Unlike server-bound tools, cloud-native solutions aren’t tied to specific teams, offices or regions. They can be quickly and easily embedded into platforms like GitHub and Azure DevOps, then made available across your organisation.  

In addition, because vendors constantly update these solutions, your dev teams gain instant access to the latest AI capabilities and benefit from economies of scale. They also ensure your people always work within a secure, tested infrastructure that keeps pace with an ever-evolving cybersecurity landscape. 

Supercharging output – and imagination 

Take GitHub Copilot agents, for example, which can now handle tasks from automated documentation to app creation. I recently tested one to build an app from scratch – it took just seven minutes. 

The productivity gains are real. Some organisations have seen developer output increase by 25–50%. A senior technology executive at a global bank told me: “I can deliver a 30% productivity improvement for the price of three cups of coffee a month per developer”. Another said their business can now serve 100 times more customers with only twice the staff. The maths adds up. 

But this isn’t just about efficiency. Cloud-native tools can spark a culture of creativity and problem-solving. Freed from routine tasks, devs gain more time to tackle deep-rooted issues like legacy tech debt – or to drive entirely new ideas. For example, at Mercedes-Benz, engineers used GitHub Copilot to automate repetitive coding, freeing them to focus on developing new in-car experiences and intelligent mobility solutions.

Even decades-old mainframe code can now be untangled with AI, helping teams unlock new opportunities faster than ever.

New talent, new expectations 

There’s a vital talent angle, too. Today’s developers expect workplace tools that match the AI they use in everyday life. This is driving organisations to modernise their AI stacks not just to boost productivity but to attract and retain top talent.  

The next generation of devs wants to innovate constantly, using tools that enhance creativity, not hold it back. No surprise that more companies now highlight their use of AI solutions like Microsoft 365 Copilot and GitHub Copilot in recruitment.

Governance is still king 

What about risk? Some business leaders worry AI could generate flawed or unsafe code. But this misunderstands how software development works. 

No one pushes code straight to production without checks, whether it’s written by a human or a machine. AI just gets you there faster, often with better code. Tools like GitHub Advanced Security add extra security with threat scanning, secret detection and compliance at every stage – and with GitHub’s free secret scanning, you can check your organisation’s exposure to leaked secrets today. These are the same tools Microsoft uses to secure its own platforms. 

Executive sponsorship also matters. Organisations with strong C-suite backing move fastest. Many see success where CIOs commit to regular reviews of adoption and KPIs. Success comes not just from the tools but from leadership that prioritises innovation and encourages everyone to contribute. 

Don’t get left behind 

Cloud-native AI is reshaping software development – a shift that could prove as profound as the original computing revolution. With the right tools and a culture of innovation, dev teams can do better, more creative work at greater speed and scale, all within a secure, collaborative environment.  

And this is just the beginning. Agentic AI will soon help teams build multi-role agents and turn skilled developers into super-developers capable of transforming how business gets done. 

For leaders, now is the time to act. Unlock productivity, energise your developers, increase agility and accelerate innovation. And if you’re not using these cloud-native tools yet, there’s a good chance your competitors are. Try them – then try them again. You’ll wonder how your dev teams ever worked without them. 

Find out more 

Register for Microsoft Ignite 

Get the latest dev updates at the Microsoft Build website

Read the e-book: How to modernise your apps: unlock the potential of AI with Azure

About the author

Santosh Takoor is a seasoned technology executive with over 25 years of global leadership experience across digital innovation, enterprise sales, and customer success. Currently serving as Head of Cloud & AI Platform for Public Sector at Microsoft UK, Santosh has held senior roles at Roambee, Salesforce, SAP, and KPMG. He is known for driving transformative growth, scaling enterprise businesses, and championing customer-centric innovation across EMEA and beyond. A Chartered Accountant and MBA graduate from Warwick Business School, Santosh combines strategic insight with operational excellence to deliver impactful business outcomes.

The post Want to accelerate innovation? Empower your dev teams with cloud-native AI tools appeared first on Microsoft Industry Blogs - United Kingdom.

DevOps is a modern application development and delivery approach that helps organisations to release quality software more quickly into production with less defects! Though DevOps itself is not a product, implementing its practices requires services and tools. Microsoft offers two widely used platforms for implementing DevOps practices – the Azure DevOps platform and the GitHub platform.  

Adopting a DevOps approach does not yield benefits in isolation, but rather in conjunction with other concepts such as Agile planning and Cloud computing. By utilising platforms such as GitHub for implementing DevOps practices and Azure for cloud services, organisations can achieve a continuous “Code to Cloud” process. This process emphasizes the use of modern CICD platforms to streamline software development for applications running on cloud-based infrastructure and services, including cloud-managed container orchestration platforms and serverless computing services, instead of relying on traditional on-premises servers and infrastructure. 

Supply chain attacks 

As organisations embrace this approach, security teams are faced with new challenges due to the increased velocity, automation, and decentralisation of the development process. Attackers are increasingly targeting organisations through their software development processes. This is where software supply chain security becomes crucial! The software supply chain encompasses everything necessary to create and deliver software, including IDEs, source control systems, build systems, deployment systems, CICD platforms, runtime environments, and various artifacts such as application code, open-source dependencies, infrastructure code, and deployment artifacts. 

Securing the software supply chain is not an easy task and requires a comprehensive and thorough approach. Figure 1 divides the GitHub to Azure code-to-cloud pipeline into five stages.  

