This chapter covers DevOps practices and how they integrate with cloud concepts in Microsoft Azure. For the AZ-900 exam, understanding DevOps is part of Objective 1.5, which focuses on describing cloud service types and the shared responsibility model, but also touches on DevOps as a key driver for cloud adoption. This objective area carries approximately 10-15% of the exam weight. You will learn what DevOps is, how it differs from traditional IT operations, and how Azure DevOps and GitHub provide tools to implement continuous integration and continuous delivery (CI/CD). The chapter will also explain why DevOps is a cultural shift, not just a set of tools, and how it aligns with cloud benefits like agility and scalability.
Jump to a section
Imagine a busy restaurant kitchen that must serve hundreds of meals every evening without errors or delays. In a traditional kitchen, the head chef writes a recipe (code), hands it to a sous chef who preps ingredients (build), then a line cook cooks each dish (test), and finally a server delivers it (deploy). Any change to the recipe requires a full manual rework, and if the head chef is out sick, the workflow stops. This is like old-school software development where developers, testers, and operations teams work in silos with slow handoffs. Now consider a DevOps kitchen: the entire team collaborates on a digital recipe book (version control) that automatically triggers a prep station (continuous integration) to wash, chop, and marinate ingredients every time a new recipe is saved. A robotic arm (continuous delivery) then packages each dish into a sealed container (artifact) and holds it ready. When the dinner rush starts, a button press deploys all containers to the serving line (production) with zero changes to the recipe. The chef monitors real-time dashboards (Azure Monitor) showing which dishes are popular and which stations are overloaded, and can roll back to a previous recipe instantly if a new sauce causes complaints. This automated, collaborative pipeline is exactly how Azure DevOps enables teams to build, test, and release software faster and more reliably, with Azure Boards tracking work items like order tickets, Azure Repos storing code like recipe cards, and Azure Pipelines automating the cooking steps.
What is DevOps and Why Does It Matter?
DevOps is a combination of cultural philosophies, practices, and tools that increases an organization’s ability to deliver applications and services at high velocity. The term comes from merging “development” (Dev) and “operations” (Ops). Traditionally, software development and IT operations were separate teams with conflicting goals: developers wanted to release new features quickly, while operations wanted stability and uptime. This caused friction, slow release cycles, and frequent deployment failures. DevOps breaks down these silos by promoting collaboration, automation, and monitoring across the entire application lifecycle—from planning and coding to testing, deployment, and operations.
For AZ-900, you need to know that DevOps is not a specific Azure service but a methodology that Azure supports through various tools. The exam may ask why an organization would adopt DevOps (e.g., faster time to market, improved reliability, better collaboration) and which Azure services enable DevOps practices (e.g., Azure DevOps, GitHub Actions, Azure Boards, Azure Pipelines).
How DevOps Works: The Core Principles
Culture of Collaboration: Developers and operations engineers work together throughout the lifecycle, sharing responsibility for the application’s performance and reliability.
Automation: Manual processes are automated to reduce errors and speed up delivery. This includes automated builds, tests, and deployments.
Continuous Integration (CI): Developers frequently merge their code changes into a shared repository, and each merge triggers an automated build and test process. This catches bugs early.
Continuous Delivery (CD): After CI, the code is automatically packaged and ready for deployment to production. The actual deployment may be manual or automated (continuous deployment).
Monitoring and Feedback: Systems like Azure Monitor and Application Insights provide real-time data on application health and user behavior, enabling rapid feedback and improvements.
Key Azure DevOps Services
Azure DevOps is a suite of services that provides end-to-end DevOps tooling. The exam expects you to recognize the main components:
Azure Boards: Agile planning and work tracking. Create user stories, tasks, and bugs, and visualize work with Kanban boards or Scrum sprints.
Azure Repos: Git repositories for source control. Supports both private and public repos with standard Git features.
Azure Pipelines: CI/CD service that builds, tests, and deploys code to any platform or cloud. It supports multiple languages and integrates with GitHub, Docker, Kubernetes, and more.
Azure Test Plans: Manual and exploratory testing tools. Create test plans, run tests, and track results.
Azure Artifacts: Package management for Maven, npm, NuGet, and Python. Host and share packages within your organization.
Additionally, GitHub Actions is another CI/CD tool that is tightly integrated with Azure. GitHub Actions allows you to automate workflows directly from your GitHub repository, and it can deploy to Azure services like App Service, Functions, and VMs.
