Microsoft
Azure
General
Implement Security through a Pipeline using Azure DevOps (AZ-2001)

This learning path helps you prepare for the Implement security through a pipeline assessment using Azure DevOps. Learn how to configure and secure Azure Pipelines. You’ll also get opportunities to practice hands-on skills. These skills include configuring secure access to pipeline resources, configuring, and validating permissions, configuring a project and repository structure, extending a pipeline, configuring pipelines to use variables and parameters securely, and managing identity for projects, pipelines, and agents.

About the course


 Skills Covered 

  • Separate a project into team projects and repositories. 
  • Separate secure files between projects. 
  • Move the security repository away from a project. 
  • Assign project and repository permissions. 
  • Organize a project and repository structure. 
  • Identify and mitigate common security threats. 
  • Configure pipeline access to specific agent pools. 
  • Manage secret variables and variable groups. 
  • Secure files and storage. 
  • Configure service connections. 
  • Manage environments. 
  • Secure repositories. 
  • Configure a Microsoft-hosted pool. 
  • Configure agents for projects. 
  • Configure agent identities. 
  • Configure the scope of a service connection. 
  • Convert to a managed identity in Azure DevOps. 
  • Configure and validate user permissions. 
  • Configure and validate pipeline permissions. 
  • Configure and validate approval and branch checks. 
  • Manage and audit permissions in Azure DevOps. 
  • Create nested templates. 
  • Rewrite the main deployment pipeline. 
  • Configure the pipeline and the application to use tokenization. 
  • Remove plain text secrets. 
  • Restrict agent logging. 
  • Identify and conditionally remove script tasks in Azure DevOps. 
  • Configure pipeline access to packages. 
  • Configure credential secrets, and secrets for services. 
  • Ensure that the secrets are in the Azure Key Vault. 
  • Ensure that secrets aren't in the logs. 
  • Ensure that parameters and variables retain their type. 
  • Identify and restrict insecure use of parameters and variables. 
  • Move parameters into a YAML file that protects their type. 
  • Limit variables that can be set at queue time. 
  • Validate that mandatory variables are present and set correctly in Azure DevOps. 

Prerequisites:

  • Basic knowledge of Azure DevOps.
  • Basic knowledge of security concepts like identities and permissions.
  • Experience using the Azure portal to create resources like Azure Key Vault and set permissions
Course content

Configure a project and repository structure to support secure pipelines

  • Organize project and repository structure
  • Configure secure projects and repositories

Manage identity for projects, pipelines, and agents

  • Configure a Microsoft-hosted pool
  • Configure agents for projects
  • Configure agent identities
  • Configure the scope of a service connection
  • Understand and convert to a Managed Identity

Configure secure access to pipeline resources

  • Configure agent pools
  • Use secret variables and variable groups
  • Understand secure files
  • Configure service connections
  • Manage environments
  • Secure repositories

Configure and validate permissions

  • Configure and validate user permissions
  • Configure and validate pipeline permissions
  • Configure and validate approval and branch checks
  • Manage and audit permissions

Extend a pipeline to use multiple templates

  • Create a nested template
  • Rewrite the main deployment pipeline
  • Configure the pipeline and the application to use tokenization
  • Remove plain text secrets
  • Restrict agent logging
  • Identify and conditionally remove script tasks

Configure secure access to Azure Repos from pipelines

  • Configure pipeline access to packages
  • Configure pipeline access to credential secrets
  • Configure pipeline access to secrets for services
  • Use Azure Key Vault to secure secrets
  • Explore and secure log files

Configure pipelines to securely use variables and parameters

  • Ensure parameter and variable types
  • Identify and restrict insecure use of parameters and variables
  • Move parameters into a YAML file
  • Limit queue time variables
  • Validate mandatory variables
Who Should Attend