AZ-2001T00 Implement security through a pipeline using Azure DevOps

Configure a project and repository structure to support secure pipelines

• Organize project and repository structure
• Configure secure projects and repositories

Manage identity for projects, pipelines, and agents

• Configure a Microsoft-hosted pool
• Configure agents for projects
• Configure agent identities
• Configure the scope of a service connection
• Understand and convert to a Managed Identity

Configure secure access to pipeline resources

• Configure agent pools
• Use secret variables and variable groups
• Understand secure files
• Configure service connections
• Manage environments
• Secure repositories

Configure and validate permissions

• Configure and validate user permissions
• Configure and validate pipeline permissions
• Configure and validate approval and branch checks
• Manage and audit permissions

Extend a pipeline to use multiple templates

• Create a nested template
• Rewrite the main deployment pipeline
• Configure the pipeline and the application to use tokenization
• Remove plain text secrets
• Restrict agent logging
• Identify and conditionally remove script tasks

Configure secure access to Azure Repos from pipelines

• Configure pipeline access to packages
• Configure pipeline access to credential secrets
• Configure pipeline access to secrets for services
• Use Azure Key Vault to secure secrets
• Explore and secure log files

Configure pipelines to securely use variables and parameters

• Ensure parameter and variable types
• Identify and restrict insecure use of parameters and variables
• Move parameters into a YAML file
• Limit queue time variables
• Validate mandatory variables