NOTE: GitHub offers multiple product options, but this article will centre on GitHub Enterprise which offers some capabilities that are not available in the other options. Specifically, I will emphasize security areas that I consider crucial but may be overlooked. 

Securing the DEVELOPMENT stage 

The development stage is where the code is created, and the first step towards securing this stage is to ensure that developers are using a secure environment for development. A significant concern is the possibility of a compromised development environment resulting from the use of unpatched IDEs or the installation of vulnerable or malicious extensions. IDEs, like any other application, can contain vulnerabilities and require regular updates to ensure their security. A recent example is CVE-2022-41034, a critical vulnerability disclosed for Visual Studio Code that allows for remote code execution on any system with the IDE installed.  

Using a managed development environment like GitHub Codespaces provides the advantage of quickly applying necessary patches to ensure the environment’s security. In addition to this, each Codespaces environment runs on its own freshly built isolated virtual machine and network with a firewall used to block incoming connections from the internet and internal networks.  

Codespaces also  

Securing the SOURCE CONTROL stage 

The source control stage is where the code is stored, discussed, and managed, and it is essential to ensure that the source code repository is secure. This starts with access controls and permissions. Only authorised individuals should have access to our repositories.  

To access GitHub enterprise services and resources, users need to be authenticated. There are three methods for adding users to our GitHub Enterprise organisation for access (Figure 2).  

The first option is to invite users with their personal GitHub account which enables them to authenticate through GitHub.com and access our organisation resources. With this option, the user maintains control of their identity (since it is their personal account), and can continue to contribute to other enterprises, organisations, and repositories outside of our organisation. 

The second option is to use an external identity provider that supports SAML single sign-on. With this option, users authenticate with an identity in the external SAML provider that is linked to a personal GitHub identity. This means that while users are still utilising a GitHub identity to access our organisation’s resources, the actual authentication takes place through the external identity provider. The identity can be used for contributions to other enterprises, organisations, and repositories outside of our organisation. 

The third option is to use “Enterprise Managed Users“ – EMU which is similar to other single sign-on solutions. With EMU, users will access GitHub organisation resources using a single identity created and managed in the external identity provider. They do not need to have a personal GitHub identity. This gives the most control for enterprise users. 

The recommendation, if you are an enterprise, is to use either the second option or the third option. 

To perform any actions on GitHub, such as creating a pull request in a repository, a person must have sufficient access to the relevant resource. This access is controlled by permissions. A permission is the ability to perform a specific action. For example, the ability to delete an issue is a permission. A role is a set of permissions you can assign to individuals or teams. 

GitHub supports roles at different levels depending on what we are looking to achieve: 

• Organisation-level roles which are sets of permissions that can be assigned to individuals or teams to manage the organisation settings, repositories, teams. 
• Repository-level roles which gives organisation members, outside collaborators and teams of people varying levels of access to repositories. 
• Team-level roles that give permissions to manage a team.  

The recommendation here is to carefully guard and audit assignment of roles like Organisation owners. It is also prudent to be mindful of the base permission set, which affects all members of an organisation who access any of its repositories (except outside collaborators). 

Securing the BUILD stage 

The build stage is where the code is compiled into an executable or deployable artifact, and it is essential to ensure that the build process is secure. Implementing security in this phase involves adding automated security tools like Static application security testing (SAST) tools, software composition analysis (SCA) and unit testing. It is important to test the build output artifacts. 

A key area of concern here is the heavy dependence on open-source libraries, indicating that development teams have transitioned from creating software to assembling it.

Using someone else’s code, however, can come with potential risks. By incorporating their code into your application, you’re essentially giving them access to your code repository. It’s important to consider whether you trust the author and contributors of the code you’re using, as well as whether the code could contain flaws or vulnerabilities that may impact your customers or users. This is especially true for transitive dependencies, which make up a significant portion of JavaScript dependencies. Even if the code you’re using appears to be secure, the transitive dependencies it relies on could contain vulnerabilities that you’re not aware of. 

GitHub Advanced Security includes features for supply chain security that enable you to scan software dependencies for potential vulnerabilities. Additionally, the GitHub Marketplace provides numerous actions that allow you to seamlessly integrate third-party security platforms, such as Prisma Cloud, into your GitHub workflows. This can help ensure that your code is protected and secure from potential threats. 

Securing the DEPLOY stage 

The deploy stage is where software that has been tested and approved (artifact) is sent to the production environment. This may happen without the need for manual intervention (automatically), and it makes it faster and more efficient to roll-out product changes. Implementing security in this phase involves making sure that the artifacts we are releasing and the environment we are releasing them to are verified, secure and compliant. This includes making sure that the artifacts are stored in a secure and trusted location and having processes in place to validate the integrity of the artifacts against tampering. 

GitHub Packages provides a hosting service for storing and managing software packages. Packages are stored in a secure registry, and access is controlled by the user’s authentication and authorisation credentials. 

Many companies also use infrastructure as code (IaC) to set up their environments prior to deploying new or updated artifacts. However, it’s crucial to ensure that these IaC templates adhere to security guidelines and compliance requirements, particularly with regards to encryption, logging, and secure access. 

