Exam Quick Facts
| Detail | Value |
|---|---|
| Exam Code | AZ-400 |
| Title | Designing and Implementing Microsoft DevOps Solutions |
| Level | Expert |
| Pass Score | 700 / 1000 |
| Duration | 120 minutes |
| Questions | ~40–60 (multiple choice, case studies, labs) |
| Cost | $165 USD (varies by region) |
| Scheduling | Pearson VUE |
| Skills Updated | April 24, 2026 |
Official Learning Paths
- 📘 Work with Git for enterprise DevOps — Branching, PRs, repos, Git LFS
- 📘 Implement CI with Azure Pipelines and GitHub Actions — Build pipelines, testing, packages
- 📘 Design and implement a release strategy — Deployment patterns, feature flags
- 📘 Implement secure continuous deployment — IaC, Bicep, Terraform, deployment environments
- 📘 Implement security and validate code bases — GitHub Advanced Security, Defender for DevOps
- 📘 Implement continuous feedback — Azure Monitor, Application Insights
📖 Study Resources
| Resource | Link |
|---|---|
| 📝 Official Exam Page | Microsoft Learn — AZ-400 |
| 📖 Official Study Guide | Microsoft Study Guide |
| 🎯 Free Practice Assessment | Start Practice Assessment |
| 🖥️ Exam Sandbox | Try the exam interface |
| 🎬 Exam Readiness Zone | Video prep series |
Skills at a Glance
| Skill Area | Weight |
|---|---|
| Design and implement processes and communications | 10–15% |
| Design and implement a source control strategy | 10–15% |
| Design and implement build and release pipelines | 50–55% |
| Develop a security and compliance plan | 10–15% |
| Implement an instrumentation strategy | 5–10% |
Who is this exam for?
The AZ-400 is for DevOps engineers — the people who bridge development and operations. You design and implement CI/CD pipelines, manage source control strategies, handle infrastructure as code, and integrate security scanning into the development lifecycle.
⚠️ Over half the exam (50-55%) is on build and release pipelines — this includes GitHub Actions, Azure Pipelines, package management, testing, deployment strategies, and IaC. If you’re short on study time, focus here first.
You should have experience with both GitHub and Azure DevOps, plus strong skills in Azure administration or development. This exam was updated on April 24, 2026 and now includes GitHub Advanced Security integration with Defender for Cloud, workload identity federation, and Azure Deployment Environments.
Skills Measured — with Microsoft Learn Links
Design and implement processes and communications (10–15%)
This domain covers the “soft” side of DevOps — designing workflows, tracking work, measuring metrics, and configuring collaboration between tools. Think of it as setting up the DevOps culture and processes.
Design and implement traceability and flow of work
- Design and implement a structure for the flow of work, including GitHub Flow
- Design and implement a strategy for feedback cycles, including notifications and GitHub issues
- Design and implement integration for tracking work, including GitHub projects, Azure Boards, and repositories
- Design and implement source, bug, and quality traceability
Design and implement appropriate metrics and queries for DevOps
Measuring DevOps performance means tracking metrics like lead time, cycle time, deployment frequency, and mean time to recovery (MTTR). You need to design dashboards that give visibility into planning, development, testing, delivery, and operations.
- Design and implement a dashboard, including flow of work
- Design and implement appropriate metrics and queries for project planning
- Design and implement appropriate metrics and queries for development
- Design and implement appropriate metrics and queries for testing
- Design and implement appropriate metrics and queries for security
- Design and implement appropriate metrics and queries for delivery
- Design and implement appropriate metrics and queries for operations
Configure collaboration and communication
- Document a project by configuring wikis and process diagrams, including Markdown and Mermaid syntax
- Configure release documentation, including release notes and API documentation
- Automate creation of documentation from Git history
- Configure integration by using webhooks
- Configure integration between Azure Boards and GitHub repositories
- Configure integration between GitHub or Azure DevOps and Microsoft Teams
Design and implement a source control strategy (10–15%)
This domain covers Git branching strategies, pull request workflows, and repository management. You need to know trunk-based development, feature branching, branch policies, and how to handle large files and repository scaling.
