Azure Pipelines Tutorial: Architecture, Pricing, Use Cases, and Hands-On Guide for Developer Tools

1. Introduction

Azure Pipelines is Microsoft’s continuous integration and continuous delivery (CI/CD) service in Azure DevOps. It automates building, testing, and delivering software so teams can ship changes reliably and repeatedly—without manual steps.

In simple terms: you connect your code repository, define how to build and test it, and Azure Pipelines runs those steps on agents (Microsoft-hosted or self-hosted). You get consistent builds, test results, and deployable artifacts every time a developer commits code or opens a pull request.

Technically, Azure Pipelines is a pipeline orchestration service that executes jobs (scripts and tasks) on build agents, supports multi-stage workflows (build → test → deploy), integrates with Azure Repos/GitHub/other Git providers, and can deploy to many targets (Azure services, Kubernetes, VMs, on-prem environments). It provides identity-aware access controls, approvals, auditability, and integrations with the broader Azure ecosystem.

What problem it solves: turning code changes into validated, deployable outputs (and optionally deployments) in a repeatable, secure, and observable way—reducing risk, speeding delivery, and standardizing engineering practices.

Naming/status note: Azure Pipelines is the current name and is actively supported as part of Azure DevOps Services (cloud/SaaS) and Azure DevOps Server (self-hosted/on-prem). This tutorial focuses primarily on Azure DevOps Services unless noted otherwise.

2. What is Azure Pipelines?

Official purpose: Azure Pipelines provides CI/CD automation to build, test, and deploy code from version control to any target environment.

Core capabilities

Continuous integration (CI): Automatically build and test on commits and pull requests.
Continuous delivery/deployment (CD): Promote artifacts across environments (dev/test/stage/prod) with controls like approvals and checks.
Multi-platform execution: Run builds on Windows, Linux, and macOS agents (availability depends on agent type and Microsoft-hosted images).
Language/tool support: Works with .NET, Java, Node.js, Python, Go, containers, and more via built-in tasks and scripts.
Artifacts and traceability: Publish artifacts, link work items, and keep logs for audit and troubleshooting.

Major components

Azure DevOps organization → top-level container for projects, users, policies.
Project → contains repos, pipelines, artifacts, boards, etc.
Pipeline → the automated workflow definition (YAML or classic UI).
Stages / Jobs / Steps → structure of work to execute (conceptual even if created via classic editor).
Agents & agent pools
Microsoft-hosted agents: ephemeral agents provided by Microsoft.
Self-hosted agents: your own machines/VMs/runners in your network.
Service connections → secure connections from pipelines to external systems (e.g., Azure subscription, container registry).
Environments → logical deployment targets with checks/approvals (commonly used in multi-stage pipelines).

Service type and scope

Service type: Managed CI/CD orchestration (SaaS) under Azure DevOps Services; also available for Azure DevOps Server (self-hosted).
Scope model: Typically organization → project → pipeline. Permissions and policies are applied at these scopes.
Regional/global considerations: Azure DevOps Services is a globally available SaaS with organization-level data residency/geo considerations (verify specifics in official docs for your org region). Agent execution location differs by Microsoft-hosted agent pool region and your self-hosted placement.

Fit in the Azure ecosystem

Azure Pipelines is a core part of Azure Developer Tools and integrates tightly with: – Azure Repos (Git hosting), Azure Artifacts (package feeds), Azure Boards (work tracking) – Azure Resource Manager, Azure CLI, and common Azure deployment targets (App Service, AKS, Functions, VMs, etc.) – Microsoft Entra ID (Azure AD) for identity and governance

Official overview docs:
https://learn.microsoft.com/azure/devops/pipelines/?view=azure-devops

3. Why use Azure Pipelines?

Business reasons

Faster release cycles with less risk: Automated validation reduces regressions and speeds feedback.
Consistency and standardization: Shared pipelines and templates reduce “works on my machine” issues.
Traceability: Logs, artifacts, approvals, and linked work items help audits and incident reviews.

Technical reasons

Flexible execution model: Choose Microsoft-hosted for convenience or self-hosted for network access/special tooling.
Broad integration surface: Built-in tasks plus scripts enable most build/deploy workflows.
Multi-stage pipelines: Model environments and promotions with approvals and checks.

Operational reasons

Repeatable deployments: Reduce manual runbooks.
Visibility: Central run history, test reporting, artifact retention, and pipeline analytics (capabilities vary; verify in official docs for your org).
Scales with team size: Agent pools and parallelism allow throughput increases.

Security/compliance reasons

Granular permissions: Control who can edit pipelines, approve deployments, and manage service connections.
Secret handling: Use secret variables, variable groups, secure files, and integrations like Azure Key Vault (commonly used pattern).
Auditability: Azure DevOps provides auditing capabilities (verify configuration and availability in official docs).

Scalability/performance reasons

Parallelism: Multiple jobs can run simultaneously with additional parallel job capacity.
Agent choice: Scale self-hosted agents with VM scale sets/containers (architecture-dependent).

When teams should choose Azure Pipelines

Choose Azure Pipelines when: – You already use Azure DevOps (Repos/Boards/Artifacts) and want an integrated CI/CD platform. – You need hybrid builds/deployments that access private networks (self-hosted agents). – You want strong Azure-native deployment patterns and enterprise governance.

When teams should not choose Azure Pipelines

Consider alternatives when: – Your engineering workflow is standardized on GitHub Actions and you don’t need Azure DevOps features. – You require a fully self-managed pipeline engine with deep customization and plugin ecosystems (e.g., Jenkins) and accept operational overhead. – You must run CI/CD entirely inside a disconnected environment where Azure DevOps Services cannot be used (then consider Azure DevOps Server or self-managed tools).

4. Where is Azure Pipelines used?

Industries

Software/SaaS, finance, healthcare, retail, manufacturing, telecom, public sector—anywhere repeatable builds and controlled releases matter.

Team types

DevOps and platform engineering teams standardizing delivery
Product teams delivering microservices and front ends
SRE/operations teams automating infrastructure and release processes
Regulated industry teams requiring approvals and audit trails

Workloads

.NET applications (common), Java services, Node.js APIs, Python services
Containerized microservices and Kubernetes workloads
Infrastructure as Code (IaC) deployments (Bicep/Terraform—verify your org’s standards)
Mobile apps (agent/tooling dependent; verify supported macOS builds if needed)

Architectures

Monoliths and microservices
Multi-repo or mono-repo approaches
GitFlow, trunk-based development, release branches with environments

Real-world deployment contexts

Deploying to Azure App Service/Functions/AKS
Deploying to on-prem IIS/VMs via self-hosted agents
Building containers and pushing to registries (ACR or others)

Production vs dev/test usage

Dev/test: fast feedback, PR validation, ephemeral environments
Production: gated releases, approvals, environment checks, formal change management integrations

5. Top Use Cases and Scenarios

Below are realistic, commonly implemented scenarios with Azure Pipelines.