Continuous Integration (CI) in Detail
CI is the practice of merging code changes into a shared mainline multiple times a day. Each integration is verified by an automated build and test process. Here’s the step-by-step mechanism:
A developer completes a feature on a branch and pushes the code to Azure Repos or GitHub.
Azure Pipelines detects the push (via a webhook) and triggers a pipeline defined in a YAML file or the classic editor.
The pipeline runs a series of tasks: restore dependencies, compile the code, run unit tests, and analyze code quality.
If any step fails, the team is notified immediately. The failed build is marked as broken, and the developer is expected to fix it quickly.
If all steps pass, the build produces artifacts (e.g., .exe, .jar, .zip) that are stored in Azure Artifacts or a file share.
Key benefits: Reduces integration problems, improves code quality, and provides rapid feedback.
Continuous Delivery (CD) in Detail
CD extends CI by automatically deploying all code changes to a testing or staging environment after the build stage. Continuous deployment goes further by automatically deploying to production. The typical CD pipeline:
After a successful CI build, the pipeline triggers a release stage that deploys the artifacts to a development environment.
Automated integration tests, performance tests, and security scans run against the deployed app.
If quality gates are passed, the release is promoted to staging, then production (either automatically or with manual approval).
The deployment uses strategies like blue-green (two identical environments, switch traffic) or canary (roll out to a subset of users) to minimize risk.
Azure Pipelines supports multi-stage YAML pipelines that define the entire CI/CD flow in code, enabling infrastructure as code for pipelines themselves.
Infrastructure as Code (IaC)
DevOps often goes hand-in-hand with IaC, where you manage and provision cloud resources through machine-readable definition files rather than manual configuration. Azure supports:
ARM Templates: JSON files that define Azure resources and their properties.
Bicep: A domain-specific language that simplifies ARM template authoring.
Terraform: A third-party tool that works with Azure and other clouds.
With IaC, you can version control your infrastructure, automate deployments, and ensure consistency across environments. For example, a single Bicep file can define a virtual network, subnets, VMs, and network security groups, and be deployed via Azure Pipelines.
On-Premises Equivalent vs. Azure DevOps
In an on-premises environment, teams typically used tools like Jenkins, TeamCity, or self-hosted Git servers. The operations team manually configured servers, installed dependencies, and deployed code via scripts or copy-paste. This was slow, error-prone, and required significant manual effort. Azure DevOps provides a managed, cloud-hosted alternative that scales automatically, integrates with other Azure services, and offers built-in security and compliance. You don’t need to manage build agents or infrastructure; Azure Pipelines provides hosted agents with pre-installed tools.
Azure Portal and CLI Touchpoints
To get started with Azure DevOps:
Go to the Azure Portal and search for “Azure DevOps organizations.” Create an organization if you don’t have one.
Inside the organization, create a project. Each project contains boards, repos, pipelines, test plans, and artifacts.
Use the Azure DevOps CLI (az devops) to manage projects, work items, and pipelines from the command line.
Example CLI commands:
# Login to Azure DevOps
az devops login --organization https://dev.azure.com/contoso
# Create a new project
az devops project create --name MyProject --process Agile
# List pipelines
az pipelines list --project MyProjectAlternatively, you can use the Azure CLI with the devops extension:
az extension add --name azure-devops
az devops configure --defaults organization=https://dev.azure.com/contoso project=MyProjectDevOps in the Cloud Context
Cloud computing accelerates DevOps by providing on-demand resources, self-service capabilities, and pay-as-you-go pricing. Azure’s global infrastructure allows you to spin up test environments quickly, scale production apps automatically, and monitor everything with built-in tools. The shared responsibility model also applies: while Azure secures the physical infrastructure, you are responsible for securing your code, pipelines, and secrets (e.g., using Azure Key Vault).
For AZ-900, remember that DevOps is a key reason organizations move to the cloud—it enables faster innovation and more reliable releases.
Create an Azure DevOps Organization
An Azure DevOps organization is the top-level container that holds all your projects, users, and resources. To create one, go to the Azure Portal and search for 'Azure DevOps organizations.' Click 'Create' and provide a name (e.g., contoso-devops) and select a region. You can also create an organization directly from the Azure DevOps portal (https://dev.azure.com). The organization is free for up to 5 users (basic plan) with unlimited private repos and build minutes (limited). Behind the scenes, Azure creates a new tenant that manages authentication via Azure AD. Once created, you can invite team members via their Microsoft accounts or Azure AD identities.