According to a study by the Unit42 team, several open-source deployment artifacts were analysed, and the results were concerning. Specifically, the study found that 64% of Terraform modules had at least one high or critical insecure configuration, 99% of Kubernetes Helm charts had misconfigurations, and 91% of container images had at least one critical or high severity vulnerability. These findings highlight the importance of thoroughly assessing and validating IaC templates to ensure that they are secure and compliant before deploying them. The extensibility of GitHub with marketplace extensions makes it easy to integrate open-source tools like Chekov for this use case. 

Securing the RUNTIME stage 

In the runtime stage, the focus is on running and maintaining deployed software in the production environment. Implementing security in this phase involves regularly applying security patches and updates to keep the software and runtime environment up to date; Monitoring for security vulnerabilities or breaches; Implementing security controls such as firewalls and intrusion detection systems; Implementing processes for regularly reviewing and analysing security logs to identify potential threats; Establishing processes for responding to and mitigating security incidents. Azure has an excellent security baseline documentation that I recommend looking into.

The post ​​​Securing the Code to Cloud Pipeline with GitHub and Azure​ appeared first on Microsoft Industry Blogs - United Kingdom.

Serverless models abstract the underlying compute infrastructure, allowing developers to focus on business logic without needing extensive startup or maintenance cost to set up the solution. Serverless reduces overall costs since you only pay for the duration the code was executed, meaning an event-driven model is suitable for situations where an event triggers a defined action. For example, receiving an incoming device messages to store for later use, or a database update that needs some further processing.

There are many places to start when it comes to serverless computing, but let’s start with a CI/CD application frontend.

CI/CD for serverless application frontend on Azure

Serverless computing abstracts the servers, infrastructure, and operating systems, allowing developers to focus on application development. A robust CI/CD (or Continuous Integration/Continuous Delivery) of such applications allows companies to ship fully tested and integrated software versions within minutes of development. It provides the backbone of the modern DevOps environment.

But what does CI/CD actually mean?

• Continuous Integration allows development teams to integrate code changes in a shared repository almost instantaneously. This ability, coupled with automated build and testing before the changes are integrated, ensures that only fully functional application code is available for deployment.
• Continuous Delivery allows changes in the source code, configuration, content, and other artefacts to be delivered to production, and ready to be deployed to end-users, as quickly and safely as possible. The process keeps the code in a deployable state at all times. A special case of this is Continuous Deployment, which includes actual deployment to end users.

This tutorial discusses a CI/CD pipeline for the web frontend of a serverless reference implementation. This pipeline is developed using Azure services. The web frontend demonstrates a modern web application, with client-side JavaScript, reusable server-side APIs, and pre-built markup, alternatively called JAMstack. You can find the code in this GitHub repository. The readme describes the steps to download, build, and deploy the application, so be sure to follow along in setting up this serverless instance.

The following diagram describes the CI/CD pipeline used in this sample frontend:

Next Steps

You can create serverless apps using familiar tools right from your own developer environment and on your favourite operating system. Get first-class services to build, test and deploy functions, containers and Kubernetes-based applications.

CI/CD for serverless

• Get unlimited, cloud-hosted private git repos with Azure DevOps. Easily set up continuous integration/continuous delivery (CI/CD), add automatic package management, automatically trigger builds, and deploy to Kubernetes, Azure Functions, Azure Web Apps or any cloud.

App development tools

• Build, run and debug serverless applications with a comprehensive set of developer tools. Use emulators to develop your apps locally for advanced scenarios like Functions and Kubernetes, then easily target them to Azure when you’re ready to deploy.

Further Reading

• View Code walkthrough: Serverless application with Azure Functions on Microsoft Docs
• Create serverless applications on Microsoft Learn
• Create serverless logic with Azure Functions on Microsoft Learn
• Create a long-running serverless workflow with Durable Functions on Microsoft Learn

The post Getting started with serverless on Azure appeared first on Microsoft Industry Blogs - United Kingdom.

Software is complex, but writing software is even more complex. There are so many factors that come into play when writing software that it is hard to think of all the exceptions that might occur and cause all sorts of havoc. We need UI tests, smoke tests, regression tests, edge case tests, integration tests, and so on.

If the organisation relies on us to run all these tests every time they make a change, we would be spending most of their time testing rather than coding.

We as developers and IT Pros know, or should know, how important it is to test the created work. Testing software requires a different mindset than developing software does. When tests are written by developers who are not trained in writing tests, we don’t always get the results at the quality level we need.

To minimise the risks, it would be helpful if we tested our software in many ways, which means we need to have a lot of tests in place. These could come in the form of Unit Tests, Integration Tests, Automated UI tests and many other methods.

Testing also helps during development. We often find that refactoring a piece of code leads to unwanted side effects. Sometimes when fixing a bug, the developers inadvertently introduce new bugs in other parts of the system. Having a good set of unit tests in place might help by alerting the developer that something is wrong.

• Learn more about Test Driven Development (TDD) on Microsoft Docs.

This works only if the testing is done regularly and consistently. Most of us developers know we need to run unit tests to get better software, but that is not enough.

Test automation helps

The answer to this dilemma is obvious: automate the tests.

In Visual Studio, you can turn on the option to run all tests continuously or at least after each build. This way a defect will be caught as soon as possible if the right tests were written. When this setting is on, we cannot forget about running them—the tools remembers this for us.

Other types of tests are more problematic. You usually do not want to run a full integration test after each build because these test runs can take hours.

A better solution would be to have them as part of your build pipeline. If you use Azure DevOps, you can take advantage of the Build Pipelines engine, which enables you to script out all tests and run them whenever you see fit.