1) Pull request validation (CI)

Problem: PRs merge with failing tests or broken builds.
Why Azure Pipelines fits: PR triggers run builds/tests automatically and report status back to the PR.
Example: Every PR to main runs unit tests and blocks merge on failure.

2) Multi-stage promotion (dev → test → prod)

Problem: Manual promotions cause drift and inconsistent releases.
Why it fits: Multi-stage pipelines model environments, approvals, and artifact promotion.
Example: Build once, deploy the same artifact to dev, then promote to prod after approval.

3) Build and publish deployable artifacts

Problem: Teams can’t reproduce builds or don’t know what was deployed.
Why it fits: Pipeline artifacts/build artifacts provide versioned outputs tied to a run.
Example: Publish a ZIP/package and store it with retention policies.

4) Container CI (build image + scan + push)

Problem: Container images are built inconsistently and lack traceability.
Why it fits: Pipelines can build, run tests, run security scans (tool-dependent), and push to a registry.
Example: Build and tag images with commit SHA, push to Azure Container Registry.

5) Infrastructure as Code (IaC) validation and deployment

Problem: Infrastructure changes break environments.
Why it fits: Run lint/plan/what-if checks, then deploy with approvals.
Example: Run an ARM/Bicep “what-if” on PR and apply only after approval.

6) Deploy to private networks using self-hosted agents

Problem: Microsoft-hosted agents can’t reach private endpoints/on-prem.
Why it fits: Self-hosted agents run inside your network with outbound-only connectivity to Azure DevOps.
Example: Deploy to an on-prem SQL Server or internal Kubernetes cluster.

7) Scheduled builds (nightly regression)

Problem: Regressions are discovered late.
Why it fits: Scheduled triggers run nightly or weekly test suites.
Example: Nightly integration tests against a staging environment.

8) Release orchestration with approvals and checks

Problem: No governance over production deployments.
Why it fits: Approvals and checks can enforce change control.
Example: Require security review approval before production deployment stage.

9) Multi-repo dependency builds

Problem: Services depend on shared libraries and need coordinated builds.
Why it fits: Pipelines can reference multiple repos and trigger dependencies (implementation varies; verify best approach in docs).
Example: Build shared library, publish package, downstream service consumes it.

10) Cross-platform builds (Windows + Linux)

Problem: Builds only validated on one OS.
Why it fits: Run jobs on different agent OS images and compare results.
Example: Test a .NET library on Windows and Linux.

11) Security and compliance reporting

Problem: Teams need auditable release evidence.
Why it fits: Pipeline run logs, artifact traceability, and approvals form evidence.
Example: Export run history for audit and link to work items.

12) Monorepo selective builds

Problem: Every commit triggers expensive builds for unrelated components.
Why it fits: Use path filters/conditional jobs (capabilities depend on YAML/classic features; verify in docs).
Example: Only build the src/api folder when it changes.

6. Core Features

1) YAML pipelines and classic pipelines

What it does: Define pipelines as code (YAML) or configure via UI (classic editor).
Why it matters: YAML enables versioning and code review; classic can be simpler for beginners or legacy teams.
Practical benefit: Repeatable pipeline definitions, easier collaboration.
Caveat: Microsoft generally recommends YAML for modern workflows; classic remains supported but may not expose every newer feature equally. Verify current guidance in docs.

2) Microsoft-hosted and self-hosted agents

What it does: Executes pipeline jobs on hosted VMs/containers (Microsoft-hosted) or your infrastructure (self-hosted).
Why it matters: Choice impacts cost, performance, and network access.
Practical benefit: Hosted = minimal ops; self-hosted = access private resources, custom tools, predictable performance.
Caveat: Microsoft-hosted agents are ephemeral with some restrictions (no inbound connectivity, limited customization). Self-hosted agents require patching, scaling, and securing.

3) Parallel jobs and scalability controls

What it does: Run multiple jobs concurrently across agent pools.
Why it matters: CI speed and throughput depend on parallelism.
Practical benefit: Faster feedback by splitting tests/builds.
Caveat: Parallelism is a licensing/capacity dimension (see pricing section); self-hosted scaling is your responsibility.

4) Built-in tasks and extensibility

What it does: Provides a marketplace of tasks and built-in steps for building, testing, packaging, deploying, and scripting.
Why it matters: Reduces custom scripting.
Practical benefit: Faster pipeline authoring and standardization.
Caveat: Marketplace extensions introduce supply-chain risk; vet publishers and versions.

5) Triggers (CI, PR, scheduled, and more)

What it does: Automatically starts runs based on repo events or schedules.
Why it matters: Ensures validation happens consistently.
Practical benefit: PR validation and scheduled regression builds.
Caveat: Trigger behavior differs between YAML and classic; verify exact trigger support for your pipeline type.

6) Artifacts (Pipeline artifacts / build artifacts)

What it does: Stores outputs from a run (packages, zips, binaries) for download and deployment.
Why it matters: Enables “build once, deploy many” and traceability.
Practical benefit: Promotions use identical artifacts across environments.
Caveat: Artifact retention and storage quotas/limits apply; verify org settings.

7) Environments, approvals, and checks

What it does: Model deployment targets and enforce controls before deployments.
Why it matters: Governance and safe releases.
Practical benefit: Manual approvals, business hours checks, or other controls (depending on your setup).
Caveat: Some checks require specific configuration and permissions; verify per environment.

8) Variable groups, secret variables, and secure files

What it does: Centralize configuration, store secrets (as secret variables), and manage secure files (certs, provisioning profiles).
Why it matters: Keeps sensitive data out of source control.
Practical benefit: Reuse config across pipelines safely.
Caveat: Secrets still require careful access control; avoid exposing them in logs.

9) Service connections (Azure, containers, Kubernetes, etc.)

What it does: Defines authenticated connections to external services.
Why it matters: Enables deployments without embedding credentials in code.
Practical benefit: Central governance of credentials and scope.
Caveat: Mis-scoped service connections are a common security issue; use least privilege.

10) Test reporting and code coverage publishing

What it does: Publishes test results and optionally code coverage to the pipeline run summary.
Why it matters: Fast feedback, quality gates, and trends.
Practical benefit: Easy visibility into failures.
Caveat: Exact formats supported depend on test framework and tasks used.

11) Templates and reuse (primarily YAML)

What it does: Share pipeline building blocks across repos.
Why it matters: Standardization and maintainability.
Practical benefit: Centralized best practices at scale.
Caveat: Template governance requires versioning strategy and change control.

