Prevent Releases from Being Deployed in Azure DevOps Pipeline - Best Practices

Ensure Compliance with Azure Policy Rules in Release Pipeline

Prev Question Next Question

Question

You have an Azure DevOps project named Project1 and an Azure subscription named Sub1.

You need to prevent releases from being deployed unless the releases comply with the Azure Policy rules assigned to Sub1.

What should you do in the release pipeline of Project1?

Answers

A. Add a deployment gate.

B. Modify the Deployment queue settings.

C. Configure a deployment trigger.

D. Create a pipeline variable.

Show Answer

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

You can check policy compliance with gates.

You can extend the approval process for the release by adding a gate. Gates allow you to configure automated calls to external services, where the results are used to approve or reject a deployment.

You can use gates to ensure that the release meets a wide range or criteria, without requiring user intervention.

https://docs.microsoft.com/en-us/azure/devops/pipelines/release/deploy-using-approvals

To prevent releases from being deployed unless they comply with Azure Policy rules assigned to a subscription, you can use Azure Policy integration with Azure DevOps.

To achieve this in the release pipeline of Project1, you need to perform the following steps:

Enable Azure Policy integration: Enable Azure Policy integration in your Azure DevOps organization. To enable it, go to Azure DevOps organization settings > Policy, and then select "Enable" under "Azure Policy".
Create an Azure Policy definition: Create an Azure Policy definition that defines the rules you want to enforce. You can create a new policy definition or use an existing one. For example, you might want to enforce that all resources must have a tag.
Assign the policy definition to Sub1: Assign the policy definition to Sub1, which is the Azure subscription where the resources will be deployed. You can assign the policy definition through the Azure portal or Azure DevOps.
Add an Azure Policy compliance check task to the release pipeline: Add an Azure Policy compliance check task to the release pipeline of Project1. This task checks whether the resources in the release comply with the Azure Policy rules assigned to Sub1.
Configure the release pipeline: Configure the release pipeline to fail if the Azure Policy compliance check task fails. This ensures that releases are not deployed unless they comply with the Azure Policy rules assigned to Sub1.

Option A (Add a deployment gate) might not be the best option in this scenario because a deployment gate is a way to pause the deployment until certain conditions are met, but it does not check for Azure Policy compliance.

Option B (Modify the Deployment queue settings) is also not the correct option because the deployment queue settings do not have any functionality related to Azure Policy compliance.

Option C (Configure a deployment trigger) is not relevant to this scenario because it does not have any functionality related to Azure Policy compliance.

Option D (Create a pipeline variable) is not relevant to this scenario because it does not have any functionality related to Azure Policy compliance.

Prev Question Next Question