run adaptive. Simplify Azure DevOps Agent Management with Managed DevOps Pools

Simplify Azure DevOps Agent Management with Managed DevOps Pools

Level: 200
Publishing date: 27-Dec-2024
Author: Catalin Popa

Managing Azure DevOps agents has always been a challenge, but with Managed DevOps Pools, the process has become significantly easier. This blog covers:

• What Managed DevOps Pools are and how they function within Azure

• Their placement in Azure infrastructure and their role

• Available image types and configuring private networking

• A demonstration of Managed DevOps Pools in action

What are Managed DevOps Pools?

Managed DevOps Pools (MDP) provide a streamlined way to create and manage agent pools in Azure DevOps, dynamically provisioning agents based on demand. They build on Virtual Machine Scale Sets (VMSS) but abstract away infrastructure complexities, allowing for an easier, more scalable, and secure agent solution.

Since the underlying VMSS infrastructure is managed within Microsoft’s subscription, MDP effectively operates as a Platform-as-a-Service (PaaS) resource. This means organizations can leverage Azure DevOps agent pools without needing to manage the infrastructure themselves.

Benefits of Managed DevOps Pools:

• Reduced operational overhead – No need to maintain agent infrastructure manually.

• Scalability and reliability – Can handle thousands of agents efficiently.

• Security best practices – Built-in Microsoft security standards.

• Customization – Teams can use custom images tailored to their requirements.

The diagram above illustrates how Managed DevOps Pools work, highlighting their deployment process and infrastructure requirements. When a Managed DevOps Pool is deployed through an Azure DevOps pipeline using a Microsoft-hosted agent, it automatically registers the agent pool in the target Azure DevOps organization—either at the organization level or within a specific project.

Once deployed, the agent pool is ready for use, with Microsoft managing the underlying VMSS instances. This makes the deployment process seamless, requiring minimal manual intervention.

Requirements for Deployment

To successfully deploy and utilize Managed DevOps Pools, ensure the following:

• The Azure DevOps organization must be linked to the Azure Entra ID where the pool is deployed.

• The Microsoft.DevOpsInfrastructure resource provider must be registered in the Azure subscription.

• The service connection principal used in Azure DevOps must have Agent Pool Administrator permissions and a stakeholder license.

• The resources Dev Center and Dev Center Project are required.

Image Types

Managed DevOps Pools support multiple image sources:

Image Type	Description	OS Support
Microsoft Azure Pipeline Images	Mirrors Microsoft-hosted agents with pre-installed software.	Windows Server, Ubuntu
Azure Marketplace Images	Allows selecting VM images from the Azure Marketplace	Windows, Linux (Ubuntu, RHEL, SUSE, Debian)
Azure Compute Gallery Images	Uses organization-managed images stored in an Azure Compute Gallery.	Windows, Linux

For teams transitioning from Microsoft-hosted agents, the Azure Pipeline Images offer a similar experience.

Private Networking

By default, Managed DevOps Pools use a Microsoft-managed virtual network, but they can be configured to integrate with an organization’s private network. To achieve this:

1. Delegate a subnet to Microsoft.DevOpsInfrastructure/pools.

2. Ensure that the DevOpsInfrastructure service principal has permissions to manage networking resources.

3. Assign required permissions (Network Contributor or least-privilege access with subnet join and validation actions).

To retrieve the DevOpsInfrastructure service principal ID, use:

Managed DevOps Pools in Action

Deploying with Azure Bicep

The following Azure Bicep template deploys a Managed DevOps Pool, linking it to a Dev Center and Dev Center Project:

This template sets up:

• A Dev Center and Dev Center Project.

• A Managed DevOps Pool using Windows Server 2022 images.

• A stateless configuration, ensuring fresh agent instances for each job.

Using the Agent Pool in Azure DevOps

Once deployed, the agent pool is visible in Azure DevOps under Agent Pools in the project settings. To use it in an Azure Pipeline, reference it in a YAML configuration:

During execution, the pipeline dynamically provisions an agent from the Managed DevOps Pool and starts the job.

Conclusion

Managed DevOps Pools simplify Azure DevOps agent management by eliminating infrastructure overhead while retaining scalability, security, and flexibility. The Microsoft-managed agent infrastructure ensures reliable deployments, while custom images and private networking allow for tailored configurations.

For teams transitioning from Microsoft-hosted agents, this approach provides a seamless and optimized experience without the complexity of managing agent VMs.