12) Integration with Azure DevOps suite

What it does: Links pipelines with Boards, Repos, Artifacts, dashboards, and permissions.
Why it matters: End-to-end DevOps workflow in one platform.
Practical benefit: Traceability from work item → commit → build → deployment.
Caveat: Cross-project and cross-org traceability needs explicit configuration.

7. Architecture and How It Works

High-level service architecture

Azure Pipelines consists of: – Control plane (Azure DevOps Services): Stores pipeline definitions, queues jobs, manages permissions, logs, and artifacts. – Execution plane (agents): Runs your pipeline jobs. Agents poll Azure DevOps for queued jobs and execute steps. – Integrations: Repos, artifact storage, test reporting, and deployment targets.

Request/data/control flow (typical CI run)

Developer pushes code to a repo (Azure Repos Git or external Git).
A trigger starts a pipeline run.
Azure DevOps queues a job to an agent pool.
An agent picks up the job, checks out code, runs tasks/scripts.
Agent streams logs back to Azure DevOps.
Outputs (artifacts/test results) are published to Azure DevOps storage.
Optional: downstream stages deploy artifacts to environments.

Integrations with related services

Common integrations include: – Azure Repos / GitHub: source triggers, PR validation. – Azure Artifacts: publish and consume packages (NuGet, npm, Maven, etc.). – Azure Key Vault: retrieve secrets at run time (commonly via variable groups/tasks—verify current recommended approach). – Azure Resource Manager / Azure CLI: deploy infrastructure and apps. – Container registries (ACR/Docker Hub): build and push images. – Kubernetes (AKS/on-prem): deploy manifests/Helm. – Microsoft Entra ID: identity and access governance.

Dependency services

A Git repository (Azure Repos or external)
Agents (Microsoft-hosted or self-hosted)
Optional: Azure subscription and service connections for deployments
Optional: artifact/package feeds

Security/authentication model (conceptual)

Users authenticate via Entra ID/Microsoft accounts into Azure DevOps.
Pipelines access resources through:
Service connections (service principal, federated credentials, or other auth methods—verify the current recommended authentication method in official docs)
Pipeline identities and permissions within Azure DevOps
Secrets stored as secret variables/variable groups and accessed at runtime
Agents connect to Azure DevOps over HTTPS and use agent registration tokens/credentials (implementation differs by agent type and setup).

Networking model

Microsoft-hosted agent: runs in Microsoft-managed network; reaches public endpoints; cannot directly access your private VNet unless you expose endpoints publicly (not recommended) or use alternative patterns.
Self-hosted agent: placed inside your network/VNet; makes outbound connections to Azure DevOps; can reach private resources directly.

Monitoring/logging/governance considerations

Run logs: full step-by-step logs per job, downloadable.
Test results: reported to the run summary when published.
Auditing: Azure DevOps provides audit logs for key events (verify availability and retention).
Governance: use branch policies, required reviews, restricted pipeline edits, and protected environments.

Simple architecture diagram (Mermaid)

flowchart LR
  Dev[Developer] -->|Push/PR| Repo[Git Repo<br/>(Azure Repos or GitHub)]
  Repo -->|Trigger| ADO[Azure DevOps<br/>Azure Pipelines]
  ADO -->|Queue job| Pool[Agent Pool]
  Pool --> Agent[Agent<br/>(Microsoft-hosted or self-hosted)]
  Agent -->|Build/Test| Agent
  Agent -->|Publish logs/results| ADO
  Agent -->|Publish artifact| Artifacts[Pipeline/Build Artifacts]
  Artifacts --> Consumer[Download or Deploy]

Production-style architecture diagram (Mermaid)

flowchart TB
  subgraph Org[Azure DevOps Organization]
    subgraph Proj[Project]
      Repos[Azure Repos]
      Pipelines[Azure Pipelines]
      Envs[Environments<br/>Dev/Test/Prod]
      Artif[Artifacts Storage]
      Sec[Service Connections<br/>+ Variable Groups]
    end
  end

  Devs[Developers] -->|Commit/PR| Repos
  Repos -->|CI Trigger| Pipelines

  subgraph Agents[Execution]
    Hosted[Microsoft-hosted Agents]
    Self[Self-hosted Agents<br/>in VNet/on-prem]
  end

  Pipelines -->|Jobs| Hosted
  Pipelines -->|Jobs| Self

  Hosted -->|Build/Test| Hosted
  Self -->|Build/Test/Deploy| Self

  Hosted -->|Publish| Artif
  Self -->|Publish| Artif

  Pipelines -->|Deploy stages| Envs
  Envs -->|Controlled by approvals/checks| Envs

  Sec --> Pipelines

  subgraph Targets[Deployment Targets]
    Azure[Azure Services<br/>(App Service/AKS/Functions)]
    OnPrem[On-prem/Private Services]
  end

  Envs --> Azure
  Envs --> OnPrem
  Self -->|Private access| OnPrem

8. Prerequisites

Account/subscription/project requirements

An Azure DevOps organization (Azure DevOps Services): https://dev.azure.com/
An Azure DevOps project where you can create repos and pipelines
Optional: an Azure subscription if you will deploy to Azure resources

Permissions / IAM

At minimum, you typically need: – Permission to create and edit pipelines in the project – Permission to queue builds – If using Azure Repos: permission to read/commit to the repository – If deploying: permission to create/manage service connections (or use an existing approved service connection)

Exact permission names vary by Azure DevOps security model (project-level groups like Project Administrators, Build Administrators, etc.). Verify in official docs: https://learn.microsoft.com/azure/devops/organizations/security/?view=azure-devops

Billing requirements

Azure DevOps Services may require a billing setup depending on your organization, parallel jobs usage, and whether you purchase additional capacity.
If deploying to Azure resources, you need an Azure subscription with a payment method.

CLI/SDK/tools (for this lab)

Git: https://git-scm.com/downloads
.NET SDK (for the sample app): https://dotnet.microsoft.com/download
A code editor (VS Code recommended): https://code.visualstudio.com/

Optional tools (not required for the classic UI lab): – Azure CLI: https://learn.microsoft.com/cli/azure/install-azure-cli – Azure DevOps CLI extension: https://learn.microsoft.com/azure/devops/cli/?view=azure-devops

Region availability

Azure DevOps Services is SaaS; availability is global, but your organization’s region/geo may matter for compliance and data residency. Verify in official docs for your org.

