Pipelines on Darren Mair https://dmtechops.com/tags/pipelines/ Recent content in Pipelines on Darren Mair Hugo -- gohugo.io en-us darren@example.com (Darren Mair) darren@example.com (Darren Mair) Tue, 05 May 2026 00:00:00 +0000 Azure DevOps Best Practices - End-to-End Guide https://dmtechops.com/p/azure-devops-best-practices-guide/ Tue, 05 May 2026 00:00:00 +0000darren@example.com (Darren Mair) https://dmtechops.com/p/azure-devops-best-practices-guide/ <img src="https://dmtechops.com/p/azure-devops-best-practices-guide/azure-devops-guide-banner.svg" alt="Featured image of post Azure DevOps Best Practices - End-to-End Guide" /><p>This guide is designed as an implementation playbook, not a theory article.</p> <p>It combines:</p> <ul> <li>Delivery operating model practices</li> <li>Azure Boards structure and governance</li> <li>Git branching and pull request controls</li> <li>CI/CD architecture in Azure Pipelines</li> <li>Secure-by-design controls and permissions</li> <li>Implementation-ready scripts and templates</li> </ul> <h2 id="who-this-is-for">Who This Is For </h2><ul> <li>Engineering managers and platform leads</li> <li>DevOps engineers and SRE teams</li> <li>Security and compliance teams partnering with delivery</li> <li>Team leads setting standards across multiple repos/projects</li> </ul> <h2 id="how-to-use-this-guide">How To Use This Guide </h2><ol> <li>Read the operating model and target-state first.</li> <li>Implement Boards + Repos controls together.</li> <li>Add pipeline templates and environment checks.</li> <li>Roll out secure-by-design controls in phases.</li> <li>Use the scripts and templates section as your starter kit.</li> </ol> <h2 id="expanded-table-of-contents">Expanded Table of Contents </h2><ol> <li><a class="link" href="https://dmtechops.com/p/1-operating-model-and-target-state/" >Operating Model and Target State</a> <ul> <li><a class="link" href="https://dmtechops.com/p/1-operating-model-and-target-state/#why-start-here" >Why Start Here</a></li> <li><a class="link" href="https://dmtechops.com/p/1-operating-model-and-target-state/#recommended-team-topology" >Recommended Team Topology</a></li> <li><a class="link" href="https://dmtechops.com/p/1-operating-model-and-target-state/#platform-principles" >Platform Principles</a></li> <li><a class="link" href="https://dmtechops.com/p/1-operating-model-and-target-state/#target-state-blueprint" >Target State Blueprint</a></li> <li><a class="link" href="https://dmtechops.com/p/1-operating-model-and-target-state/#raci-example" >RACI (Example)</a></li> <li><a class="link" href="https://dmtechops.com/p/1-operating-model-and-target-state/#non-negotiable-baseline" >Non-Negotiable Baseline</a></li> <li><a class="link" href="https://dmtechops.com/p/1-operating-model-and-target-state/#key-metrics" >Key Metrics</a></li> <li><a class="link" href="https://dmtechops.com/p/1-operating-model-and-target-state/#anti-patterns-to-avoid" >Anti-Patterns to Avoid</a></li> </ul> </li> <li><a class="link" href="https://dmtechops.com/p/2-azure-boards-best-practices/" >Azure Boards Best Practices</a> <ul> <li><a class="link" href="https://dmtechops.com/p/2-azure-boards-best-practices/#objectives-for-boards" >Objectives for Boards</a></li> <li><a class="link" href="https://dmtechops.com/p/2-azure-boards-best-practices/#process-and-work-item-design" >Process and Work Item Design</a></li> <li><a class="link" href="https://dmtechops.com/p/2-azure-boards-best-practices/#team-and-area-path-strategy" >Team and Area Path Strategy</a></li> <li><a class="link" href="https://dmtechops.com/p/2-azure-boards-best-practices/#iteration-cadence" >Iteration Cadence</a></li> <li><a class="link" href="https://dmtechops.com/p/2-azure-boards-best-practices/#boards-security-baseline" >Boards Security Baseline</a></li> <li><a class="link" href="https://dmtechops.com/p/2-azure-boards-best-practices/#access-model-example" >Access Model Example</a></li> <li><a class="link" href="https://dmtechops.com/p/2-azure-boards-best-practices/#board-workflow-hygiene" >Board Workflow Hygiene</a></li> <li><a class="link" href="https://dmtechops.com/p/2-azure-boards-best-practices/#queries-and-dashboards" >Queries and Dashboards</a></li> <li><a class="link" href="https://dmtechops.com/p/2-azure-boards-best-practices/#traceability-controls" >Traceability Controls</a></li> <li><a class="link" href="https://dmtechops.com/p/2-azure-boards-best-practices/#boards-implementation-checklist" >Boards Implementation Checklist</a></li> <li><a class="link" href="https://dmtechops.com/p/2-azure-boards-best-practices/#common-failure-modes" >Common Failure Modes</a></li> </ul> </li> <li><a