{"id":11846,"date":"2024-03-27T07:18:03","date_gmt":"2024-03-27T14:18:03","guid":{"rendered":"https:\/\/www.microsoft.com\/insidetrack\/blog\/?p=11846"},"modified":"2024-03-27T09:16:16","modified_gmt":"2024-03-27T16:16:16","slug":"streamlining-engineering-at-microsoft-with-azure-devops","status":"publish","type":"post","link":"https:\/\/www.microsoft.com\/insidetrack\/blog\/streamlining-engineering-at-microsoft-with-azure-devops\/","title":{"rendered":"Streamlining engineering at Microsoft with Azure DevOps"},"content":{"rendered":"

\"MicrosoftMicrosoft runs on Microsoft technology. We are the proving ground for our products and when we say that software is enterprise-ready this means that we have already built it for and run it at scale in our own enterprise.<\/p>\n

We are in the business of building the future of technology. And more often than not, our software is built using Microsoft Azure DevOps.<\/p>\n

Microsoft is undergoing a mission to transform the way we work. There are three key pillars to this strategy: tools, processes, and people.<\/p>\n

\u2014Heather Pfluger, general manager of Infrastructure & Engineering Services in Microsoft Digital Employee Experience<\/p>\n<\/blockquote>\n

Microsoft Azure DevOps was designed to support enterprise teams who need a collaboration and product management tool with organizational structures and robust security controls that meet the real world of how teams are actually run. With Microsoft Azure DevOps we can smartly plan our projects, improve collaboration, and ship our products faster with increased visibility, security, and efficiency.<\/p>\n

\u201cMicrosoft is undergoing a mission to transform the way we work. There are three key pillars to this strategy: tools, processes, and people,\u201d says Heather Pfluger, general manager of Infrastructure & Engineering Services in Microsoft Digital Employee Experience (MDEE), the company\u2019s IT organization. \u201cBut the operative change is to our culture.\u201d<\/p>\n

We take pride in developing our software through the real-world use of our global teams. We refer to ourselves in these cases as \u201cCustomer Zero,\u201d where we effectively are the launch customer for our product engineering teams. This allows our employees to use leading-edge solutions before our customers to improve our products based on our real-world usage.<\/p>\n

Shifting left: building a tool for the modern engineering environment<\/h2>\n

This story begins with the launch of Windows Azure in 2008, which became Microsoft Azure in 2010 and really started to come of age by 2014. That’s when MDEE, and nearly every other team at Microsoft, began migrating their legacy workloads to Azure. The team that became MDEE team was faced with a momentous leap forward due to the cloud, enabling an opportunity to revolutionize our engineering processes.<\/p>\n

One way that we describe this culture shift internally is \u201cshifting left.\u201d We are moving our engineering focus closer to our dev teams by giving them more tools and more power to efficiently drive their progress right at the early stage of development.<\/p>\n

\"A
Our timeline for moving the company to the cloud.<\/figcaption><\/figure>\n

They have what they need to do their job at hand while at the same time introducing efficiencies in team structure, organization, and security. What used to take a large team of engineers and testers to accomplish is now taken care of by leaner, more agile developer teams themselves with the aid of automations and Microsoft Azure\u2019s inherent security features.<\/p>\n

Microsoft Azure DevOps is all about productivity for developers, and over many years of refining our processes we\u2019ve increased both the quality and velocity of our output. We have the entire MDEE organization running on a single Azure DevOps instance, which gives unprecedented visibility and accountability for our processes.<\/p>\n

In an organization our size, which has been creating software for as long as we have, a recurring concern is the long-term traceability and maintenance of our code. Today, we have new processes in place to better organize our output and make it easier for future Microsoft engineers to understand what we\u2019ve built.<\/p>\n

\u201cUsing area paths, we mapped out the entire organization and created a hard chain of custody for every line of code, in every repo,\u201d says Martin O\u2019Flaherty, principal PM manager of the MDEE Engineering Systems team. \u201cIf you create something, it will be tied to a repo, which will be tied to a team. No longer will there be code that can\u2019t be accounted for \u2013 it\u2019s all hard-wired in the backend. If something goes wrong, we immediately have a point of contact for the person who is accountable to remediate the issue.\u201d<\/p>\n