Quotas/limits (high-level)

Parallel job limits depend on purchased/free capacity.
Retention limits apply to logs and artifacts (org settings).
Microsoft-hosted agent timeouts and resource constraints apply. Because limits change, verify current limits in official docs: https://learn.microsoft.com/azure/devops/pipelines/agents/hosted?view=azure-devops

Prerequisite services

For the core CI lab in this article: – Azure DevOps Services + Azure Repos (or any connected Git repo) No Azure resources are required unless you choose to extend into deployments.

9. Pricing / Cost

Azure Pipelines pricing is tied to Azure DevOps Services licensing and is primarily based on parallel jobs and agent type.

Pricing dimensions (what you pay for)

Common pricing dimensions include: – Microsoft-hosted parallel jobs: Capacity to run jobs concurrently on Microsoft-hosted agents (time/minutes and concurrency rules can apply—verify current model). – Self-hosted parallel jobs: Concurrency capacity for self-hosted agents (you provide the compute). – Additional Azure DevOps users/features: Azure DevOps has separate user licensing considerations (Basic, Basic + Test Plans, etc.), depending on your org needs.

Official pricing page (verify current details):
https://azure.microsoft.com/pricing/details/devops/azure-devops-services/

Official licensing/concurrency guidance (verify current details):
https://learn.microsoft.com/azure/devops/pipelines/licensing/concurrent-jobs?view=azure-devops

Free tier (what’s commonly available)

Azure Pipelines typically includes some free capacity (often at least limited parallel job access), and public/open-source projects have special considerations. Because free-tier details can change, confirm in: – Pricing page above – Concurrency jobs documentation above

Cost drivers

Direct and indirect drivers: – Number of parallel jobs (how many builds you want running at once) – Build frequency and duration (long tests, slow restores, large repos) – Agent type – Microsoft-hosted: you pay for hosted capacity per pricing model – Self-hosted: you pay for the underlying compute (VMs), storage, and maintenance – Artifact storage and retention (large artifacts + long retention) – Network egress (especially self-hosted agents downloading dependencies from the internet or pushing artifacts to external systems) – Third-party tools (security scanners, SaaS integrations, marketplace extensions)

Hidden or indirect costs to watch

Self-hosted agent operations: patching, scaling, backup, monitoring, incident response
Build cache misses: repeated dependency downloads (NuGet/npm/Maven) increase runtime and bandwidth
Over-retention: keeping artifacts/logs forever can cause storage growth (subject to org limits)
Secret sprawl: unmanaged secrets can lead to security incidents with real cost

Network/data transfer implications

Microsoft-hosted agents pull source and dependencies over the public internet.
Self-hosted agents in Azure may incur:
Egress to the internet for dependency downloads
Inter-region traffic if your resources are in different regions
Deployments to Azure are typically internal to Azure but still can cross regions and boundaries depending on architecture.

How to optimize cost (practical)

Right-size parallelism: Start with minimal concurrency and increase as bottlenecks appear.
Shorten pipeline duration: split test suites, use incremental builds, avoid unnecessary steps.
Use caching where appropriate: pipeline caching for dependencies can reduce repeated downloads (feature availability depends on pipeline type and configuration; verify in docs).
Reduce artifact size: publish only what you need; compress; avoid publishing build intermediates.
Set retention policies: keep fewer runs/artifacts for feature branches.
Prefer self-hosted for private network access when Microsoft-hosted would require insecure exposure—cost can be lower at scale, but ops overhead increases.

Example low-cost starter estimate (no fabricated numbers)

A low-cost starter setup commonly looks like: – 1 pipeline for CI – Use included/free parallel job capacity (if available for your org) – Keep artifact retention short (e.g., days/weeks) – Minimal external integrations

Because Microsoft’s free minutes/parallel job entitlements and paid tiers can change, use: – Azure DevOps pricing page: https://azure.microsoft.com/pricing/details/devops/azure-devops-services/ – Azure Pricing Calculator: https://azure.microsoft.com/pricing/calculator/

Example production cost considerations

For production, plan for: – Multiple teams → multiple pipelines and increased concurrency needs – Separate pipelines for PR validation, main branch CI, and deployments – Self-hosted agents for private deployments (cost = VM + storage + ops) – Longer retention for audit/compliance (more storage) – Security scanning steps (longer runtime, possible third-party licensing)

10. Step-by-Step Hands-On Tutorial

This lab creates a real CI pipeline using Azure Pipelines with the classic editor (UI-based). YAML pipelines are widely used in production, but this approach is fully executable while keeping the tutorial copy/paste-friendly without embedding pipeline-definition files.

Objective

Build and test a small .NET application on every commit, publish test results, and publish a build artifact using Azure Pipelines.

Lab Overview

You will: 1. Create an Azure DevOps project and Git repository. 2. Create a simple .NET solution locally and push it to Azure Repos. 3. Create a classic Azure Pipeline (build pipeline) using Microsoft-hosted agents. 4. Configure tasks: install .NET SDK, restore, build, test, publish artifacts. 5. Enable CI trigger. 6. Run and validate results. 7. Clean up resources.

Expected cost

For many orgs, this lab can run within included/free Azure Pipelines capacity. If your org has no free hosted capacity remaining, you may need to enable billing or use a self-hosted agent. Always verify your org’s parallel job availability.

Step 1: Create an Azure DevOps organization and project

Open Azure DevOps: https://dev.azure.com/
Sign in with your Microsoft account or your organization account.
Create an Organization (if you don’t already have one).
Create a New Project: – Project name: pipelines-lab – Visibility: Private (recommended for general lab work)

Expected outcome: You land in the new project overview page and can access Repos and Pipelines from the left navigation.

Verification: – Go to Project settings → confirm you can see settings (if not, you may lack admin permissions).

Step 2: Create a repo and push a sample .NET app

You’ll create a minimal app and unit test locally, then push to Azure Repos.

2.1 Create the repo in Azure Repos

In the project, go to Repos → Files.
If prompted, initialize the repo with a README (optional but convenient).

Copy the clone URL: – Repos → Clone → copy the HTTPS URL.

2.2 Create the app locally

On your machine:

mkdir azure-pipelines-lab
cd azure-pipelines-lab

dotnet new sln -n PipelinesLab

dotnet new classlib -n PipelinesLab.Core
dotnet new xunit -n PipelinesLab.Tests

dotnet sln PipelinesLab.sln add PipelinesLab.Core/PipelinesLab.Core.csproj
dotnet sln PipelinesLab.sln add PipelinesLab.Tests/PipelinesLab.Tests.csproj

dotnet add PipelinesLab.Tests/PipelinesLab.Tests.csproj reference PipelinesLab.Core/PipelinesLab.Core.csproj

Add a small piece of code to test.