For instance, you can build a pipeline that runs after each code check-in. These tests usually include unit tests and some regression tests. They run quickly and notify developers when their code is not accepted.

Other tests, such as UI and integration tests, can be set up to run at a fixed interval. It is customary to have these tests run every night, but in these days of global teams it’s hard to identify what night is. So, you have to come up with a time that works for you.

With Azure Pipelines, you can automate all sorts of builds and tests, including Python, Java, and Mobile, among others.

Where to begin?

Testing is something that needs to be done from the start. To have the biggest chance of success, testing needs to be part of every step of the software design process. During design, planning, development, and deployment, testing should be on everybody’s mind all the time. Test professionals can help with identifying good test cases, but since a lot of the tests are being automated, developers will be part of the test team as well.

We can break down the process as follows:

1. Identify which types of test can be run often and which ones should be run periodically.
2. Write the test plans on a high level
3. Create unit tests
4. Create UI Tests
5. Create integration tests.

But remember, it is very important have these tests in place, and to run them often. If you make them automated where possible, and as part of your build pipeline, you can never forget to run them.

Learn More

• Read up on Unit Testing on Microsoft Docs
• Run quality tests in your build pipeline by using Azure Pipelines
• Run functional tests in Azure Pipelines
• Deploy applications with Azure DevOps
• Develop, test, and deploy an Azure Function with Visual Studio

The post How to create an effective test plan appeared first on Microsoft Industry Blogs - United Kingdom.

As a society, we use apps to manage, connect and augment our day-to-day lives. So, it’s understandable that when we go to work, we expect to have the same. Apps can help organisations modernise processes, create new innovations and uncover opportunities.

According to the IDC, this growing demand for digital solutions means that 500 million new applications will be built in the next five years. And with a shortfall of 4 million developers predicted by 2025, most organisations don’t have enough developers to create the apps they need. We call this the App Gap Challenge:

The gap between the number of software developers you have today and the number of software developers you need to build the next generation of apps.

So how can organisations solve this? Low/no code platforms like Microsoft Power Apps can help speed up app development and democratise it across the organisation.

Empower developers to innovate with low/no code

Low/no code solutions allows the rapid building of solutions that automate and streamline routine tasks. This allows developers to focus on more high-value, complex work. According to The Total Economic Impact™ Of Power Apps commissioned study by Forrester Consulting, Power Apps can reduce app development and costs by 74 percent.

It can also help organisations drive a growth mindset culture in development teams. They can use Power Apps to quickly prototype a new idea and deploy this capability rapidly.

Take, for example, AstraZeneca’s HealthyMind app. The biopharmaceutical company wanted to ensure their employees had convenient, secure access to mental health resources. It took the developer team just four months to build the solution on Power Apps.

“Key to the choice [of Power Apps] was its ease of use. It is low code, so it is quick to develop and deploy. This all meant that we were able to design and build HealthyMind very quickly,” says Matt O’Halloran, Head of Workplace and Enterprise Services at AstraZeneca.

A platform like Power Apps can also connect to hundreds of different data sources including Microsoft Dataverse. This brings all your business data together into a single source of truth. Your developers can easily customise and extend capabilities in Azure and leverage business data from your systems of record such as Microsoft Dynamics 365 and Surface through Microsoft 365.

“[HealthyMind’s] natural integration with the broader suite that we use enabled us to deliver the application within the context of Teams, which was another game-changing factor,” says O’Halloran.

Drive digitisation with citizen development

With low/no code, development is democratised throughout your organisation. It allows anyone to solve business problems themselves.

At Centrica, citizen developers have built over 1,000 apps.

“We’ve really embraced this technology in Centrica. We’ve made an effort to be on the front foot and use the latest technology first, rather than waiting for it to be embedded and then acting,” says James Boswell, Director, Design and Engineering at Centrica. “It was a conscious risk but it’s worked really well – it’s giving us some great benefits and rewards and we’re well on the way to ensuring all our employees are digital employees.” 

For the energy services and solutions company, Power Apps has changed perceptions and steered to business-led development. Take, their finance team for example, in a couple of months they built an app that simplified and automated coordinating tax returns across different regimes. 

Build fusion teams to digitise and innovate faster

What happens when you combine your pro developers and citizen developers? You build fusion teams and unlock the true value of low/no code. According to Gartner, 84 percent of companies already have a fusion team.

By bringing together people with different experiences and knowledge into a multi-disciplinary team, you’ll build more innovative, inclusive apps, faster.

In a fusion team, citizen developers, with the support of pro developers, can rapidly build more complex applications. Citizen developers can focus on the UI, whilst pro developers can create and manage the APIs needed to enrich the application with key data sources. This accelerates time-to-delivery. Fusion teams can deploy solutions up to two and a half times faster than traditional siloed teams.

Centrica used a fusion team to develop an app that matches Centrica volunteers with people from the Trussell Trust charity.

“We’ve got people from all over the business working together. Some are working on the development work, some on the UI, some acting as scrum masters to manage the project. It’s all being done by people who came to the clinics and volunteered. And it will be a huge help to the Trussell Trust,” says Roy Young, Global Head of Office 365.

Build a fusion team

1. Find your use case

Pick a relevant problem that needs solving quickly and when solved, provides a considerable impact.