[However] the journey never ends, as technology is always evolving.<\/p>\n

\u2014Martin O’Flaherty, principal PM manager of the MDEE Engineering Systems team<\/p>\n<\/blockquote>\n

On our single Microsoft Azure DevOps instance, we have thousands of daily active users, thousands of repos, and more than 20,000 build and release pipelines. We\u2019ve shown that Azure DevOps, right out of the box, can not only handle our scale but it excels at it. Azure DevOps is propelling us forward and accelerating our progress.<\/p>\n

Get clean and stay clean<\/h2>\n

A significant opportunity we had with moving our entire engineering team to a common deployment of Microsoft Azure DevOps was cataloging and consolidating all our services. This process, which started five years ago, led to the retirement of nearly 30 percent of our legacy applications, while enabling us to deploy what remained rest to the cloud. By carefully selecting the applications and processes to continue and others to sunset, we quickly improved our security posture. We refer to this era as \u201cgetting clean.\u201d<\/p>\n

\u201c[However] the journey never ends, as technology is always evolving,\u201d O\u2019Flaherty says. \u201cWhat we considered secure in 2017 is so rudimentary to how we approach things now. This is why we must \u2018stay clean\u2019 by continually monitoring the guardrails we put in place for our developers.\u201d<\/p>\n

Pursuing the mission of maintaining a strong security posture throughout our Microsoft Azure DevOps instance supports a simple imperative: if our primary tool for developing code isn\u2019t secure, nothing we produce will be secure.<\/p>\n

\"A
A potential distribution of an Azure portfolio that aims to reduce complexity.<\/figcaption><\/figure>\n

To accomplish \u201cstaying clean,\u201d we have designed, enacted, and maintained a clear security and compliance framework within Microsoft Azure DevOps. We\u2019ve streamlined our pipelines and deployed common protocols to all our teams, which ensures all our releases are held to the same high security standards.<\/p>\n

Security, across the board<\/h2>\n
\"Gray
Damon Gray (left) and Martin O\u2019Flaherty are two members of the Microsoft Digital Employee Experience team who have lead efforts with bringing our team on board Azure DevOps.<\/figcaption><\/figure>\n

We have also \u201cshifted left\u201d our application security posture. We\u2019ve moved our security focus closer to the developer by utilizing breakthroughs in technology and strategy like GitHub Advanced Security for Microsoft Azure DevOps<\/a>. This new tool, currently in public preview, automatically scans new code to ensure there are no secret leaks or exposures in your Microsoft Azure repos.<\/p>\n

This is a powerful advance in security technology that pushes the boundary of our security posture to the code itself, right as it is being written. It alerts the developer in real time to potential errors or security concerns. By moving security and testing earlier in the development process we further enhance security during product development and reduce the risk of errors being released.<\/p>\n

The security revolution powered by Microsoft Azure DevOps and running on a single instance is paying dividends for MDEE. Now, we universally apply and monitor security policies rather than relying on each team to set their own parameters. By utilizing common guardrails, we are able to monitor and apply policies across the board. We’ve baked in security early in the development cycle, and it\u2019s done automatically and consistently.<\/p>\n

Mature software that is enterprise ready<\/h2>\n

New customers to Microsoft Azure DevOps gain from all of the efficiencies and learnings MDEE has pioneered as customer zero. It\u2019s now a mature product with a lengthy track record, and it works right out of the box.<\/p>\n

\u201cIf I was advising a new enterprise just starting out with Azure DevOps, I would tell them to not just copy our way of doing things,\u201d says Damon Gray, principal group engineering manager for Optimization, Engineering & Networking Services in MDEE. \u201cThey can smartly set up their instance themselves and add the guardrails that fit their organization over time. Within the day, right out of the box, they\u2019ll be securely submitting and releasing code to the cloud.\u201d<\/p>\n

Companies of our scale require robust and customizable solutions to allow teams to build with the freedom to push the envelope of what\u2019s possible. Microsoft Azure DevOps was designed, built, tested, and optimized to make our teams as efficient and secure as they need to be. We build the future of software at Microsoft, and this software is built with Azure DevOps.<\/p>\n

\u201cAzure DevOps is the tool that we utilize company-wide to allow our teams to build the future, wherever in the world they are working,\u201d Pfluger says.<\/p>\n

\"Key
\nHere are some tips you can use to help you get started with Microsoft Azure DevOps:<\/p>\n