Create a file PipelinesLab.Core/Calculator.cs:

namespace PipelinesLab.Core;

public static class Calculator
{
    public static int Add(int a, int b) => a + b;
}

Edit the generated test file (for example, PipelinesLab.Tests/UnitTest1.cs) to:

using PipelinesLab.Core;
using Xunit;

namespace PipelinesLab.Tests;

public class UnitTest1
{
    [Fact]
    public void Add_Works()
    {
        Assert.Equal(5, Calculator.Add(2, 3));
    }
}

Run tests locally:

dotnet test

Expected outcome: Tests pass locally.

2.3 Push to Azure Repos

Initialize git and push:

git init
git add .
git commit -m "Initial commit: .NET solution with tests"

Add your Azure Repos remote (use the HTTPS clone URL you copied):

git remote add origin <YOUR_AZURE_REPOS_HTTPS_URL>
git branch -M main
git push -u origin main

Expected outcome: Code appears in Repos in the Azure DevOps project.

Verification: – In Azure DevOps → Repos → browse files and confirm PipelinesLab.sln exists.

Common error and fix: – If authentication fails, use Git Credential Manager and sign in, or create a PAT (Personal Access Token) per official guidance: https://learn.microsoft.com/azure/devops/organizations/accounts/use-personal-access-tokens-to-authenticate

Step 3: Create a classic Azure Pipeline (build pipeline)

In Azure DevOps, go to Pipelines.
Choose New pipeline.
Select Azure Repos Git and choose your repo.
Look for the option Use the classic editor (UI-based).
– If you don’t see it, the UI may differ by update/permissions. Verify in official docs for classic pipelines availability.
In the classic editor: – Select a template: start with an empty job or a .NET template if available. – Agent pool: select Azure Pipelines (Microsoft-hosted). – Agent specification: pick a Windows or Ubuntu image that supports the .NET SDK you need (the UI shows available options).

Expected outcome: You see a pipeline with at least one job and can add tasks.

Verification: – Confirm the pipeline is associated with the correct repository and default branch (main).

Step 4: Add tasks (restore, build, test, publish)

In the classic pipeline editor, add tasks in this approximate order.

Task names in the UI may vary slightly over time. Use the task search box and verify task publisher is Microsoft when possible.

4.1 Install .NET SDK (if needed)

Add a task to install/use a specific .NET SDK version: – Task commonly called Use .NET Core or Use .NET SDK (naming varies).

Configure: – Version: choose a supported LTS (verify your target version) – Installation path: default

Expected outcome: Agent has the required .NET SDK available.

4.2 Restore

Add a .NET Core or DotNet command task: – Command: restore – Projects: PipelinesLab.sln

Expected outcome: Dependencies restore successfully.

4.3 Build

Add a .NET build task: – Command: build – Projects: PipelinesLab.sln – Arguments: --configuration Release

Expected outcome: Solution builds.

4.4 Test with results

Add a .NET test task: – Command: test – Projects: PipelinesLab.sln – Arguments: --configuration Release

To publish test results, you may: – Enable “Publish test results” inside the test task (if available), or – Add a separate Publish Test Results task configured for the output format your runner produces.

Expected outcome: Tests run and results are visible in the pipeline run summary.

4.5 Publish an artifact

Add a task to copy outputs to the staging directory (often optional depending on task behavior), then publish.

Common approach: 1. Add a file copy task: – Source folder: repository root or specific output path – Target folder: $(Build.ArtifactStagingDirectory) 2. Add Publish Build Artifacts task: – Path to publish: $(Build.ArtifactStagingDirectory) – Artifact name: drop

Expected outcome: The run produces an artifact named drop.

Verification: – Ensure you are copying the right build output. For .NET class libraries, outputs are under bin/Release/.... You can also publish the entire repo for demonstration, but it’s not recommended for real projects.

Step 5: Enable Continuous Integration (CI) trigger

In the classic pipeline editor: 1. Open the Triggers tab. 2. Enable Continuous integration. 3. Set branch filters: – Include: main

Save the pipeline.

Expected outcome: A commit to main automatically triggers a new build.

Verification: – Make a small commit (e.g., update README) and push to main. – Confirm a new pipeline run starts automatically.

Step 6: Run the pipeline and review outputs

Queue a run manually the first time: – Pipelines → select your pipeline → Run pipeline / Queue
Watch the run: – Confirm each task succeeds – Open logs if a step fails

Expected outcomes: – Build succeeds – Test results are published – Artifact drop is available for download

Verification checklist: – Pipeline run summary shows: – Source commit – Duration and agent details – Tests tab or test summary (if configured) – Artifacts section with drop

Validation

Use this quick validation to confirm your CI is functioning end-to-end:

Break a test intentionally by changing expected value (e.g., expect 6 instead of 5).
Commit and push:

git add .
git commit -m "Introduce failing test"
git push

Confirm Azure Pipelines triggers automatically and the run fails at the test step.
Fix the test and push again; confirm the next run succeeds.

Expected outcome: You’ve proven CI triggers, test reporting, and build repeatability.

Troubleshooting

Common issues and realistic fixes:

No hosted agent available / pipeline stuck queued – Cause: No available parallel job capacity or billing not enabled. – Fix: Check parallel jobs and billing status in org settings; or use a self-hosted agent. – Reference: https://learn.microsoft.com/azure/devops/pipelines/licensing/concurrent-jobs?view=azure-devops
Repository checkout fails – Cause: pipeline identity lacks repo permissions, or branch name mismatch. – Fix: Verify repo permissions and the pipeline is targeting main.
.NET SDK not found – Cause: agent image doesn’t include your target SDK. – Fix: Add the “Use .NET” task to install the correct version or change agent image to one that supports it (verify hosted agent software lists).
Tests run but no test results appear – Cause: results not being published or wrong result format path. – Fix: Enable publish results in the test task or configure Publish Test Results task correctly.
Artifact is empty – Cause: copying wrong folder into $(Build.ArtifactStagingDirectory). – Fix: Inspect build output paths in logs, then adjust copy pattern.

Cleanup

To avoid ongoing usage: – Disable CI trigger in the pipeline if you don’t need it. – Delete the pipeline: – Pipelines → select pipeline → More options → Delete – Delete the project (most thorough cleanup): – Project settings → Overview → Delete (requires project admin rights)

If you created any self-hosted agents for experimentation: – Remove agent registration from Agent pools – Decommission the VM/host to stop compute charges

11. Best Practices

Architecture best practices

Prefer “build once, deploy many”: Build artifacts once in CI and promote the same artifact across environments.
Separate concerns: CI builds/tests; CD promotes and deploys.
Use self-hosted agents for private access: Don’t expose private endpoints just to use Microsoft-hosted agents.
Use environments for deployments: Model dev/test/prod and apply approvals/checks.