Design and implement branching strategies for the source code
- Design a branch strategy, including trunk-based, feature branch, and release branch
- Design and implement a pull request workflow by using branch policies and branch protection rules
- Implement branch merging restrictions by using branch policies and branch protection rules
Configure and manage repositories
- Design and implement a strategy for managing large files, including Git LFS
- Design a strategy for scaling and optimizing a Git repository, including Scalar
- Configure permissions in the source control repository
- Configure tags to organize the source control repository
- Recover specific data by using Git commands
- Remove specific data from source control
Design and implement build and release pipelines (50–55%)
This is the core of the exam — more than half. It covers package management, testing strategies, pipeline design (YAML), deployment strategies (blue-green, canary, ring, feature flags), and infrastructure as code (ARM, Bicep, Terraform). Master this domain and you’ll be well positioned to pass.
Design and implement a package management strategy
- Recommend package management tools including GitHub Packages and Azure Artifacts
- Design and implement package feeds and views
- Design and implement a dependency versioning strategy, including SemVer and CalVer
- Design and implement a versioning strategy for pipeline artifacts
Design and implement a testing strategy for pipelines
- Design and implement quality and release gates, including security and governance
- Design a comprehensive testing strategy, including local, unit, integration, and load tests
- Implement tests in a pipeline, including configuring test tasks and agents
- Implement code coverage analysis
Design and implement pipelines
This is the single biggest sub-area. You need to know how to create YAML pipelines from scratch, choose between GitHub Actions and Azure Pipelines, design multi-stage pipelines, create reusable templates, and configure environments with checks and approvals.
- Select a deployment automation solution, including GitHub Actions and Azure Pipelines
- Design and implement a GitHub runner or Azure DevOps agent infrastructure
- Design and implement integration between GitHub repositories and Azure Pipelines
- Develop and implement pipeline trigger rules
- Develop pipelines by using YAML
- Design and implement a strategy for job execution order, including parallelism and multi-stage
- Develop and implement complex pipeline scenarios, such as hybrid pipelines and self-hosted runners
- Create reusable pipeline elements, including YAML templates, task groups, and variable groups
- Design and implement checks and approvals by using YAML-based environments
Design and implement deployments
Deployment strategies control how new code reaches production. Blue-green swaps between two identical environments, canary gradually shifts traffic, ring deploys in expanding waves, and feature flags enable toggling features without redeploying. Know the trade-offs of each.
- Design a deployment strategy, including blue-green, canary, ring, progressive exposure, feature flags, and A/B testing
- Design a pipeline to ensure that dependency deployments are reliably ordered
- Plan for minimising downtime during deployments by using load balancing, rolling deployments, and deployment slots
- Design a hotfix path plan for responding to high-priority code fixes
- Design and implement a resiliency strategy for deployment
- Implement feature flags by using Azure App Configuration Feature Manager
- Implement application deployment by using containers, binaries, and scripts
- Implement a deployment that includes database tasks
Design and implement infrastructure as code (IaC)
IaC treats infrastructure the same as application code — version-controlled, tested, and deployed through pipelines. You need to know ARM templates, Bicep, Terraform, Azure Automation DSC, and Azure Deployment Environments.
- Recommend a configuration management technology for application infrastructure
- Implement a configuration management strategy for application infrastructure
- Define an IaC strategy, including source control and automation of testing and deployment
- Design and implement desired state configuration for environments
- Design and implement Azure Deployment Environments for on-demand self-deployment
Maintain pipelines
- Monitor pipeline health, including failure rate, duration, and flaky tests
- Optimise a pipeline for cost, time, performance, and reliability
- Optimise pipeline concurrency for performance and cost
- Design and implement a retention strategy for pipeline artifacts and dependencies
- Migrate a pipeline from classic to YAML in Azure Pipelines
Develop a security and compliance plan (10–15%)
DevSecOps — integrating security into every stage of the pipeline. This covers authentication (managed identities, PATs, service connections), secret management (Key Vault, secretless auth), and automated security scanning (GitHub Advanced Security, Dependabot, Defender for DevOps).