class="link" href="https://dmtechops.com/p/3-repos-branching-and-code-governance/" >Repos, Branching, and PR Strategy</a> <ul> <li><a class="link" href="https://dmtechops.com/p/3-repos-branching-and-code-governance/#branching-strategy-choices" >Branching Strategy Choices</a></li> <li><a class="link" href="https://dmtechops.com/p/3-repos-branching-and-code-governance/#branch-naming-convention" >Branch Naming Convention</a></li> <li><a class="link" href="https://dmtechops.com/p/3-repos-branching-and-code-governance/#protected-branch-baseline" >Protected Branch Baseline</a></li> <li><a class="link" href="https://dmtechops.com/p/3-repos-branching-and-code-governance/#pull-request-standard" >Pull Request Standard</a></li> <li><a class="link" href="https://dmtechops.com/p/3-repos-branching-and-code-governance/#codeowners-and-review-coverage" >CODEOWNERS and Review Coverage</a></li> <li><a class="link" href="https://dmtechops.com/p/3-repos-branching-and-code-governance/#repository-permissions-baseline" >Repository Permissions Baseline</a></li> <li><a class="link" href="https://dmtechops.com/p/3-repos-branching-and-code-governance/#merge-strategy-guidance" >Merge Strategy Guidance</a></li> <li><a class="link" href="https://dmtechops.com/p/3-repos-branching-and-code-governance/#example-policy-matrix" >Example Policy Matrix</a></li> <li><a class="link" href="https://dmtechops.com/p/3-repos-branching-and-code-governance/#anti-patterns" >Anti-Patterns</a></li> </ul> </li> <li><a class="link" href="https://dmtechops.com/p/4-pipelines-environments-and-approval-gates/" >Pipelines, Environments, and Approval Gates</a> <ul> <li><a class="link" href="https://dmtechops.com/p/4-pipelines-environments-and-approval-gates/#pipeline-architecture-principles" >Pipeline Architecture Principles</a></li> <li><a class="link" href="https://dmtechops.com/p/4-pipelines-environments-and-approval-gates/#reference-stage-model" >Reference Stage Model</a></li> <li><a class="link" href="https://dmtechops.com/p/4-pipelines-environments-and-approval-gates/#environment-strategy" >Environment Strategy</a></li> <li><a class="link" href="https://dmtechops.com/p/4-pipelines-environments-and-approval-gates/#approval-and-check-baseline" >Approval and Check Baseline</a></li> <li><a class="link" href="https://dmtechops.com/p/4-pipelines-environments-and-approval-gates/#approval-design-patterns" >Approval Design Patterns</a></li> <li><a class="link" href="https://dmtechops.com/p/4-pipelines-environments-and-approval-gates/#use-exclusive-locks-carefully" >Use Exclusive Locks Carefully</a></li> <li><a class="link" href="https://dmtechops.com/p/4-pipelines-environments-and-approval-gates/#pipeline-hardening-checklist" >Pipeline Hardening Checklist</a></li> <li><a class="link" href="https://dmtechops.com/p/4-pipelines-environments-and-approval-gates/#minimal-deployment-job-example" >Minimal Deployment Job Example</a></li> <li><a class="link" href="https://dmtechops.com/p/4-pipelines-environments-and-approval-gates/#template-extension-pattern" >Template Extension Pattern</a></li> <li><a class="link" href="https://dmtechops.com/p/4-pipelines-environments-and-approval-gates/#common-cicd-anti-patterns" >Common CI/CD Anti-Patterns</a></li> </ul> </li> <li><a class="link" href="https://dmtechops.com/p/5-secure-by-design-permissions-secrets-and-scanning/" >Secure by Design: Permissions, Secrets, and Scanning</a> <ul> <li><a class="link" href="https://dmtechops.com/p/5-secure-by-design-permissions-secrets-and-scanning/#security-model-summary" >Security Model Summary</a></li> <li><a class="link" href="https://dmtechops.com/p/5-secure-by-design-permissions-secrets-and-scanning/#identity-and-authentication" >Identity and Authentication</a></li> <li><a class="link" href="https://dmtechops.com/p/5-secure-by-design-permissions-secrets-and-scanning/#authorization-and-permissions" >Authorization and Permissions</a></li> <li><a class="link" href="https://dmtechops.com/p/5-secure-by-design-permissions-secrets-and-scanning/#service-connection-security" >Service Connection Security</a></li> <li><a class="link" href="https://dmtechops.com/p/5-secure-by-design-permissions-secrets-and-scanning/#secrets-and-variables" >Secrets and Variables</a></li> <li><a class="link" href="https://dmtechops.com/p/5-secure-by-design-permissions-secrets-and-scanning/#secure-pipeline-input-handling" >Secure Pipeline Input Handling</a></li> <li><a class="link" href="https://dmtechops.com/p/5-secure-by-design-permissions-secrets-and-scanning/#code-dependency-and-secret-scanning" >Code, Dependency, and Secret Scanning</a></li> <li><a