IAM/security best practices

Least privilege service connections: Scope Azure service principals to only necessary resource groups/subscriptions.
Restrict who can edit pipelines: Treat pipeline edits as code changes requiring review.
Protect production environments: Require approvals; limit approvers; enforce separation of duties.
Prefer modern authentication: Use the most secure supported method for Azure service connections (for example, workload identity federation if supported in your scenario—verify current docs).

Cost best practices

Reduce build time: faster pipelines cost less and deliver faster feedback.
Right-size parallelism: buy concurrency only when needed.
Use retention policies: keep fewer runs for non-release branches.
Avoid heavyweight hosted builds when self-hosted is cheaper at scale (but account for ops cost).

Performance best practices

Cache dependencies where supported (NuGet/npm/etc.).
Parallelize tests thoughtfully (test isolation matters).
Use incremental builds and avoid rebuilding unchanged components where possible.

Reliability best practices

Pin critical tool versions (SDK/runtime) to avoid unexpected changes.
Fail fast: run lint/unit tests early.
Make deployments idempotent: reruns should not corrupt environments.

Operations best practices

Standardize agent images for self-hosted pools and patch regularly.
Centralize logs and evidence for audits and incident analysis.
Use naming conventions for pipelines, agent pools, environments, and service connections.

Governance/tagging/naming best practices

Use consistent names like:
Pipelines: ci-<repo>, cd-<service>
Environments: dev, test, prod
Agent pools: selfhosted-vnet-prod, selfhosted-build
Document ownership and on-call rotation for pipeline failures.

12. Security Considerations

Identity and access model

Azure DevOps uses organization/project security groups and permissions.
Pipelines access external systems via service connections.
Developers’ ability to change pipelines can equate to the ability to change what runs on agents—treat pipeline modification as privileged.

Recommendation: Lock down: – Who can create/edit pipelines – Who can manage service connections – Who can approve deployments to production environments

Encryption

Azure DevOps Services encrypts data at rest and in transit (TLS). For compliance specifics, verify Microsoft’s official documentation and trust resources for Azure DevOps.

Network exposure

Microsoft-hosted agents run outside your network boundary.
Use self-hosted agents for:
private endpoints
on-prem deployments
strict egress controls
Ensure self-hosted agents have restricted outbound access (allow-list required endpoints).

Secrets handling

Preferred approaches: – Use secret variables and variable groups with locked permissions. – Integrate with Azure Key Vault for centralized secret lifecycle (common enterprise pattern—verify your organization’s approved approach). – Use secure files for certificates and protect access.

Avoid: – Hardcoding secrets in scripts – Printing secrets in logs – Storing credentials in repo files

Audit/logging

Use Azure DevOps auditing features (verify availability for your plan).
Retain pipeline logs/artifacts appropriately for compliance, but balance cost and privacy.
Review service connection usage and changes regularly.

Compliance considerations

Map pipeline controls to internal requirements:
approvals for production deployments
separation of duties
immutable artifact promotion
evidence retention
Verify Azure DevOps compliance attestations and regional data handling in Microsoft documentation.

Common security mistakes

Over-privileged Azure service connections (subscription Owner when Contributor is enough)
Allowing PRs from forks to run with secrets (risk depends on configuration—verify your PR security settings)
Running untrusted code on self-hosted agents with access to production networks
Sharing agent pools across high-trust and low-trust projects without isolation

Secure deployment recommendations

Isolate agent pools by trust boundary (e.g., prod deployments use a dedicated pool).
Use approvals and checks for production environments.
Use least privilege for service connections.
Keep build agents ephemeral where possible; reimage self-hosted agents regularly if feasible.

13. Limitations and Gotchas

Known limitations (common patterns)

Microsoft-hosted agents can’t reach private networks without exposing endpoints or using additional networking patterns; self-hosted agents are the typical solution.
Hosted agent environments are ephemeral: don’t rely on local state between runs.
Time limits and resource constraints exist for hosted jobs (timeouts, disk/CPU/memory constraints). Verify current limits in official docs.
Classic vs YAML differences: Some advanced reuse patterns (templates) and modern practices are primarily YAML-focused.
Marketplace extension risk: Extensions can be powerful but require governance and vetting.

Quotas and capacity

Parallel jobs and concurrency are limited by plan.
Organization-level limits may exist for artifacts/log retention. Verify in org settings and docs.

Regional constraints

Your Azure DevOps organization region and agent availability can affect performance and compliance. Verify your organization’s geo and agent pool options.

Pricing surprises

Adding parallel jobs for faster throughput can increase cost.
Self-hosted compute costs and ops time can exceed expectations if not standardized.
Excessive artifact retention increases storage usage.

Compatibility issues

Build scripts that assume specific tool versions may break when hosted agent images update.
Deployments can fail if service connections expire (cert rotation, secret expiry).

Operational gotchas

Self-hosted agents are effectively “production infrastructure”: they need monitoring, patching, and access control.
Pipeline permissions and service connections can become complex in large orgs—document ownership.

Migration challenges

Moving from classic to YAML requires redesign (tasks map, but triggers/templates differ).
Migrating from other CI tools (Jenkins/GitLab) often requires revisiting credential handling, artifact management, and environment promotion strategy.

14. Comparison with Alternatives

Azure Pipelines is one of several mature CI/CD options. The best choice depends on where your code lives, governance needs, and operational preferences.

Comparison table

Option	Best For	Strengths	Weaknesses	When to Choose
Azure Pipelines (Azure DevOps)	Teams using Azure DevOps or needing enterprise CI/CD with Azure integration	Strong Azure DevOps suite integration, flexible agents, multi-stage pipelines, approvals/checks	Requires Azure DevOps org governance; hosted capacity/licensing considerations	You want integrated Boards/Repos/Artifacts + pipelines, or need self-hosted agents for private deployments
GitHub Actions	GitHub-native CI/CD	Tight GitHub integration, huge marketplace, good developer experience	Governance and enterprise controls differ; complex cross-repo enterprise patterns can vary	Your code is in GitHub and you want workflow-as-code close to the repo
Jenkins (self-managed)	Maximum customization and self-hosting	Very flexible, massive plugin ecosystem	High ops overhead, plugin supply-chain risk, harder governance	You need full control and accept running/maintaining CI infrastructure
GitLab CI/CD	GitLab-centric orgs	Integrated SCM + CI + security features (plan dependent)	Less aligned if you’re standardized on Azure DevOps	Your org uses GitLab and wants an integrated DevSecOps platform
AWS CodePipeline/CodeBuild	AWS-centric deployments	Native AWS integration, IAM alignment	Less integrated for Azure-first environments	Most workloads deploy to AWS and you want AWS-native pipelines
Google Cloud Build	GCP-centric deployments	Native GCP integration, container-first workflows	Less integrated for Azure-first environments	Workloads primarily deploy to GCP

Nearest “same cloud” alternatives: – GitHub Actions (Microsoft-owned, but a separate product from Azure DevOps) – Azure DevOps also includes additional tooling (Repos/Boards/Artifacts/Test Plans); Azure Pipelines is the CI/CD component.