• Assemble your team

Have a mixture of proactive employees from across many lines of business, such as customer service, developers, team leaders, business leads.

• Plan your roadmap

Determine how much time it’ll take to create, implement, and produce results. Make sure you have time to troubleshoot and determine which solutions work best.

• Accept mistakes along the way

By working in an agile environment, your team will constantly be testing and may have to be ready to pivot when necessary.

Drive digitalisation and innovation

Power Apps helps organisations increase agility by giving everyone the ability to rapidly build low-code apps that drive innovation, modernise processes and solve tough challenges.

Cara Barratt, Workplace Transformation Lead at AstraZeneca agrees, “…we’re really looking at how we can empower our colleagues across AstraZeneca so those that have great ideas can develop their own use cases.”

Find out more

Accelerate innovation with low-code

Microsoft Power Apps

Join a Power App Microsoft Training Day

Make app building easier

Take the Fusion Development Learning Path

Take a fusion development approach to building apps

About the author

As a Power Platform Technical Specialist at Microsoft, Simon takes great pride in helping companies solve their business problems and generate insight into data, providing rapid answers to business questions through use of the Power Platform (specifically Power BI, Power Apps, Power Automate, Power Virtual Agents, Dataverse and AI Builder). He enjoys working with the people in customer organisations who are helping to drive transformation using this technology and seeing the impact it has on their organisations and their careers.

The post How low/no code solutions can accelerate innovation and digitisation appeared first on Microsoft Industry Blogs - United Kingdom.

Welcome to our new MVP Spotlight series! We’ll be talking with some of the wonderful people in our MVP program about their areas of expertise, so that we can learn more about how they got started and their recommendations for others doing the same. We’ll also point you towards the resources they’ve worked on, whether it be articles, videos or podcasts, to help you level-up your own skills.

Meet Marcel, DevOps MVP

This time I caught up with Marcel Lupo, where I asked him about his personal DevOps journey, and how others can get started on their own.

Chris: Introduce yourself!

Marcel: I’m a Microsoft DevOps MVP, Cloud Solutions & DevOps Architect and technical speaker focused on Microsoft technologies in the Azure cloud platform. I specialise particularly in Automation, DevOps and Developer Technologies, with a strong focus on Infrastructure as Code (IaC), Azure DevOps and GitHub. I am passionate about technology and how it can be used in automation to bring true value and solve complex business problems.

I’m a regular speaker at conferences and meetups, and enjoy sharing knowledge and technical content with the wider tech community. I currently work at Avanade UK&I as a Group Manager in DevOps Engineering. As a global DevOps lead for infrastructure and operations professionals, I help build next-generation operating models for digital organisations and help them adopt DevOps culture and innovate on cloud platform services such as Azure.

C: How did you get into DevOps?

M: Coming mainly from the OPS end of the spectrum, I started out as a very seasoned sysadmin with over 18 years’ experience across large and small companies where I had always taken the “Automate everything” approach. I saw the role of systems administration as a role that shouldn’t exist if a system was configured and maintained right.

So wherever I worked I wanted to make things easier not only for myself but for others around me, empowering myself and others to accelerate and succeed in tasks taken on the day to day. I looked at every process and improved on it, taking any repetitive tasks and automating them. I wanted to make things simpler, such as changing 10-step manual processes to a “zero-touch” fully automated solution. Spotting and improving inefficiencies with companies I worked with was also high on my list of objectives.

I transitioned into what is known today as DevOps naturally due to my past working experience with automation. The exposure working alongside developers and embracing the “DEV” culture and the way we worked together meant we ultimately adapted the same practises and disciplines into Operational teams, Security teams and IT teams, where we shared a lot of amazing success stories. We worked with large companies using the Microsoft Cloud to continuously innovate and do incredible things, but most of all to increase efficiencies through the automation of build and deployment, through scalable workloads and much more.

C: Why should other people adopt DevOps?

M: There are so many benefits to adopting DevOps and it’s by no means limited to the following, but DevOps has been proven to increase the speed, efficiency and quality of software delivery as well as improving staff morale and motivation. It removes the communication barriers between teams, therefore removing the reliance on the availability of an individual person or team for software delivery to progress. Efficiency is increased as decisions are made collectively by all involved, and feedback to those decisions is rapid.

Work quality is also improved by the introduction of automation which removes repetitive tasks. DevOps delivers applications, infrastructure and even security in a consistent fashion, removing the mistakes that humans typically make. As the burden of manual work is removed from staff members, they can then focus on more creative work that increases their job satisfaction and adds real value to the organisation.

By establishing automated services, the ongoing operational costs are lower than the human equivalent. There is also a significant speed advantage as automated processes are much faster. The quality of the entire release process improves because steps in the pipeline become standardised, thus creating predictable outcomes.

The DevOps approach results in ease, reliability and confidence to release frequently. This allows for continuous feedback to be rapidly incorporated into future releases, whether that be for software delivery, infrastructure builds or even operational and security automation to be truly Agile.

C: Do you have any tips for people starting their DevOps journey?

M: DevOps is without a doubt the future. It can be applied everywhere – it’s not just for developers developing applications or a product. DevOps can be applied to Infrastructure, Operational tasks, and even Security. When it comes to identifying skillsets and the need for the understanding of how to work in a DevOps environment, there is no doubting that it is becoming more and more important.

