Skip to main content

Platform Automation and DevOps

Design Area Overview

Platform automation and DevOps evaluate opportunities to modernize your approach to environmental deployment using infrastructure as code (IaC). These practices are key to delivering scalable, secure, and repeatable Azure Landing Zones and should also be adapted for Microsoft Fabric environments.

Design Area Review

  • Involved roles or functions: Cloud platform engineering, cloud center of excellence (CCoE), DevOps engineers, and infrastructure architects.
  • Scope: Align DevOps principles with the lifecycle management of your Fabric Landing Zone. This includes provisioning, management, updates, and operations through automation and IaC.

Platform Automation

Platform automation allows you to make changes at scale through prescribed, automated processes. It underpins the ability to:

  • Enforce governance and security through repeatable templates.
  • Enable self-service for development and operations teams.
  • Reduce configuration drift across environments.
  • Rapidly iterate and improve infrastructure.

Automation tools such as Azure DevOps, GitHub Actions, and the Microsoft Fabric CLI should be used to build, deploy, and manage landing zones. Templates and modules should be reusable and version-controlled.

DevOps

DevOps is the union of people, process, and products to continuously deliver value. In the context of Fabric Landing Zones, DevOps practices help:

  • Automate the deployment and configuration of workspaces, pipelines, capacities, and Fabric items.
  • Collaborate across teams using Git-based workflows.
  • Monitor, test, and secure deployments through CI/CD practices.

Key Resources:

Development Strategy

Fabric Landing Zones should adopt strong software engineering practices:

  • Lifecycle: Use GitOps to manage the end-to-end lifecycle, including branching, PR reviews, and CI/CD.
  • IaC: Define everything as code using ARM, Bicep, Terraform, or the Fabric CLI.
  • Environments: Implement multienvironment strategies (dev/test/prod) for validation and controlled promotion.
  • Testing: Apply unit and integration testing for infrastructure and workspace items.

Security Considerations

  • Apply least privilege through RBAC and PIM on DevOps tools and environments.
  • Automate security testing in the CI/CD pipeline.
  • Manage secrets and credentials via Azure Key Vault or GitHub secrets.
  • Enforce policy and compliance checks using tools like Azure Policy, GitHub Advanced Security, and Defender for DevOps.

Contributors