a private repository. Which artifact type should they use?" The answer is Azure Container Registry, not Azure Artifacts (which does not store container images).
Practise Azure DevOps Questions
Test your understanding with exam-style practice questions.
Example Scenario
Imagine you are studying for the AZ-104 exam, and you face this scenario. A company called TechWidgets Inc. has a small development team building a web application for inventory management. They use a private Git repository in Azure Repos. The current process is that developers write code on their laptops, test it locally, and then manually copy the files to a test server via FTP. They then test again on the server, and if it works, they copy the files manually to the production server. This handoff is error-prone; sometimes they forget to copy a file, other times the production server has a different configuration file that gets overwritten accidentally.
The team leader wants to automate this process using Azure DevOps. The goal is that whenever a developer pushes code to the repository's 'main' branch, Azure DevOps should automatically build the application, run unit tests, and if successful, deploy the code to a test environment. After the test environment is verified, a manager should manually approve the release to production.
Using Azure DevOps, the team would create a YAML-based pipeline in Azure Pipelines. The pipeline would have two stages: 'Build and Test' and 'Deploy'. In the first stage, a job runs on a Microsoft-hosted agent that checks out the code from Azure Repos, runs 'npm install' and 'npm build', then runs unit tests with a framework like Jest. If the tests pass, the pipeline publishes artifact files (the built application) as a pipeline artifact. The second stage runs only if the first stage succeeds and after a manual approval gate is triggered by a manager. This stage downloads the artifact and deploys the application to an Azure App Service using the Azure Web App task.
The team also sets up a branch policy on the 'main' branch that requires the pipeline to succeed and at least one other developer to approve any pull request before merging. This ensures that all code on the main branch has been tested and reviewed.
Now, when a developer pushes a new feature to a feature branch, creates a pull request to main, the pipeline automatically runs on that branch to validate the merge. After the pull request is approved and merged, the main branch pipeline triggers, deploys to test, and waits for the manager's approval before going to production. This eliminates the error-prone manual steps and reduces deployment time from hours to minutes.
In the exam, you might be asked what type of trigger they should use, how to configure the approval, or what the artifact is used for. The scenario tests your understanding of pipeline structure, triggers, and release management.
Common Mistakes
Using the classic editor for all pipelines instead of YAML
YAML pipelines are the recommended approach because they are source controlled, easier to review, and more maintainable. The classic editor creates fixed pipelines that cannot be versioned. In exams, YAML is considered the modern standard.
Start with YAML pipelines. Learn basic YAML syntax for triggers, stages, jobs, and steps. Use the classic editor only for legacy systems or simple prototypes.
Confusing Azure DevOps with Azure DevOps Server (TFS)
Azure DevOps is a cloud SaaS service, while Azure DevOps Server is on-premises software. They have feature differences and different update cycles. Exams often distinguish between the two, and using the wrong term can indicate a misunderstanding.
When studying, note which version is being discussed. Most exam questions refer to the cloud version unless explicitly stating 'on-premises' or 'Azure DevOps Server'.
Thinking that service connections are the same as service principals
A service connection in Azure DevOps stores the credentials (like a service principal or managed identity) to connect to Azure resources. But the service connection itself is not the service principal; it is a reference. Setting up a service connection requires proper permissions on the Azure side.
Understand that service connections are created in Azure DevOps project settings. You need an Azure AD application (service principal) with contributor rights to the target subscription. The pipeline uses the connection, not direct credentials.
Assuming all variables can be used in all pipeline tasks
Secret variables are not automatically available in tasks that need them, especially in checkout tasks or when passing to scripts. They must be explicitly mapped as environment variables or passed as inputs.
Remember that secret variables in YAML are referenced as $(variableName) but for security, they are not stored in logs. In scripts, you may need to use the 'env' mapping to expose them.
Overlooking branch policies when setting up CI
Some learners think that running a pipeline on every push is enough, but without branch policies, a developer could merge broken code directly to main even if the pipeline fails.
Always configure branch policies on the main branch that require the pipeline to succeed and require pull request approvals. This enforces quality gates before code reaches main.
Exam Trap — Don't Get Fooled
{"trap":"In a scenario requiring the deployment of a web app using Azure Pipelines, learners often choose the 'Azure Web App for Containers' task even when the app is not containerized.","why_learners_choose_it":"The term 'Web App' appears in both 'Azure Web App' and 'Azure Web App for Containers'. Learners see 'container' as a modern buzzword and assume it is the better choice.