DevOps is certainly a culture, and not a role, so my advice is to begin learning as much as possible about DevOps and the culture behind it. It can be applied to almost any environment, as it’s not limited to software delivery. Having prior development or developer experience can also be particularly helpful, but it’s not essential, coming from a non-developer background myself.

I would say that I never saw myself as a developer, but in reality, if you write any sort of automation scripts whether that be PowerShell, Python, Bash… you are essentially a developer.

For anyone starting out, I would recommend learning at least one scripting language and try to automate tasks. Start with the foundations first and also learn about cloud and what cloud platforms are and when to use them. Look at how you can adopt cloud technology and automation together. Microsoft has some amazing foundational courses and certifications in their cloud platform, Azure. But most of all, have fun!

Marcel’s DevOps content

Fortunately for us, Marcel has written a wealth of content both on DevOps and on topics related to it, so it’s a great way to get stuck in. Check out our curated selection of articles below, but be sure to check Dev.to for a more comprehensive list of everything that is available.

Articles

• GitHub Codespaces Pro Tips
  • Introduction to GitHub Codespaces – Building your first Dev Container
  • Integrating Azure DevOps with GitHub – Hybrid Model
  • Hosting your self hosted runners on GitHub Codespaces
  • Hosting Azure DevOps Pipelines agents on GitHub Codespaces
• Terraform Pro Tips
  • Connect Terraform to Azure DevOps Git Repos over SSH
  • Terraform – Complex Variable Types
  • Terraform – Sensitive Output
  • Terraform – Creating dynamic variables using locals
  • Terraform – Filter results using ‘for’ loops
  • Terraform – Selective configuration with ‘lookup()’
• Self Hosted GitHub Runner containers on Azure
  • Create a Docker based Self Hosted GitHub runner Windows container
  • Create a Docker based Self Hosted GitHub runner Linux container
  • Build Docker based GitHub runner containers on Azure Container Registry (ACR)
  • Run Docker based GitHub runner containers on Azure Container Instances (ACI)
  • Autoscaling self hosted GitHub runner containers with Azure Container Apps (ACA)
  • Run Docker based GitHub runner containers on GitHub Codespaces

Videos and Podcasts

• Automate Azure Role Based Access Control using Azure DevOps
• Automate password rotation with Github and Azure
• Automate Azure Resource Decommissions (with tracking)

You can find Marcel on Dev.to and Twitter. He’s also organising and speaking at the London Microsoft DevOps Meetup on November 2nd.

Learn more

• Improve your DevOps practices with these ebooks
• How you can improve your DevOps practices
• The five most common mistakes approaching DevOps
• An introduction to DevSecOps

The post MVP Spotlight: Learning DevOps with Marcel Lupo appeared first on Microsoft Industry Blogs - United Kingdom.

We have been bombarded with marketing telling us that the future is the cloud and that we must migrate everything. The reality is that hybrid, I believe, is a permanent state. It’s not just a transition. A lot of IT Pros wonder how to get started – to integrate the goodness of cloud services in a way that brings value and efficiencies without the need for a complete rip and replace.

Case in point, I spoke to a conference attendee last month in Vienna and he made a statement that stuck with me. He basically said that it was easier to find guidance on migrating everything than finding guidance on slowly integrating cloud services in his environment when it makes sense. I can’t confirm his findings, but I can agree that finding the right information for each specific situation can sometimes be challenging.

Our approach to hybrid environments is to be consistent – it’s the way we enable unified management, common identity framework and security. Taking that approach also allows for seamless extension to the cloud when it makes sense for you. This is where technologies like Azure Arc are so impactful as they simplify the way to provide a centralised, unified way to:

• Manage your entire environment together by projecting your existing non-Azure and/or on-premises resources into Azure Resource Manager.
• Manage virtual machines, Kubernetes clusters, and databases as if they are running in Azure regardless of their location.
• Use familiar Azure services and management capabilities, regardless of where they live.
• Continue using traditional ITOps while introducing DevOps practices to support new cloud native patterns in your environment.
• Configure custom locations as an abstraction layer on top of Azure Arc-enabled Kubernetes clusters and cluster extensions.

To that end, our team has started a series that will take you on a journey. A journey of a typical on-prem only environment where we gradually implement cloud services to lighten up efficiencies and the power of cloud services to the benefit of the business. Step by step, with a look at why and not just how you too should look at cloud services:

• Connecting your environment to the cloud.
• Connect to your on-prem server from anywhere.
• Setting up DNS in a Hybrid Environment.
• Securely Manage my On-prem Server Using Cloud services.
• Planning the Monitoring of my hybrid environment.
• Apply Azure Policy to Azure Arc-enabled Servers in a Hybrid environment.
• How does Azure Stack HCI fit into Hybrid Cloud Services?

More articles will be added to this list in the near future. However, we are very interested in hearing about your challenges in this area, and as such we have set up an email address you can use to tell us about the scenarios you are challenged with. You can reach us at ITOpsTalk-Feedback@microsoft.com or as usual on our discord server.

Cheers!

Learn more

• This article was written for the Monthly TechNet UK IT Pro Newsletter – sign up today!
• A look at the announcements from Microsoft Build 2022
• What to catch up on from Build 2022
• New Azure features and functionality for July​ 2022 – Microsoft Build edition

The post Applying cloud goodness to your existing environments appeared first on Microsoft Industry Blogs - United Kingdom.

Many believe that it’s difficult to get started with Azure DevOps, but that’s really not the case.