Create a Project with Agile Work Tracking
Inside your organization, create a new project. Choose a name, description, and visibility (public or private). Select a work item process: Basic, Agile, Scrum, or CMMI. For AZ-900, know that Agile is the most common for DevOps teams. The project will automatically provision Azure Boards with a backlog and board. You can then create user stories, tasks, and bugs. Azure Boards supports Kanban boards for visualizing workflow and sprint planning for timeboxed iterations. The project also creates an associated Git repository (Azure Repos) and a default pipeline area.
Set Up a Git Repository and Push Code
Azure Repos provides a Git repository for your project. You can clone it to your local machine using `git clone <repo-url>`. Add your application code (e.g., a .NET Core web app) and commit/push. For example: `git add .`, `git commit -m 'Initial commit'`, `git push origin main`. Azure Repos supports branch policies, pull requests, and code reviews. Each push triggers webhooks that can start a pipeline. You can also import code from GitHub or Bitbucket. The repository is private by default unless you set visibility to public.
Define a CI/CD Pipeline with YAML
In Azure Pipelines, you define a pipeline using a YAML file (azure-pipelines.yml) stored in your repo. The pipeline specifies triggers, build steps, test commands, and deployment jobs. For a simple .NET Core app, the YAML might look like: ```yaml trigger: - main pool: vmImage: 'ubuntu-latest' steps: - task: DotNetCoreCLI@2 displayName: 'Restore packages' inputs: command: 'restore' projects: '**/*.csproj' - task: DotNetCoreCLI@2 displayName: 'Build' inputs: command: 'build' projects: '**/*.csproj' - task: DotNetCoreCLI@2 displayName: 'Run tests' inputs: command: 'test' projects: '**/*.csproj' - task: DotNetCoreCLI@2 displayName: 'Publish' inputs: command: 'publish' publishWebProjects: true arguments: '--configuration Release --output $(Build.ArtifactStagingDirectory)' - task: PublishBuildArtifacts@1 inputs: PathtoPublish: '$(Build.ArtifactStagingDirectory)' ArtifactName: 'drop' ``` This pipeline runs on every push to main, restores dependencies, builds, tests, and publishes artifacts. Pipelines can deploy to multiple environments using stages and approvals.
Deploy to Azure with a Release Stage
After the CI build, add a deployment stage to the YAML pipeline to deploy to Azure. For example, to deploy to Azure App Service, use the AzureWebApp task: ```yaml - stage: Deploy jobs: - deployment: DeployWeb environment: 'production' strategy: runOnce: deploy: steps: - task: AzureWebApp@1 inputs: azureSubscription: 'Your-Azure-Service-Connection' appName: 'my-app-service' package: '$(Pipeline.Workspace)/drop/**/*.zip' ``` You must first create an Azure service connection (a secure link between Azure DevOps and your Azure subscription). The deployment can include approval gates, manual intervention, or automatic rollback. Azure Pipelines supports deployment to VMs, containers, Kubernetes, and more.
Scenario 1: E-Commerce Platform with Frequent Updates
A mid-sized e-commerce company wants to release new features every week instead of every quarter. Their legacy process involved manual builds, copy-paste deployments, and a dedicated ops team that worked overnight. They adopt Azure DevOps with GitHub for source control. The development team creates feature branches, opens pull requests, and automated builds run unit tests and code analysis. After approval, the code merges to main, triggering a CI pipeline that builds and runs integration tests. The CD pipeline then deploys to a staging environment where QA performs exploratory testing using Azure Test Plans. Once approved, a manual release to production uses a blue-green deployment strategy with Azure App Service deployment slots. This reduces release time from weeks to hours and catches bugs early. However, they initially misconfigured the YAML pipeline to deploy to production on every push, causing an outage. They learned to add environment approvals and deployment gates.
Scenario 2: Financial Services with Compliance Requirements
A bank needs to release regulatory updates quickly but must adhere to strict audit trails and separation of duties. They use Azure DevOps with Azure Boards to track work items linked to compliance requirements. All code changes require a pull request with at least two reviewers and passing security scans (SonarQube, OWASP). The CI pipeline runs static code analysis and dependency scanning. The CD pipeline deploys to a pre-production environment that mirrors production, where automated regression tests run. Deployment to production requires a manual approval from a security officer. All pipeline runs are logged, and Azure Artifacts store immutable build outputs with retention policies. The bank uses Azure Policy to enforce resource tagging and compliance. They also use Azure Key Vault to manage secrets, avoiding hard-coded credentials in the pipeline. A common pitfall is not rotating service connection secrets regularly, which they address with automated secret rotation.