15. Real-World Example

Enterprise example (regulated industry)

Problem: A financial services company needs auditable releases with separation of duties, controlled production deployments, and traceability from change request to deployment.

Proposed architecture: – Azure Repos for source control with branch policies (required reviewers, build validation) – Azure Pipelines multi-stage pipeline: – CI: build + tests + security scanning tool integration (tool-specific) – Publish immutable artifact – CD: deploy to dev/test/prod environments – Dedicated self-hosted agent pools for deployments into private networks – Environments with approvals and checks for production – Azure Key Vault for secrets – Centralized logging of deployment evidence (pipeline logs + artifacts retention)

Why Azure Pipelines was chosen: – Integrates with Azure DevOps governance and work tracking – Supports self-hosted agents for private network deployments – Approvals/checks provide operational controls and auditability

Expected outcomes: – Reduced production incidents due to consistent releases – Faster audits due to centralized evidence – Clear ownership and controlled access to production deployments

Startup/small-team example

Problem: A startup needs fast CI feedback for a .NET API and wants to publish build artifacts for releases with minimal overhead.

Proposed architecture: – Azure Repos (or GitHub) with a single CI pipeline – Microsoft-hosted agent for simple builds – Automated unit tests on each commit and PR – Publish build artifact for release packaging – Optional manual deployment step for early-stage environments

Why Azure Pipelines was chosen: – Quick setup inside Azure DevOps – Minimal infrastructure to manage – Easy scaling later by adding parallel jobs or self-hosted agents

Expected outcomes: – Faster iteration with fewer broken builds – Reproducible build outputs for releases – A clear path to add deployment stages later

16. FAQ

1) Is Azure Pipelines only for Azure deployments?
No. Azure Pipelines can build and deploy to many targets (including on-prem and other clouds) depending on connectivity and credentials. Azure targets are common because of built-in integrations.

2) Do I need Azure DevOps to use Azure Pipelines?
Azure Pipelines is part of Azure DevOps. In practice, you use an Azure DevOps organization/project to run pipelines.

3) Should I use YAML pipelines or classic pipelines?
For most modern teams, YAML is recommended because it’s versioned and reviewable. Classic pipelines can still be useful for quick starts or legacy workflows. Verify Microsoft’s latest guidance in official docs.

4) What’s the difference between Microsoft-hosted and self-hosted agents?
Microsoft-hosted agents are managed by Microsoft and are ephemeral. Self-hosted agents run on your infrastructure, giving you private network access and custom tooling, but you manage patching and scaling.

5) Can Azure Pipelines access resources in a private Azure VNet?
Yes, typically by using a self-hosted agent running in that VNet (or connected network). Microsoft-hosted agents generally can’t directly access private endpoints.

6) How do I store secrets safely for pipelines?
Use secret variables/variable groups and restrict access. For stronger lifecycle and central management, integrate with Azure Key Vault (verify the recommended approach and tasks in current docs).

7) Can pull requests from forks run pipelines securely?
This is sensitive: running untrusted code with access to secrets can be dangerous. Use PR security settings and avoid exposing secrets to untrusted contributions. Verify your org’s PR pipeline security configuration.

8) How do approvals work for production deployments?
Approvals are typically configured on environments/stages so specific users/groups must approve before deployment proceeds. Exact behavior depends on pipeline type and environment configuration.

9) How do I speed up my pipelines?
Parallelize tests, cache dependencies, reduce artifact size, and avoid unnecessary steps. Also consider increasing parallel job capacity if queue time is the bottleneck.

10) What causes “No hosted parallelism has been purchased or granted”?
Your organization may not have free hosted capacity available or billing may not be enabled. Check parallel job settings and licensing.

11) Can I run pipelines on macOS?
Yes, typically via Microsoft-hosted macOS agents (availability and limits apply) or self-hosted macOS agents if supported by your setup. Verify current hosted images and availability.

12) How do I deploy to Kubernetes (AKS)?
Commonly via kubectl/Helm tasks using a Kubernetes service connection or by running scripts on an agent that has network access and credentials. Verify best practices for credential handling.

13) How do I manage multiple microservices with Azure Pipelines?
Use separate pipelines per service or a monorepo strategy with path-based triggers/conditions (often YAML-based). Standardize with templates where possible.

14) What’s the best way to handle environment-specific configuration?
Use variable groups, environment-scoped variables, and secret stores (Key Vault) rather than hardcoding values.

15) Can Azure Pipelines run infrastructure deployments (IaC)?
Yes. You can run Azure CLI/PowerShell/Terraform/Bicep workflows. Treat IaC like application code: validate on PRs, deploy with approvals.

16) Does Azure Pipelines support audit and compliance needs?
Azure DevOps provides logs, run history, approvals, and auditing features. The exact compliance posture depends on your configuration and Microsoft’s attestations—verify for your requirements.

17. Top Online Resources to Learn Azure Pipelines

Resource Type	Name	Why It Is Useful
Official documentation	Azure Pipelines docs (Learn) — https://learn.microsoft.com/azure/devops/pipelines/?view=azure-devops	The primary, most up-to-date reference for concepts, tasks, agents, and pipeline types
Official getting started	Create your first pipeline (Azure DevOps) — https://learn.microsoft.com/azure/devops/pipelines/create-first-pipeline?view=azure-devops	Step-by-step onboarding flow (often YAML-first)
Official concepts	Agents and agent pools — https://learn.microsoft.com/azure/devops/pipelines/agents/agents?view=azure-devops	Core execution model; required reading for scaling and security
Official hosted agents	Microsoft-hosted agents — https://learn.microsoft.com/azure/devops/pipelines/agents/hosted?view=azure-devops	Images, capabilities, and constraints for hosted builds
Official pricing	Azure DevOps Services Pricing — https://azure.microsoft.com/pricing/details/devops/azure-devops-services/	Authoritative pricing model reference
Official licensing	Parallel jobs/concurrency — https://learn.microsoft.com/azure/devops/pipelines/licensing/concurrent-jobs?view=azure-devops	Explains how concurrency works and what you must buy/enable
Official security	Azure DevOps security documentation — https://learn.microsoft.com/azure/devops/organizations/security/?view=azure-devops	Permissions, policies, and governance fundamentals
Official auth	Personal Access Tokens (PATs) — https://learn.microsoft.com/azure/devops/organizations/accounts/use-personal-access-tokens-to-authenticate	Practical authentication guidance for Git and API usage
Architecture guidance	Azure Architecture Center — https://learn.microsoft.com/azure/architecture/	Broader Azure architecture patterns relevant to CI/CD and deployments
Video learning	Azure DevOps YouTube (official Microsoft channels; verify latest playlists) — https://www.youtube.com/@MicrosoftDeveloper	Useful demos and product updates; always cross-check with docs
Samples	Azure DevOps samples on GitHub (Microsoft org; verify relevance) — https://github.com/microsoft/azure-pipelines-tasks	Shows how tasks work; helpful for deeper customization
Community learning	Microsoft Q&A for Azure DevOps — https://learn.microsoft.com/answers/topics/azure-devops.html	Troubleshooting patterns and validated answers (still verify)

