Vivek Kaushik

1. Azure DevOps Overview and DevOps Lifecycle

Azure DevOps is a suite of services from Microsoft that provides an end-to-end DevOps platform covering planning, development, delivery, and operations. It helps teams reliably deliver software faster with collaboration, automation, and governance.

DevOps Lifecycle Phases:

Plan: Track work with Azure Boards including Kanban boards, backlogs, sprint planning.

Develop: Manage source code with Azure Repos (Git or TFVC).

Build: Automate builds and run tests with Azure Pipelines (CI).

Release: Deploy applications automatically through multi-stage release pipelines (CD).

Operate: Monitor and manage deployed apps (integrations available).

Feedback: Collect user feedback to improve apps and processes.

2. Core Services of Azure DevOps

Service	Description
Azure Repos	Provides unlimited private Git repos or Team Foundation Version Control (TFVC). Allows branch policies, pull requests, code reviews, and auditing.
Azure Pipelines	CI/CD automation to build, test, and deploy code across multiple platforms and clouds using pipelines based on YAML or classic editor. Supports containers, Kubernetes, cloud services, VMs, and more.
Azure Boards	Agile planning and work tracking using work items, backlogs, sprints, customizable dashboards, and reporting.
Azure Artifacts	Package management for Maven, npm, NuGet, and Python packages with integrated feeds and universal artifact storage.
Azure Test Plans (not requested but part of suite)	Manual and exploratory testing support integrated into pipelines.

3. DevOps Pipeline Types: YAML vs Classic Pipelines

YAML Pipelines (Pipeline as Code)

Define pipeline configuration as code in a YAML file stored alongside your codebase.

Supports versioning and branching with the source code.

Enables multi-stage pipelines (build + deploy) in a single file.

Easily extensible, reusable templates, and parameterized inputs.

Preferred for infrastructure as code, automation, modern DevOps processes.

Sample YAML multi-stage pipeline snippet:


trigger:
- main

stages:
- stage: Build
  jobs:
  - job: BuildJob
    pool:
      vmImage: 'ubuntu-latest'
    steps:
    - task: DotNetCoreCLI@2
      inputs:
        command: 'build'
        projects: '**/*.csproj'

- stage: Deploy
  dependsOn: Build
  jobs:
  - deployment: DeployWeb
    environment: 'Production'
    pool:
      vmImage: 'ubuntu-latest'
    strategy:
      runOnce:
        deploy:
          steps:
          - task: AzureWebApp@1
            inputs:
              azureSubscription: 'MyAzureSubscription'
              appName: 'mywebapp'
              package: '$(Build.ArtifactStagingDirectory)/**/*.zip'

Classic Pipelines (UI Editor)

Visual drag-and-drop editor.

Separate build and release pipelines.

Easier for beginners or quick pipelines.

Less portable or version controlled compared to YAML.

4. Continuous Integration (CI) and Continuous Deployment (CD)

Continuous Integration (CI): Automate building and testing of code on changes pushed to repositories. Ensures code quality by running unit, integration tests, and produces build artifacts.

Continuous Deployment (CD): Automate delivery of tested artifacts to target environments (Dev, QA, Prod) using release pipelines or multi-stage YAML pipelines. Supports approvals, gates, and environment strategies (canary, blue/green).

5. Infrastructure as Code (IaC)

Azure DevOps supports managing infrastructure declaratively using IaC tools:

Azure Resource Manager (ARM) templates

Terraform

Ansible, Chef, Puppet (via pipelines)

Bicep

Integrate IaC in CI/CD pipelines for consistent, repeatable environment provisioning.

6. Integrations: External Resources, Service Connections, Secrets Management

Service Connections: Define and manage connections to external services and clouds (Azure, AWS, GitHub, Docker Hub, Kubernetes clusters), enabling pipelines to authenticate securely.

Secrets Management: Use Azure Key Vault linked in pipelines to retrieve secrets securely at runtime.

Variable Groups: Manage shared variables and secrets with tight access controls.

Supports OAuth, PATs (Personal Access Tokens), and managed identities.