Scenario 3: Startup with Limited Ops Team
A small startup with three developers wants to deploy a containerized microservices app to Azure Kubernetes Service (AKS). They have no dedicated operations team. They use GitHub Actions for CI/CD because it integrates seamlessly with their GitHub repos. Their workflow builds Docker images, pushes them to Azure Container Registry, and updates the AKS deployment using kubectl. They use Azure Monitor and Application Insights to get alerts on app performance. The startup saves costs by using Azure Pipelines free tier (1800 minutes/month) and AKS dev/test pricing. A common mistake is not setting up proper resource limits on containers, causing a single service to consume all cluster resources. They learned to define resource requests and limits in the Kubernetes manifests. The DevOps culture enables them to focus on features rather than infrastructure.
Objective 1.5: Describe Cloud Service Types and the Shared Responsibility Model
While Objective 1.5 primarily covers IaaS, PaaS, SaaS, and shared responsibility, the AZ-900 exam often includes questions that link these concepts to DevOps. For example, you may be asked: “Which cloud service model is best suited for a DevOps scenario where the team wants full control over the application but not the underlying hardware?” The answer is PaaS (e.g., Azure App Service) because it provides a platform for deploying code without managing OS patching, but you still manage the application. Another common question: “Which Azure service enables continuous integration and continuous delivery?” The answer is Azure Pipelines (part of Azure DevOps) or GitHub Actions.
Common Wrong Answers and Why Candidates Choose Them
Wrong: “Azure DevOps is a cloud service model like IaaS or PaaS.” Why chosen: Candidates confuse the term “service” in Azure DevOps with cloud service models. Reality: Azure DevOps is a set of tools, not a cloud service model. The exam tests the distinction between service models and supporting services.
Wrong: “DevOps eliminates the need for testing.” Why chosen: Candidates think automation means no manual testing. Reality: DevOps emphasizes automated testing but also includes manual exploratory testing (Azure Test Plans). Testing is not eliminated; it’s integrated.
Wrong: “Continuous delivery means every change goes to production automatically.” Why chosen: Candidates confuse continuous delivery with continuous deployment. Reality: Continuous delivery means code is always ready for production deployment, but the actual deployment may be manual. Continuous deployment automatically deploys to production.
Wrong: “GitHub Actions and Azure Pipelines are the same service.” Why chosen: Both are CI/CD tools. Reality: They are separate services. GitHub Actions is integrated with GitHub, while Azure Pipelines is part of Azure DevOps. They can work together but are not identical.
Specific Terms and Values That Appear Verbatim
Azure Boards: Work tracking with Kanban and Scrum.
Azure Repos: Git repositories.
Azure Pipelines: CI/CD.
Azure Test Plans: Manual and exploratory testing.
Azure Artifacts: Package management.
GitHub Actions: CI/CD from GitHub.
Continuous Integration (CI): Merge code changes frequently, automated build and test.
Continuous Delivery (CD): Automatically deploy to staging, manual approval for production.
Continuous Deployment: Automatic deployment to production.
Edge Cases and Tricky Distinctions
Shared responsibility in DevOps: You are responsible for securing your pipelines, code, and secrets. Azure secures the underlying infrastructure for Azure DevOps (e.g., build agents).
Azure DevOps vs. GitHub: Azure DevOps is a full suite; GitHub is a code hosting platform with Actions. The exam may ask which to use for a given scenario.
Infrastructure as Code: While not explicitly in Objective 1.5, it often appears in DevOps questions. Know that ARM templates and Bicep are IaC tools.
Memory Trick: The DevOps Decision Tree
When asked “Which Azure service for CI/CD?” → If they mention “Azure DevOps” → pick Azure Pipelines. If they mention “GitHub” → pick GitHub Actions. For work tracking → Azure Boards. For source control → Azure Repos or GitHub. For testing → Azure Test Plans. For packages → Azure Artifacts. Remember: DevOps is about people and process, not just tools.
DevOps combines development and operations to enable faster, more reliable software delivery through collaboration, automation, and monitoring.
Azure DevOps is a suite of services including Azure Boards, Repos, Pipelines, Test Plans, and Artifacts.
Continuous Integration (CI) automatically builds and tests code every time changes are merged into a shared repository.