Azure DevOps can deploy to any cloud on-premise, and you can bring any code to our tooling. This means it’s not just for Windows developers, or .NET developers, but for everyone – be it multi-platform, open source, or your on-premise environment.

One thing it’s really great for is CICD – or Continuous Integration, Continuous Delivery – and it does this with automation. So things like infrastructure code, using third-party tools like Terraform, or deploying ARM templates into Azure, can all be done automatically. You can even look at automating your actual code with your developers using Azure pipelines.

Azure DevOps can also manage projects and tasks. It’s great for project managers to know what tasks exist, when they’re being assigned to each person, and when they’ve been completed. It’s also possible to see which tasks are creating blockers, so you can manage your workflow more effectively.

To help you along your DevOps journey, we’re taking a look at some of the best free ebooks from Microsoft. Enjoy!

Azure DevOps explained

Deliver quality applications efficiently and at scale with Azure DevOps tools for every phase of the development lifecycle. Get this e-book to help you plan projects, collaborate on code development, and build and deploy applications faster. Also, explore ways to increase quality and customer satisfaction with continuous software delivery.

In Azure DevOps explained, you’ll find DevOps principles and follow tutorials to learn how to:

• Manage projects with Kanban boards and securely manage source code with repositories.
• Enable continuous integration and continuous delivery (CI/CD) by creating build and release pipelines with fully integrated package management.
• Send applications faster by using GitHub and Azure DevOps together.
• Improve code quality and manage project testing lifecycles with Azure Test Plans.
• Set up CI/CD pipelines for .NET-based applications and container-based infrastructures with step-by-step instructions.

Visualise your DevOps workflow

Visualising your end-to-end DevOps workflow can be tough. Being able to see your workflow will allow you to see your strengths and where you have room to optimise your tooling. The DevOps Workflow Generator will allow you to configure and visualise your specific workflow – exportable in one easy-to-read report that you can download on demand.

Additionally, we’ll be taking the aggregated, anonymous data from this tool and reporting the latest trends that we find to you. We’re looking forward to learning more and to sharing our findings with you.

6 tips to integrate security into your DevOps practices

DevOps proven practices illustrate how collaboration between developer and operations teams leads to faster software delivery. Now, the issue facing digital leaders is the security and compliancy of their code, workflows and infrastructure. The logical next step: integrate your security team with the existing DevOps team – breaking down another organisational silo. In this e-book, you will learn how to:

• Develop a security-first company culture to drive DevSecOps adoption
• Proactively secure your code, workflows, infrastructure and software supply chain against vulnerabilities
• Provide your teams with shared tooling and best practices to enable end-to-end visibility and traceability
• Leverage improved insights and policy automation to realise continuous compliancy

Securing Enterprise DevOps Environments

Download the Microsoft & Sogeti e-book, Securing Enterprise DevOps Environments, to learn to fortify all three attack surfaces of enterprise DevOps environments and implement the culture changes necessary to thrive in our dangerous new world. We’ll explore the ideal secure and regulatory-ready setup of Enterprise DevOps tools and practices, focusing on three specific areas:

• Secure the developer environment.
• Secure the DevOps platform environments.
• Secure the application environments.

MLOps with Azure Machine Learning

Not every organisation’s machine learning DevOps (MLOps) requirements are the same. The MLOps architecture for a large, multinational enterprise is unlikely to fit a small startup. Organisations start small and build up as their maturity, model catalogue, and experience grow.

Microsoft aims to meet organisations where they are on their ML/AI journey. Our leading technologies and robust MLOps capabilities can help you accelerate the machine learning lifecycle and empower data scientists and developers to build, train, and deploy models on a secure, trusted platform that supports a wide range of productive experiences and is designed for responsible machine learning.

Useful Links

• An introduction to DevSecOps
• Get stuck into more DevOps on Microsoft Learn
• How to get started with Microsoft certifications
• View live and on-demand sessions on Azure and more on Microsoft Learn TV

The post Improve your DevOps practices with these ebooks appeared first on Microsoft Industry Blogs - United Kingdom.

DevOps is a way of working that lets you better respond to your industry’s trends and your customer’s needs. But knowing what DevOps is is only the beginning – what really matters, at an organisational level, is its effective deployment. Understanding how best to execute DevOps means empowering a more agile business that can innovate at the drop of a hat.

In the digital workplace, you don’t want to be playing catch-up. That’s when competitors gain the advantage. By correctly implementing DevOps – and embracing it throughout your organisation’s culture – you can transform your efficiency and effectiveness.

1. Create a Value Stream Map

Before you can move your DevOps forward, you should spend time looking at the way it is now. If you haven’t introduced DevOps into your business yet, then use this time to study your current processes.

What you’re aiming to identify is:

• What’s working?
• Where can improvements be made?
• Have your processes scaled as your business has grown?

One of the best ways to do this is to create a Value Stream Map.

This is a visual method of charting the way you work now. Start by determining your start and end points – for instance, from the manufacture of a product to the customer’s purchase. Between those two, add each step of your process. Leave nothing out. Along the bottom of the map, add a timeline, showing how long each step takes. Now, you can see at a glance where time is wasted and how DevOps can improve output.

During this early stage, you should determine what you want to achieve from your reformulated DevOps. This might be increasing efficiencies or reducing the time spent on activities that don’t add value to your customers. Try to distil these desires down to two or three goals. This way, you can keep your entire team focused on them.