class="link" href="https://dmtechops.com/p/5-secure-by-design-permissions-secrets-and-scanning/#agent-and-infrastructure-security" >Agent and Infrastructure Security</a></li> <li><a class="link" href="https://dmtechops.com/p/5-secure-by-design-permissions-secrets-and-scanning/#bypass-and-break-glass-governance" >Bypass and Break-Glass Governance</a></li> <li><a class="link" href="https://dmtechops.com/p/5-secure-by-design-permissions-secrets-and-scanning/#security-operations-metrics" >Security Operations Metrics</a></li> <li><a class="link" href="https://dmtechops.com/p/5-secure-by-design-permissions-secrets-and-scanning/#quick-security-checklist" >Quick Security Checklist</a></li> </ul> </li> <li><a class="link" href="https://dmtechops.com/p/6-implementation-scripts-and-templates/" >Implementation Scripts and Templates</a> <ul> <li><a class="link" href="https://dmtechops.com/p/6-implementation-scripts-and-templates/#prerequisites" >Prerequisites</a></li> <li><a class="link" href="https://dmtechops.com/p/6-implementation-scripts-and-templates/#script-create-core-branch-policies-powershell--azure-cli" >Script: Create Core Branch Policies (PowerShell + Azure CLI)</a></li> <li><a class="link" href="https://dmtechops.com/p/6-implementation-scripts-and-templates/#script-policy-as-code-via-configuration-file" >Script: Policy-As-Code via Configuration File</a></li> <li><a class="link" href="https://dmtechops.com/p/6-implementation-scripts-and-templates/#template-secure-pipeline-entry-extends" >Template: Secure Pipeline Entry (<code>extends</code>)</a></li> <li><a class="link" href="https://dmtechops.com/p/6-implementation-scripts-and-templates/#template-codeql-scanning-starter" >Template: CodeQL Scanning Starter</a></li> <li><a class="link" href="https://dmtechops.com/p/6-implementation-scripts-and-templates/#template-dependency-scanning-starter" >Template: Dependency Scanning Starter</a></li> <li><a class="link" href="https://dmtechops.com/p/6-implementation-scripts-and-templates/#example-deployment-with-environment-gate" >Example: Deployment with Environment Gate</a></li> <li><a class="link" href="https://dmtechops.com/p/6-implementation-scripts-and-templates/#script-find-repositories-missing-branch-policy-baseline" >Script: Find Repositories Missing Branch Policy Baseline</a></li> <li><a class="link" href="https://dmtechops.com/p/6-implementation-scripts-and-templates/#script-enumerate-projects-and-group-membership-audit-starter" >Script: Enumerate Projects and Group Membership (Audit Starter)</a></li> <li><a class="link" href="https://dmtechops.com/p/6-implementation-scripts-and-templates/#implementation-notes" >Implementation Notes</a></li> </ul> </li> <li><a class="link" href="https://dmtechops.com/p/7-rollout-plan-and-maturity-model/" >Rollout Plan and Maturity Model</a> <ul> <li><a class="link" href="https://dmtechops.com/p/7-rollout-plan-and-maturity-model/#rollout-strategy" >Rollout Strategy</a></li> <li><a class="link" href="https://dmtechops.com/p/7-rollout-plan-and-maturity-model/#maturity-model" >Maturity Model</a></li> <li><a class="link" href="https://dmtechops.com/p/7-rollout-plan-and-maturity-model/#kpi-targets-example" >KPI Targets (Example)</a></li> <li><a class="link" href="https://dmtechops.com/p/7-rollout-plan-and-maturity-model/#change-management-and-adoption" >Change Management and Adoption</a></li> <li><a class="link" href="https://dmtechops.com/p/7-rollout-plan-and-maturity-model/#exception-management-model" >Exception Management Model</a></li> <li><a class="link" href="https://dmtechops.com/p/7-rollout-plan-and-maturity-model/#audit-evidence-pack-recommended" >Audit Evidence Pack (Recommended)</a></li> <li><a class="link" href="https://dmtechops.com/p/7-rollout-plan-and-maturity-model/#90-day-action-plan" >90-Day Action Plan</a></li> <li><a class="link" href="https://dmtechops.com/p/7-rollout-plan-and-maturity-model/#final-guidance" >Final Guidance</a></li> </ul> </li> </ol> <h2 id="reference-sources">Reference Sources </h2><p>This playbook is aligned with current Microsoft documentation, including:</p> <ul> <li>Azure Boards security model and permissions</li> <li>Azure Repos branch policies and branching guidance</li> <li>Azure Pipelines security guidance, templates, environments, approvals/checks</li> <li>Authentication/authorization and security groups guidance</li> <li>GitHub Advanced Security for Azure DevOps (secret, dependency, code scanning)</li> </ul> <p>Where this guide makes choices (for example, branching model or gate strictness), those choices are opinionated implementation recommendations intended to be practical in enterprise teams.</p>