Implement security through a pipeline using Azure DevOps (AZ-2001)

This learning path helps you prepare for the Implement security through a pipeline assessment using Azure DevOps. Learn how to configure and secure Azure Pipelines. You'll also get opportunities to practice hands-on skills. These skills include configuring secure access to pipeline resources, configuring, and validating permissions, configuring a project and repository structure, extending a pipeline, configuring pipelines to use variables and parameters securely, and managing identity for projects, pipelines, and agents.

Module 1: Configure a project and repository structure to support secure pipelines

• Separate a project into team projects and repositories.
• Separate secure files between projects.
• Move the security repository away from a project.
• Assign project and repository permissions.
• Organize a project and repository structure.

Module 2: Configure secure access to pipeline resources

• Identify and mitigate common security threats.
• Configure pipeline access to specific agent pools.
• Manage secret variables and variable groups.
• Secure files and storage.
• Configure service connections.
• Manage environments.
• Secure repositories.

Module 3: Manage identity for projects, pipelines, and agents

• Configure a Microsoft-hosted pool.
• Configure agents for projects.
• Configure agent identities.
• Configure the scope of a service connection.
• Convert to a managed identity in Azure DevOps.

Module 4: Configure and validate permissions

• Configure and validate user permissions.
• Configure and validate pipeline permissions.
• Configure and validate approval and branch checks.
• Manage and audit permissions in Azure DevOps.

Module 5: Extend a pipeline to use multiple templates

• Create nested templates.
• Rewrite the main deployment pipeline.
• Configure the pipeline and the application to use tokenization.
• Remove plain text secrets.
• Restrict agent logging.
• Identify and conditionally remove script tasks in Azure DevOps.

Module 6: Configure secure access to Azure Repos from pipelines

• Configure pipeline access to packages.
• Configure credential secrets, and secrets for services.
• Ensure that the secrets are in the Azure Key Vault.
• Ensure that secrets aren't in the logs.

Module 7: Configure pipelines to securely use variables and parameters

• Ensure that parameters and variables retain their type.
• Identify and restrict insecure use of parameters and variables.
• Move parameters into a YAML file that protects their type.
• Limit variables that can be set at queue time.
• Validate that mandatory variables are present and set correctly in Azure DevOps.

Students should have,

• An Azure Subscription. You need to bring your own subscription.
• Basic knowledge of Azure DevOps.
• Basic knowledge of security concepts like identities and permissions.
• Experience using the Azure portal to create resources like Azure Key Vault and set permissions.

This course is designed for students who are planning to take the Implement security through a pipeline using Azure DevOps assessment, or students who are performing Azure DevOps and Azure Pipelines secure tasks in their day-to-day job.