2. Get buy-in across the business

Change can be scary – and because DevOps has the potential to alter everything across your organisation, you may find you get push-back from parts of the workforce. Look out for complaints like ‘But we’ve always done it that way.’

You’ll need to gain buy-in from employees, and buy-in begins – where else? – at the beginning. You can’t one day foist new processes on an unsuspecting team. Well, you can, but the results will be poor. Nor can you simply explain why the new ways are better than the bad old days.

Share your vision. Show how the business will improve using the Value Stream Map you created. Ask them for their ideas, too, as this encourages employees to take joint-ownership over the new practices as they join you on the journey.

You’ll find that “union of people, process, and products” is more unified with everyone on-board.

3. Use the right tools

Make sure you’re equipping your whole team with the best tools for the job that won’t cause your team to waste more time. The wrong tools or lazy workarounds will only exacerbate the issues you’re trying to iron out.

The Azure DevOps suite of tools can be used by any business looking to improve the employee and customer experience. You’re free to use them regardless of your chosen operating system or whether you’re in the cloud on on-premises.

There are five tools to support you:

• Azure Boards can be used by multiple teams to plan, track, and collaborate on work
• Azure Pipelines is for building, testing, and deploying
• Azure Test Plans is a manual and exploratory toolkit
• Azure Repos lets you store unlimited Git repos in the cloud
• Azure Artifacts enables you to create, host and share package feeds

This gives you the complete end-to-end package. You’ll always have access to tools that cover every aspect of DevOps delivery, from the planning stage to deployment.

To begin, visit dev.azure.com and click ‘Start free’. Once you’re logged in with a Microsoft account, you can create a new organisation and get started.

4. Think agile, stay agile

You’ve likely heard the software development term ‘agile’ before. It’s a principle that states that you can achieve better results by valuing…

• Individuals and interactions over processes and tools
• Working software over comprehensive documentation
• Customer collaboration over contract negotiation
• Responding to change over following a plan

It’s so easy to get locked into a certain mind-set, following clunky processes not because they make sense but because ‘that’s how we do it’. That’s not your fault, nor the fault of your team. It happens to all businesses as they scale up. But who benefits from these processes?

Thinking ‘agile’ means you become more open and proactive as a business. The result is, an enhanced employee experience and service levels, leading to a rise in customer satisfaction.

To take a more agile approach, start using Azure Boards. This DevOps tool is ready-made for planning and prioritising changes, and assigning specific tasks to people. You may also find it useful to refer back to your value stream map.

5. Don’t stop innovating

Integrating DevOps into your business is a gradual process. Far too many businesses balk at the time it can take to properly implement new processes, or grow impatient because results aren’t instant. However, there’s an even worse sin: stopping immediately after completion.

The most successful DevOps users are continually monitoring and testing; regularly tweaking processes to suit business needs, and integrating security into their software. This lets them deploy on a more regular basis, with a greater predictability and security – and again, that benefits employees and customers who receives the end-product.

Glean as much data as you can throughout the process. Every change, every tweak to your process offers up more information that will help you improve operations with every iteration.

Find out more

• Get started with Azure DevOps
• The five most common mistakes approaching DevOps
• An introduction to DevSecOps
• How you and your team can improve communication this year
• How Evolv are using Azure DevOps to help develop affordable rehabilitation technologies

The post How you can improve your DevOps practices appeared first on Microsoft Industry Blogs - United Kingdom.

Security is a key part of DevOps. But how does a team know it’s secure? Is it ever really possible to deliver a completely secure service?

Unfortunately, the answer is no. DevSecOps is a continuous and ongoing effort that requires the attention of everyone on the team. While the job is never truly done, the practices teams employ to prevent and handle breaches produce systems that are as secure and resilient as possible.

Teams that don’t have a formal DevSecOps strategy are encouraged to begin the planning as soon as possible. At first there may be some resistance from team members who don’t fully appreciate the threats that exist. Others may not feel that the team is equipped to face the problem and that any special investment would be a wasteful distraction from shipping features. However, it’s necessary to begin the conversation to build consensus as to the nature of the risks, how the team can mitigate them, and whether the team needs resources they don’t currently have.

Resources

• Microsoft Learn: Introduction to DevOps
• Microsoft Learn: Introduction to Azure DevOps
• Microsoft Learn: Work with Azure Repos and GitHub

Get started with DevSecOps

With Microsoft Learn, you can kick off your journey into DevSecOps with easy to understand training – and best of all, it’s free! This is the perfect way to work through new software.

• Microsoft Learn: Introduction to Secure DevOps
• Microsoft Learn: Provision and test environments
• Microsoft Learn: Security Monitoring and Governance

Learn more about DevSecOps

Already using DevSecOps and want to go further? Whether it’s learning something new within DevSecOps or becoming certified, there’s plenty more to explore and discover.

• Watch: Secure GitHub Actions with Azure Workload Identity Federation
• Watch: Secure DevOps with Pulumi and Terraform
• Watch: Secure DevOps with ARM and Bicep

Further resources

• DevSecOps on Microsoft Docs
• Getting started with Azure DevOps
• The five most common mistakes approaching DevOps
• View available Microsoft Certifications
• Sign up for the Monthly TechNet UK IT Pro Newsletter for more!

The post An introduction to DevSecOps appeared first on Microsoft Industry Blogs - United Kingdom.