Also, if the scenario mentions 'Docker' or 'container', they jump to that task.","how_to_avoid_it":"Read the scenario carefully. If the application is a standard .NET or Node.js app deployed as code (not a Docker image), use the generic 'Azure Web App' task.
Use the container version only when the pipeline builds a Docker image and pushes it to a registry before deployment."
Commonly Confused With
GitHub Actions is a CI/CD tool tightly integrated with GitHub, whereas Azure DevOps is a broader platform that includes its own Git repos (Azure Repos), work tracking (Azure Boards), and test management. GitHub Actions only covers pipelines and is best for GitHub-hosted code. Azure DevOps can also integrate with GitHub repos, but it is a separate ecosystem.
If your code is on GitHub, you might use GitHub Actions directly. If your code is on Azure Repos or you need integrated project management, use Azure DevOps.
Jenkins is an open-source automation server that you install and manage yourself. It requires significant configuration, plugins, and maintenance. Azure DevOps Pipelines is a managed service that requires no infrastructure management. Jenkins offers more flexibility but more overhead. Azure DevOps pipelines are simpler for most Azure-centric environments.
A company with a complex on-premises environment might choose Jenkins for maximum control. A cloud-native startup would likely prefer Azure Pipelines for its simplicity and Azure integration.
AWS CodePipeline is a CI/CD service from Amazon, similar to Azure Pipelines. The main difference is the ecosystem. CodePipeline integrates natively with AWS services (CodeBuild, CodeDeploy, Lambda), while Azure Pipelines integrates with Azure services (App Service, Functions, Kubernetes). Conceptually they are identical, but the specific tasks and configuration differ. Exams on AWS will test CodePipeline, not Azure Pipelines.
If you are working in AWS, use CodePipeline. If in Azure, use Azure Pipelines. The concepts of source stage, build stage, and deploy stage are the same.
Bamboo is Atlassian's CI/CD server that integrates with Jira and Bitbucket. Azure DevOps is Microsoft's platform. Bamboo is on-premises or cloud (CloudFormation), but it is less popular than Azure DevOps. The main differences are ecosystem integration and pricing. Azure DevOps offers a free tier for small teams; Bamboo has a limited free tier.
A team already using Jira and Bitbucket might choose Bamboo for tighter integration. A team using Microsoft tools (Azure, Office 365) would prefer Azure DevOps.
Step-by-Step Breakdown
Create an Azure DevOps Organization
Start by signing into the Azure Portal or Azure DevOps website and creating an organization. This is the top-level container that holds all your projects, pipelines, and permissions. You can have multiple organizations for different business units or environments.
Create a Project and Import Code
Within the organization, create a new project. Choose a process template (Agile, Scrum, or CMMI) that defines work item types. Then, either push your code to a new Azure Repos Git repository or import an existing repository from GitHub or Bitbucket.
Set Up Branch Policies
Navigate to the repository settings and define branch policies for 'main' or 'master'. Enable requirements for a minimum number of reviewers, successful build (link to a pipeline), and linked work items. This prevents unverified code from being merged.
Create the Build Pipeline (YAML)
In Pipelines, create a new pipeline. Select your repository and then 'Starter pipeline' or 'Existing YAML file'. Write a YAML file with trigger on the main branch, a job that runs on 'ubuntu-latest', steps to install dependencies, run tests, and publish build artifacts. This compiles your code and runs checks.
Define Release Stages and Approvals
In the same YAML pipeline or a separate release pipeline, define stages (e.g., 'dev', 'staging', 'prod'). Add a manual approval gate before the production stage. This allows a human to verify before deploying to the live environment.
Create a Service Connection
In Project Settings, create a new service connection of type 'Azure Resource Manager'. Authenticate using your Azure account. This gives the pipeline permission to deploy resources to a specific subscription and resource group. Store the connection securely.
Deploy to Azure Resources
In the pipeline YAML, add deployment tasks (e.g., 'AzureWebApp@1' for web apps, 'AzureCLI@2' for custom scripts). Use the service connection to authenticate. Set deployment slots for zero-downtime deployments if using App Service.
Monitor and Automate Post-Deployment Tests
Add steps to run smoke tests after deployment (e.g., a curl command to check the homepage returns 200). If tests fail, the pipeline can automatically roll back to the previous version. Use Azure Monitor integration to get alerts.
Set Up Retention Policies
Configure artifact and pipeline run retention policies to automatically delete old builds and logs. This controls storage costs and maintains compliance. Set different retention for different branches or stages.
Enable Auditing and Reporting
Turn on auditing in the organization settings. Use Azure Boards widgets to create dashboards showing pipeline health, deployment frequency, and lead time. This helps teams measure their DevOps maturity.