18. Training and Certification Providers

Institute	Suitable Audience	Likely Learning Focus	Mode	Website URL
DevOpsSchool.com	Beginners to enterprise DevOps teams	Azure DevOps, CI/CD, pipelines, DevOps practices	Check website	https://www.devopsschool.com/
ScmGalaxy.com	Students and working professionals	SCM + DevOps fundamentals, CI/CD workflows	Check website	https://www.scmgalaxy.com/
CLoudOpsNow.in	Cloud engineers, SREs, ops teams	Cloud operations + DevOps automation	Check website	https://www.cloudopsnow.in/
SreSchool.com	SREs and platform teams	Reliability engineering, automation, incident readiness	Check website	https://www.sreschool.com/
AiOpsSchool.com	Ops teams exploring AIOps	Observability, automation, AIOps concepts	Check website	https://www.aiopsschool.com/

19. Top Trainers

Platform/Site	Likely Specialization	Suitable Audience	Website URL
RajeshKumar.xyz	DevOps coaching/training resources (verify offerings)	Beginners to intermediate DevOps learners	https://rajeshkumar.xyz/
devopstrainer.in	DevOps training programs (verify syllabus)	Individuals and corporate teams	https://www.devopstrainer.in/
devopsfreelancer.com	DevOps freelance/training services (verify scope)	Teams needing targeted help	https://www.devopsfreelancer.com/
devopssupport.in	DevOps support and guidance resources (verify services)	Ops teams and engineers	https://www.devopssupport.in/

20. Top Consulting Companies

Company	Likely Service Area	Where They May Help	Consulting Use Case Examples	Website URL
cotocus.com	DevOps/Cloud consulting (verify exact portfolio)	CI/CD design, cloud architecture, implementation support	Pipeline standardization, migration planning, agent strategy	https://cotocus.com/
DevOpsSchool.com	DevOps consulting and enablement (verify offerings)	Platform enablement, training + implementation	Azure DevOps rollout, governance model, pipeline best practices	https://www.devopsschool.com/
DEVOPSCONSULTING.IN	DevOps consulting (verify services)	CI/CD implementation and operations alignment	Delivery process automation, pipeline troubleshooting, best-practice rollout	https://www.devopsconsulting.in/

21. Career and Learning Roadmap

What to learn before Azure Pipelines

Git fundamentals (branches, PRs, merge strategies)
Basic build tooling for your stack (.NET/Node/Java/Python)
Basic Azure fundamentals (resource groups, identity, subscriptions) if you will deploy to Azure
Security basics: least privilege, secret handling, secure SDLC concepts

What to learn after Azure Pipelines

Multi-stage pipelines and environment promotion strategies
Artifact management and package feeds (Azure Artifacts)
Infrastructure as Code and deployment patterns (ARM/Bicep/Terraform—depending on your org)
Observability and release health: monitoring, alerting, SLOs
Supply chain security: signed artifacts, dependency scanning, provenance (tooling-dependent)

Job roles that use Azure Pipelines

DevOps Engineer / Platform Engineer
Cloud Engineer
SRE (especially where deployments and reliability controls are automated)
Build/Release Engineer
Software Engineer (owning service CI/CD)

Certification path (practical guidance)

Azure Pipelines is commonly used in DevOps roles aligned with Microsoft certifications (for example, DevOps Engineer Expert). Certification names and requirements change; verify the latest Microsoft certification roadmap: https://learn.microsoft.com/credentials/

Project ideas for practice

Create CI for a .NET/Node app with unit tests and code coverage publishing.
Add PR validation with branch policies and required reviewers.
Add a deployment stage to a dev environment with approvals for prod.
Implement a self-hosted agent in an Azure VNet and deploy to a private endpoint service.
Standardize pipelines across 3 repos with shared templates (YAML-based; follow official docs).

22. Glossary

Agent: A compute worker that runs pipeline jobs (Microsoft-hosted or self-hosted).
Agent pool: A logical group of agents that pipelines can target.
Artifact: A build output stored for later download or deployment.
Azure DevOps organization: Top-level container for projects, users, and governance.
Build (CI): Automated process to compile, test, and package code on changes.
CD (delivery/deployment): Automated process to deploy artifacts to environments.
Classic pipeline: UI-configured pipeline (as opposed to YAML-as-code).
Environment: A logical target (dev/test/prod) used to manage deployments and approvals/checks.
Job: A set of steps executed by an agent.
Parallel job: Licensed capacity to run pipeline jobs concurrently.
Pipeline run: One execution instance of a pipeline definition.
PR validation: Running CI checks automatically when a pull request is created/updated.
Service connection: Stored authentication configuration that allows pipelines to access external services securely.
Stage: A major phase in a pipeline (build/test/deploy), often tied to environments.
Task: A packaged unit of work in a pipeline (e.g., run tests, publish artifacts).
Variable group: A shared set of variables (including secrets) used across pipelines.

23. Summary

Azure Pipelines is Azure DevOps’ CI/CD service in the Azure Developer Tools ecosystem. It automates builds, tests, artifact publishing, and deployments using Microsoft-hosted or self-hosted agents, integrating tightly with Azure services and enterprise governance needs.

It matters because it standardizes delivery: every change can be validated, packaged, and promoted with approvals and traceable evidence. Cost is primarily driven by parallel job capacity, pipeline runtime, and (for self-hosted agents) the compute and operations overhead you manage. Security hinges on least-privilege service connections, protected environments, safe secret management, and strong governance over who can change pipeline definitions.

Use Azure Pipelines when you want a robust CI/CD platform integrated with Azure DevOps and need flexible agent placement (including private networks). Next step: learn multi-stage pipelines, environments/approvals, and service connections in the official documentation: https://learn.microsoft.com/azure/devops/pipelines/?view=azure-devops

Category