Continuous Delivery (CD) ensures code is always ready for deployment, but may require manual approval before production release.
Infrastructure as Code (IaC) with ARM templates or Bicep allows you to manage Azure resources through version-controlled definition files.
Azure Pipelines supports multi-stage YAML pipelines that define CI/CD workflows in code, with deployment strategies like blue-green and canary.
GitHub Actions is an alternative CI/CD tool that integrates with GitHub and can deploy to Azure.
DevOps is a cultural shift, not just a toolset; it requires collaboration between developers and operations teams.
These come up on the exam all the time. Here's how to tell them apart.
Azure DevOps
Full suite: Boards, Repos, Pipelines, Test Plans, Artifacts
Integrated with Azure AD and Azure services
Supports classic editor and YAML pipelines
Built-in work tracking (Azure Boards)
Hosted agents with 1800 free minutes/month (per organization)
GitHub Actions
CI/CD only, no native work tracking (uses GitHub Issues)
Tightly integrated with GitHub repositories
YAML-based workflows only
Community marketplace with many pre-built actions
Free for public repositories; private repos get 2000 minutes/month (free tier)
Mistake
DevOps is just a set of tools like Azure DevOps.
Correct
DevOps is a cultural and process change that emphasizes collaboration, automation, and monitoring. Tools like Azure DevOps enable DevOps practices, but they are not DevOps itself.
Mistake
Continuous delivery and continuous deployment are the same thing.
Correct
Continuous delivery means every change is ready for production deployment but may require manual approval. Continuous deployment automatically deploys every change to production without manual intervention.
Mistake
You cannot use Azure DevOps with non-Microsoft technologies.
Correct
Azure Pipelines supports Linux, macOS, Windows, and many languages (Java, Python, Node.js, Go, etc.). It also integrates with Docker, Kubernetes, and third-party tools like Jenkins and SonarQube.
Mistake
DevOps eliminates the need for an operations team.
Correct
DevOps merges dev and ops roles, but operations tasks still exist (monitoring, incident response, capacity planning). The team now includes both developers and ops engineers working together.
Mistake
Azure DevOps is free for unlimited users.
Correct
Azure DevOps offers a free tier for up to 5 users with basic features. Beyond that, you need a paid plan (Basic or Basic + Test Plans). However, unlimited users can be added with Basic access for a fee.
Azure DevOps is a comprehensive set of tools for the entire DevOps lifecycle, including work tracking (Azure Boards), source control (Azure Repos), CI/CD (Azure Pipelines), testing (Azure Test Plans), and package management (Azure Artifacts). GitHub is primarily a code hosting platform with built-in CI/CD via GitHub Actions. While both offer Git repositories, Azure DevOps provides more integrated project management features. You can use both together—for example, host code on GitHub and use Azure Pipelines for CI/CD.
No, the AZ-900 exam does not require you to write YAML. However, you should understand that Azure Pipelines can be defined using YAML or a classic editor. The exam may test that YAML pipelines are stored as code in the repository, enabling version control and review.
In DevOps, you are responsible for the security of your code, build pipelines, and secrets (e.g., using Azure Key Vault). Microsoft is responsible for the security of Azure DevOps services (e.g., build agent infrastructure, data storage). This aligns with the cloud shared responsibility model: Azure secures the infrastructure; you secure your configurations and code.
Yes, Azure DevOps can deploy to on-premises servers using deployment groups or self-hosted agents. This is useful for hybrid scenarios where some workloads remain on-premises. Azure Pipelines can target any environment, not just Azure.
A build agent is a machine that runs the pipeline jobs. Azure provides Microsoft-hosted agents with pre-installed tools (Windows, Linux, macOS). You can also set up self-hosted agents on your own machines for more control or to access on-premises resources. The free tier includes a limited number of hosted agent minutes.
Cloud computing enables DevOps by providing on-demand resources for build and test environments, auto-scaling for production, and managed services that reduce operational overhead. Azure’s global infrastructure allows teams to deploy to multiple regions quickly. The pay-as-you-go model supports experimentation without upfront costs.
Continuous delivery (CD) means that every code change is built, tested, and ready to be released to production, but the actual deployment requires manual approval. Continuous deployment goes further: every change that passes all stages is automatically deployed to production without human intervention. Both rely on a robust CI pipeline.
You've just covered DevOps and Cloud Concepts — now see how well it sticks with free AZ-900 practice questions. Full explanations included, no account needed.
Done with this chapter?