Practical Mini-Lesson
Now let's dive into a practical mini-lesson that reflects what a real IT professional faces when using Azure DevOps daily. Imagine you are a DevOps engineer tasked with setting up a CI/CD pipeline for a microservices-based application that runs on Azure Kubernetes Service (AKS). Your application has three services: an API gateway, a user service, and an order service. Each service lives in a separate folder in a single repository (monorepo).
First, you need to decide on the repository structure. Using a monorepo is common, but it requires careful pipeline design. You will create a single YAML pipeline but with paths triggers. For example, you can write:
trigger: branches: include: - main paths: include: - services/api-gateway/* - services/user-service/* - services/order-service/*
This ensures that a change to any service folder triggers the pipeline. But you also need conditional logic to only build the changed service. You can use the 'changes' condition in YAML or use a script to detect changed folders. In practice, many teams use a single Dockerfile per service and a multi-stage build.
Next, you need to handle container image versioning. Never use the 'latest' tag for production. Instead, use a unique version based on the build ID and commit hash. For example, set a pipeline variable: imageTag=$(Build.BuildId)-$(Build.SourceVersion). Then, when building the Docker image, tag it with that variable and push to Azure Container Registry (ACR).
Now, consider security. Your pipeline will need to pull code from Azure Repos and push images to ACR. For this, you will use a service principal with appropriate roles. But you also need to store secrets like database connection strings for the services. You should use Azure Key Vault to store these secrets and link the vault to the pipeline using a Key Vault task. The pipeline can download secrets at runtime and inject them as environment variables or configuration files.
Another practical consideration is agent selection. Microsoft-hosted agents are convenient but have some limitations: they have a 6-hour timeout, limited disk space, and you cannot install custom software permanently. For AKS deployments, you might need tools like kubectl and Helm. Microsoft-hosted agents include these, but for custom requirements, you can create a self-hosted agent pool using a VM or a container. In production, many organizations use a dedicated VM for building to avoid resource contention.
What can go wrong? A common failure is when the agent cannot access the ACR because the service connection has expired or the permissions were removed. Always set up alerts for credential expiry. Another issue is pipeline slowness due to too many stages running sequentially. You can optimize by parallelizing jobs for independent services or using cache tasks for npm/Maven dependencies. For example, using the 'Cache@2' task to cache node_modules can reduce build time from minutes to seconds.
Finally, you must handle rollbacks. If a deployment to AKS fails, your pipeline should automatically roll back to the previous Helm release. You can implement this by using the Helm upgrade command with the --atomic flag, which automatically rolls back on failure. Alternatively, you can add manual approval gates for production and keep the previous version's artifacts for quick redeployment.
This mini-lesson shows that Azure DevOps is not just about clicking buttons; it involves a strategic approach to versioning, security, caching, and error handling. Professionals who master these details are highly valued.
Troubleshooting Clues
Pipeline fails with 'Access denied' to a repository
Symptom: Build or release pipeline stops with permission errors when checking out code from a Git repo.
The build service account (e.g., Project Collection Build Service) lacks read permissions on the repository. This is common when using cross-project repositories or custom security scopes.
Exam clue: In AZ-400, examinees must identify missing repo permissions for service connections or build identities.
Release pipeline fails to connect to an Azure Web App
Symptom: Error: 'An error occurred while sending the request' or 403 Forbidden when deploying to an Azure App Service.
The Azure service connection used in the pipeline has expired or the managed identity/permissions were revoked. Often due to outdated secrets or RBAC changes.
Exam clue: Exams commonly ask about service connection authentication failures, including SPN expiry or misconfigured roles.
Pipeline agent goes offline or stays idle
Symptom: Pipeline stays queued with no agent picking it up, or agent shows 'Offline' status.
The self-hosted agent cannot reach the Azure DevOps services due to firewall rules, proxy settings, or the agent service is stopped. Also check if the agent pool has sufficient capacity.
Exam clue: In AZ-400 and AZ-104, agents and agent pools are tested; symptoms like queued builds point to agent connectivity.
Work item field update not reflected in queries
Symptom: After updating a custom field via REST API or UI, a work item query returns old values or shows no change.
The query may be cached or the field update was made to a different project or work item type. Also possible that the field is read-only or not indexed correctly.
Exam clue: Exams test understanding of work item tracking and query limitations, especially with custom fields and process templates.
YAML pipeline has syntax error: 'Unexpected value'
Symptom: Pipeline fails at save with YAML parser errors, such as 'unexpected value' or 'mapping values are not allowed here'.