Design and implement authentication and authorization methods
- Choose between Entra service principals and managed identities
- Implement and manage GitHub authentication, including GitHub Apps, GITHUB_TOKEN, and PATs
- Implement and manage Azure DevOps service connections and PATs
- Design and implement permissions and roles in GitHub
- Design and implement permissions and security groups in Azure DevOps
- Recommend appropriate access levels, including stakeholder access and outside collaborator access
- Configure projects and teams in Azure DevOps
Design and implement a strategy for managing sensitive information in automation
- Implement and manage secrets, keys, and certificates by using Azure Key Vault
- Implement and manage secrets and secretless authentication (e.g., workload identity federation/OIDC)
- Design and implement a strategy for managing sensitive files during deployment
- Design pipelines to prevent leakage of sensitive information
Automate security and compliance scanning
- Design a strategy for security and compliance scanning
- Configure Microsoft Defender for Cloud DevOps Security
- Configure GitHub Advanced Security for both GitHub and Azure DevOps
- Integrate GitHub Advanced Security with Microsoft Defender for Cloud
- Automate container scanning, including scanning container images and CodeQL analysis
- Automate analysis of licensing, vulnerabilities, and versioning by using Dependabot alerts
Implement an instrumentation strategy (5–10%)
The smallest domain — but still testable. It covers configuring monitoring with Azure Monitor and Application Insights, setting up alerts for pipeline events, and analysing infrastructure and application metrics using KQL.
Configure monitoring for a DevOps environment
- Configure Azure Monitor and Azure Monitor Logs to integrate with DevOps tools
- Configure collection of telemetry by using Application Insights, VM Insights, Container Insights
- Configure monitoring in GitHub, including enabling insights and creating charts
- Configure alerts for events in GitHub Actions and Azure Pipelines
Analyze metrics from instrumentation
- Inspect infrastructure performance indicators, including CPU, memory, disk, and network
- Analyze metrics by using collected telemetry, including usage and application performance
- Inspect distributed tracing by using Application Insights
- Interrogate logs using basic KQL queries
Quick Links
- 📝 Official Exam Page
- 📖 Microsoft Study Guide
- 🎯 Practice Assessment | Design and implement processes and communications | 10-15% | | Design and implement a source control strategy | 10-15% | | Design and implement build and release pipelines | 50-55% | | Develop a security and compliance plan | 10-15% | | Implement an instrumentation strategy | 5-10% |
Skills Measured
Design and implement processes and communications (10–15%)
Design and implement traceability and flow of work
- Design and implement a structure for the flow of work, including GitHub Flow
- Design and implement a strategy for feedback cycles, including notifications and GitHub issues
- Design and implement integration for tracking work, including GitHub projects, Azure Boards, and repositories
- Design and implement source, bug, and quality traceability
Design and implement appropriate metrics and queries for DevOps
- Design and implement a dashboard, including flow of work, such as cycle times, time to recovery, and lead time
- Design and implement appropriate metrics and queries for project planning
- Design and implement appropriate metrics and queries for development
- Design and implement appropriate metrics and queries for testing
- Design and implement appropriate metrics and queries for security
- Design and implement appropriate metrics and queries for delivery
- Design and implement appropriate metrics and queries for operations
Configure collaboration and communication
- Document a project by configuring wikis and process diagrams, including Markdown and Mermaid syntax
- Configure release documentation, including release notes and API documentation
- Automate creation of documentation from Git history
- Configure integration by using webhooks
- Configure integration between Azure Boards and GitHub repositories
- Configure integration between GitHub or Azure DevOps and Microsoft Teams
Design and implement a source control strategy (10–15%)
Design and implement branching strategies for the source code
- Design a branch strategy, including trunk-based, feature branch, and release branch
- Design and implement a pull request workflow by using branch policies and branch protection rules
- Implement branch merging restrictions by using branch policies and branch protection rules
Configure and manage repositories
- Design and implement a strategy for managing large files, including Git Large File Storage (LFS) and git-fat
- Design a strategy for scaling and optimizing a Git repository, including Scalar and cross-repository sharing
- Configure permissions in the source control repository
- Configure tags to organize the source control repository
- Recover specific data by using Git commands
- Remove specific data from source control
Design and implement build and release pipelines (50–55%)
Design and implement a package management strategy
- Recommend package management tools including GitHub Packages and Azure Artifacts
- Design and implement package feeds and views for local and upstream packages
- Design and implement a dependency versioning strategy for code assets and packages, including semantic versioning (SemVer) and date-based (CalVer)