7. Building a Multi-stage YAML Pipeline: Example and Explanation

A multi-stage pipeline automates build, test, and deploy in a single YAML file:


trigger:
- main

variables:
  buildConfiguration: 'Release'

stages:
- stage: Build
  displayName: 'Build Stage'
  jobs:
  - job: Build
    pool:
      vmImage: ubuntu-latest
    steps:
    - script: dotnet build --configuration $(buildConfiguration)
      displayName: 'Build solution'

- stage: Test
  displayName: 'Test Stage'
  dependsOn: Build
  jobs:
  - job: Test
    pool:
      vmImage: ubuntu-latest
    steps:
    - script: dotnet test --configuration $(buildConfiguration) --no-build
      displayName: 'Run tests'

- stage: Deploy
  displayName: 'Deploy Stage'
  dependsOn: Test
  condition: succeeded()
  jobs:
  - deployment: DeployWeb
    environment: 'production'
    pool:
      vmImage: ubuntu-latest
    strategy:
      runOnce:
        deploy:
          steps:
          - script: echo "Deploying to production"

This pipeline triggers on main branch commits and runs build, test, then deploy stages in sequence.

8. Difference Between Azure Repos and GitHub Integration in Azure Pipelines

Aspect	Azure Repos	GitHub Integration
Repository Hosting	Hosted inside Azure DevOps Projects	External GitHub repositories
Access Control	Managed via Azure AD and Azure DevOps users	Managed via GitHub permissions and OAuth
Pipeline Triggers	Automatically integrates with Azure Pipelines	Requires GitHub app installation or PAT for triggers
Branch Policies	Supports branch policies, pull request reviews within Azure DevOps	Use GitHub protected branches and workflows
Pull Requests	Fully integrated with Azure Boards work items and policies	GitHub PRs integrated but separate workflows
Pricing	Included in Azure DevOps service plans	Public repos free, private repos may require GitHub plan

9. Managing Secrets in Azure DevOps Pipelines

Use Azure Key Vault integration: Link Azure Key Vault as a service connection and fetch secrets as pipeline variables at runtime.

Use Pipeline Variable Groups with secrets marked as secret; encrypted and masked in logs.

Store secrets as pipeline variables and mark them secret (not visible in logs).

Avoid storing sensitive data in source code or plain variables.

Use Managed Identities for Azure resources to authenticate without secrets.

10. Summary: Azure DevOps Key Concepts

Concept	Description
Azure Repos	Source control with Git or TFVC, collaborative code management
Azure Pipelines	Build and release automation with YAML or visual pipelines
Azure Boards	Agile planning and project management tools
Azure Artifacts	Package sharing and management
Multi-stage Pipelines	Define complete CI/CD workflows in code with stages
Service Connections	Securely connect pipelines to external services
Secrets Management	Secure handling of sensitive info via Key Vault and pipeline variables

FAQ

Q1: What is Azure DevOps?

A: Azure DevOps is a comprehensive platform from Microsoft that provides end-to-end DevOps services—covering planning, developing, building, testing, deploying, and monitoring applications. It enables collaborative software development and delivery through integrated tools like Azure Repos (version control), Azure Pipelines (CI/CD), Azure Boards (work tracking), Azure Artifacts (package management), and Azure Test Plans.

Q2: What are the key components/services of Azure DevOps?

Azure Repos: Source code management using Git or Team Foundation Version Control (TFVC).

Azure Pipelines: Build, test, and deploy automation via pipelines using YAML or classic editors.

Azure Boards: Work item tracking, agile planning, sprint management.

Azure Artifacts: Package hosting/managing for npm, NuGet, Maven, etc.

Azure Test Plans: Manual and exploratory testing.

Q3: Explain the difference between YAML and Classic pipelines in Azure DevOps.

YAML Pipelines: Pipeline as code, stored with the source code, easily versioned and reviewed. Supports multi-stage pipelines in one file, best suited for automation and infrastructure-as-code.

Classic Pipelines: Visual editor drag-and-drop UI, separate build and release pipelines. More user-friendly for beginners but less flexible and harder to version control.

Q4: How do you create a multi-stage YAML pipeline?

A: Multi-stage pipelines define separate stages such as build, test, and deploy within a single YAML file, with dependencies specifying sequential or parallel execution. Here’s a concise example:


trigger:
- main

stages:
- stage: Build
  jobs:
  - job: BuildJob
    pool:
      vmImage: ubuntu-latest
    steps:
    - script: dotnet build --configuration Release

- stage: Test
  dependsOn: Build
  jobs:
  - job: TestJob
    pool:
      vmImage: ubuntu-latest
    steps:
    - script: dotnet test --no-build

- stage: Deploy
  dependsOn: Test
  jobs:
  - deployment: DeployJob
    environment: 'Production'
    pool:
      vmImage: ubuntu-latest
    strategy:
      runOnce:
        deploy:
          steps:
          - script: echo "Deploying to production"

Q5: What are service connections and how do you configure them?