Indentation errors in YAML, often caused by mixing tabs and spaces or incorrect structure for stages/jobs. Azure DevOps YAML parser is strict.
Exam clue: AZ-400 often includes YAML validation questions; common traps are missing whitespace or invalid keywords like 'job' vs 'jobs'.
Artifact download fails with 'Package not found'
Symptom: Pipeline step fails when trying to download a package from Azure Artifacts, with error 'Package not found' or 'Feed not accessible'.
The package or feed name is incorrect, or the pipeline's service connection does not have read permissions on that artifact feed. Version mismatch also common.
Exam clue: Exams assess artifact feed management; troubleshooting package resolution is a frequent scenario.
Variable group values not being used in pipeline
Symptom: A YAML pipeline uses a variable group but the variables are empty or default values are used instead.
The variable group may be linked to a specific scope (e.g., pipeline, stage) and not accessible in the current job. Also, variable names might conflict or be overridden.
Exam clue: In AZ-400, variable groups' security and scope are tested; candidates must recognize scope-based failures.
Memory Tip
Think of Azure DevOps as 'CODE, PLAN, BUILD, TEST, RELEASE, MONITOR', the six stages of the DevOps lifecycle, all in one platform.
Learn This Topic Fully
This glossary page explains what Azure DevOps means. For a complete lesson with labs and practice, see the topic guide.
Covered in These Exams
Current Exam Context
Current exam versions that test this topic — use these objectives when studying.
Related Glossary Terms
Two-factor authentication (2FA) is a security method that requires two different types of proof before granting access to an account or system.
A/B testing is a controlled experiment that compares two versions of a single variable to determine which one performs better against a predefined metric.
5G is the fifth generation of cellular network technology, designed to deliver faster speeds, lower latency, and support for many more connected devices than previous generations.
AAA (Authentication, Authorization, and Accounting) is a security framework that controls who can access a network, what they are allowed to do, and tracks what they did.
An A record is a type of DNS resource record that maps a domain name to an IPv4 address.
Quick Knowledge Check
1.Which Azure DevOps component is used to store and manage build artifacts, NuGet packages, and Maven dependencies?
2.In a YAML pipeline, what keyword defines a collection of job steps that run sequentially on the same agent?
3.A developer wants to automatically trigger a pipeline when changes are pushed to the 'main' branch. Which YAML property should they configure?
4.What is the primary use case for Azure Test Plans?
5.You want to deploy a web app to multiple Azure regions using a release pipeline. Which deployment strategy minimizes downtime and allows immediate rollback?
6.Which Azure DevOps feature allows you to define security roles for a set of pipelines as a unit?
Frequently Asked Questions
Do I need to learn YAML to use Azure DevOps?
Yes, for modern Azure DevOps usage, YAML is the standard for defining pipelines. It is source-controlled and easier to review. The classic editor is still available but considered legacy for new projects.
Can I use Azure DevOps with non-Microsoft technologies?
Absolutely. Azure Pipelines supports Linux, macOS, and Windows agents. You can build Node.js, Python, Java, Go, and many other languages. It also integrates with Docker, Kubernetes, and cloud providers like AWS and Google Cloud.
What is the difference between a build pipeline and a release pipeline?
In Azure DevOps, these concepts have merged. A multi-stage YAML pipeline includes both build and release stages. The build stage compiles code and runs tests, while release stages deploy the artifacts to environments. You can have separate release pipelines, but YAML pipelines are preferred.
Is Azure DevOps free?
Azure DevOps offers a free tier for up to 5 users with unlimited private Git repos and 1,800 minutes of pipeline time per month. For larger teams and more minutes, paid plans are available. There is also a free tier for public projects.
What is a self-hosted agent and when should I use one?
A self-hosted agent is a machine you manage yourself that runs Azure DevOps pipeline jobs. You use it when you need specific software not available on Microsoft-hosted agents, need to run jobs on your network, or require more than 6 hours of build time.
Can I integrate Azure DevOps with GitHub?
Yes, Azure Pipelines can use GitHub repositories as a source. You can also set up branch policies on GitHub using Azure Pipelines status checks. Azure Boards integrates with GitHub issues and pull requests.
What is a service connection in Azure DevOps?
A service connection stores the credentials (like a service principal, PAT, or username/password) needed to connect to an external service such as Azure, Docker Hub, or a remote server. It is used by pipelines to authenticate and perform actions.
How do I handle secrets in Azure Pipelines?
Use secret pipeline variables marked with the 'secret' keyword in YAML. For better security, use Azure Key Vault and link it to your pipeline via the Key Vault task. Never hardcode secrets in YAML files.