Azure landing zone Documentation
Home GitHub Issue Toggle Dark/Light/Auto mode Toggle Dark/Light/Auto mode Toggle Dark/Light/Auto mode Back to homepage
  1. Azure landing zone Documentation
  2. /
  3. IaC accelerator
  4. /
  5. Phase 1 - Prerequisites
  6. /
  7. Azure DevOps
Edit page

Azure DevOps

This section details the prerequisites for Azure DevOps.

Azure DevOps Prerequisites

When you first create an Azure DevOps organization, it will not have any Microsoft-hosted agents available. If you intend to use Microsoft-hosted agents, you must either license your org or request a free pipeline.

  1. Setup billing for your organization: Set up billing for your organization
  2. Check for and request a free pipeline via the form here: Configure and pay for parallel jobs

If you choose the billing option, you’ll then need to purchase at least one parallel pipeline. You can do this by following the instructions here: Configure and pay for parallel jobs.

Azure DevOps Personal Access Token (PAT)

This first PAT is referred to as token-1.

  1. Navigate to dev.azure.com and sign in to your organization.
  2. Ensure you navigate to the organization you want to deploy to.
  3. Click the User settings icon in the top right and select Personal access tokens.
  4. Click + New Token.
  5. Enter Azure Landing Zone in the Name field.
  6. Alter the Expiration drop down and select Custom defined.
  7. Choose tomorrows date in the date picker.
  8. Click the Show all scopes link at the bottom.
  9. Check the following scopes:
    1. Agent Pools: Read & manage
    2. Build: Read & execute
    3. Code: Full
    4. Environment: Read & manage
    5. Graph: Read & manage
    6. Pipeline Resources: Use & manage
    7. Project and Team: Read, write & manage
    8. Service Connections: Read, query & manage
    9. Variable Groups: Read, create & manage
  10. Click Create.
  11. Copy the token and save it somewhere safe.
  12. Click Close.

If you are using self-hosted runners, you will need to create a second PAT that we’ll refer to as token-2 for them. You can do this by following these steps:

  1. Navigate to dev.azure.com and sign in to your organization.

  2. Ensure you navigate to the organization you want to deploy to.

  3. Click the User settings icon in the top right and select Personal access tokens.

  4. Click + New Token.

  5. Enter Azure Landing Zone Runners in the Name field.

  6. Alter the Expiration drop down and select Custom defined.

  7. Select the maximum value for the Expiration field (this allows up to 1 year).

    Note
    You may want to set a shorter expiration date for security reasons. In either case, you will need to have a process in place to extend the expiration date of the token before it expires.

  8. Click the Show all scopes link at the bottom.

  9. Check the following scope:

    1. Agent Pools: Read & manage

  10. Click Create.

  11. Copy the token and save it somewhere safe.

  12. Click Close.

gdoc_arrow_left_alt Platform Subscriptions and Permissions GitHub gdoc_arrow_right_alt