- Design and implement a versioning strategy for pipeline artifacts
Design and implement a testing strategy for pipelines
- Design and implement quality and release gates, including security and governance
- Design a comprehensive testing strategy, including local tests, unit tests, integration tests, and load tests
- Implement tests in a pipeline, including configuring test tasks, configuring test agents, and integration of test results
- Implement code coverage analysis
Design and implement pipelines
- Select a deployment automation solution, including GitHub Actions and Azure Pipelines
- Design and implement a GitHub runner or Azure DevOps agent infrastructure, including cost, tool selection, licenses, connectivity, and maintainability
- Design and implement integration between GitHub repositories and Azure Pipelines
- Develop and implement pipeline trigger rules
- Develop pipelines by using YAML
- Design and implement a strategy for job execution order, including parallelism and multi-stage pipelines
- Develop and implement complex pipeline scenarios, such as hybrid pipelines, VM templates, and self-hosted runners or agents
- Create reusable pipeline elements, including YAML templates, task groups, variables, and variable groups
- Design and implement checks and approvals by using YAML-based environments
Design and implement deployments
- Design a deployment strategy, including blue-green, canary, ring, progressive exposure, feature flags, and A/B testing
- Design a pipeline to ensure that dependency deployments are reliably ordered
- Plan for minimizing downtime during deployments by using load balancing, rolling deployments, and deployment slot usage and swap
- Design a hotfix path plan for responding to high-priority code fixes
- Design and implement a resiliency strategy for deployment
- Implement feature flags by using Azure App Configuration Feature Manager
- Implement application deployment by using containers, binaries, and scripts
- Implement a deployment that includes database tasks
Design and implement infrastructure as code (IaC)
- Recommend a configuration management technology for application infrastructure
- Implement a configuration management strategy for application infrastructure
- Define an IaC strategy, including source control and automation of testing and deployment
- Design and implement desired state configuration for environments, including Azure Automation State Configuration, Azure Resource Manager, Bicep, and Azure Machine Configuration
- Design and implement Azure Deployment Environments for on-demand self-deployment
Maintain pipelines
- Monitor pipeline health, including failure rate, duration, and flaky tests
- Optimize a pipeline for cost, time, performance, and reliability
- Optimize pipeline concurrency for performance and cost
- Design and implement a retention strategy for pipeline artifacts and dependencies
- Migrate a pipeline from classic to YAML in Azure Pipelines
Develop a security and compliance plan (10–15%)
Design and implement authentication and authorization methods
- Choose between Microsoft Entra service principals and managed identities for Azure resources (system-assigned and user-assigned)
- Implement and manage GitHub authentication, including GitHub Apps, GITHUB_TOKEN, and personal access tokens
- Implement and manage Azure DevOps service connections and personal access tokens
- Design and implement permissions and roles in GitHub
- Design and implement permissions and security groups in Azure DevOps
- Recommend appropriate access levels, including stakeholder access in Azure DevOps and outside collaborator access in GitHub
- Configure projects and teams in Azure DevOps
Design and implement a strategy for managing sensitive information in automation
- Implement and manage secrets, keys, and certificates by using Azure Key Vault
- Implement and manage secrets and secretless authentication (for example, workload identity federation/OpenID Connect) in GitHub Actions and Azure Pipelines
- Design and implement a strategy for managing sensitive files during deployment, including Azure Pipelines secure files
- Design pipelines to prevent leakage of sensitive information
Automate security and compliance scanning
- Design a strategy for security and compliance scanning, including dependency, code, secret, and licensing scanning
- Configure Microsoft Defender for Cloud DevOps Security
- Configure GitHub Advanced Security for both GitHub and Azure DevOps
- Integrate GitHub Advanced Security with Microsoft Defender for Cloud
- Automate container scanning, including scanning container images and configuring an action to run CodeQL analysis in a container
- Automate analysis of licensing, vulnerabilities, and versioning of open-source components by using Dependabot alerts
Implement an instrumentation strategy (5–10%)
Configure monitoring for a DevOps environment
- Configure Azure Monitor and Azure Monitor Logs to integrate with DevOps tools
- Configure collection of telemetry by using Application Insights, VM Insights, Container Insights, Azure Monitor for Storage, and Azure Monitor for Networks
- Configure monitoring in GitHub, including enabling insights and creating and configuring charts
- Configure alerts for events in GitHub Actions and Azure Pipelines
Analyze metrics from instrumentation
- Inspect infrastructure performance indicators, including CPU, memory, disk, and network
- Analyze metrics by using collected telemetry, including usage and application performance
- Inspect distributed tracing by using Application Insights
- Interrogate logs using basic Kusto Query Language (KQL) queries