A: Service connections securely store credentials and endpoints needed by pipelines to interact with external services like Azure subscriptions, Docker registries, or GitHub. To configure, you create a service connection from the Azure DevOps project settings, choose the service type, and authenticate (using OAuth, service principal, or managed identities).

Q6: How do you manage secrets in Azure DevOps pipelines?

Use Azure Key Vault integration by linking Key Vault as a service connection and fetching secrets securely at pipeline runtime.

Define Variable Groups with secret variables marked encrypted and masked in logs.

Use pipeline variables set as secret to avoid exposing sensitive info in logs.

Never store secrets in source code or plain text variables.

Intermediate and Scenario-Oriented Questions

Q7: How do you handle multiple environments (Dev, Staging, Production) in Azure DevOps?

A: Use deployment environments with approvals and gates in multi-stage pipelines. Separate branches or variable groups manage environment-specific configurations. Infrastructure as Code templates help provision consistent environments. Promote validated artifacts through environments in release pipelines with manual or automatic approvals.

Q8: What is the difference between Azure Repos and GitHub integration in Azure Pipelines?

Azure Repos: Native Git repositories hosted inside Azure DevOps, with tight integration with Boards, Pipelines, and Azure AD-based access control.

GitHub Integration: External GitHub repositories can trigger Azure Pipelines, requiring OAuth apps or PATs for authentication. GitHub manages PR and branch policies. Both can trigger pipelines, but Azure Repos offers deeper integration within the Azure DevOps ecosystem.

Q9: How is containerization supported in Azure DevOps?

A: Azure Pipelines support building and pushing Docker images using Docker tasks or CLI commands. Images can be published to Azure Container Registry or Docker Hub. Pipelines can deploy containers to Kubernetes clusters or Azure App Service for Containers. Integration supports multi-stage builds and container testing.

Q10: What are variable groups and how do they help in pipeline management?

A: Variable groups store sets of variables and secrets that can be shared across multiple pipelines to maintain consistency. They help centralize configuration management, support secret masking, and enable runtime overrides.

Q11: How do you implement continuous deployment (CD) with Azure Pipelines?

A: Define release or multi-stage pipelines that consume build artifacts, apply deployment tasks (e.g., ARM deployments, Kubernetes manifests), and automate promotion through environments. Include approvals, gates, and rollback policies to ensure safe deployments.

Advanced & Tricky Interview Questions

Q12: How do you optimize pipeline performance and reduce build times in Azure DevOps?

Use caching for dependencies/tools to avoid repeated downloads.

Parallelize jobs and steps where possible.

Limit scope of triggered builds (CI triggers for specific paths).

Use self-hosted agents for faster build speeds or customized environments.

Avoid unnecessary tasks or stages.

Q13: Explain how you would secure the DevOps pipeline and protect sensitive data.

A: Secure pipelines by managing secrets through Azure Key Vault or variables marked as secret, restrict pipeline permissions with role-based access, use least privilege service connections, enforce branch policies and PR reviews, audit pipeline executions, and enable multi-factor authentication (MFA) for DevOps users.

Q14: How can you rollback a deployment in Azure DevOps?

A: Implement rollback by:

Using deployment slots (e.g., in App Service) for quick swap back.

Automating rollback steps in the pipeline with rollback scripts or infrastructure redeployment.

Keeping previous working build artifacts for redeployment.

Using approvals and manual interventions to halt faulty deployments early.

Q15: How do you manage Infrastructure as Code (IaC) with Azure DevOps pipelines?

A: Integrate IaC tools like ARM templates, Bicep, Terraform into CI/CD pipelines. Automate environment provisioning and updates as part of releases. Use linting, validation, and testing stages for IaC code. Manage secrets and variables securely. Maintain versioning alongside application code.

Q16: What troubleshooting steps would you follow if a pipeline is failing unexpectedly?

Check pipeline logs for error messages and failed steps.

Verify service connections and permissions.

Check for changed dependencies or upstream build artifacts.

Confirm agent availability and health.

Validate pipeline YAML syntax and variables.

Test pipeline steps separately in local or simplified runs.

Look at environment or quota limitations.