Ask Downloads
Domain 4 β€” Module 7 of 12 58%
25 of 30 overall
Domain 4: Design Infrastructure Solutions Free ⏱ ~15 min read

App Configuration & Automated Deployment

Azure App Configuration, feature flags, and IaC with ARM/Bicep β€” design configuration management and deployment pipelines that enable safe, repeatable releases.

Configuration and deployment design

Simple explanation

Configuration is the knobs and dials of your application. Connection strings, feature toggles, environment-specific settings. Azure App Configuration centralises these so you don’t scatter settings across app code, environment variables, and Key Vault.

Deployment automation means your infrastructure and applications are deployed by code (IaC), not by clicking buttons. ARM templates, Bicep, Terraform, and CI/CD pipelines make deployments repeatable, auditable, and safe.

Azure App Configuration

FeatureDescription
Key-value storeCentralised settings for all apps and environments
LabelsSame key, different values per environment (dev/staging/prod)
Feature flagsToggle features on/off without redeployment
Key Vault referencesReference secrets in Key Vault β€” App Config stores the reference, not the secret
Sentinel keyWatch a single key for changes β€” triggers config refresh in connected apps
SnapshotsPoint-in-time snapshots of configuration for rollback

πŸš€ Marcus’s config design: NovaSaaS uses App Configuration as the single source of truth:

  • Labels: dev, staging, prod β€” same keys, environment-specific values
  • Feature flags: New features rolled out to 10% of tenants, then 50%, then 100%
  • Key Vault references: Connection strings stored in Key Vault, referenced from App Config
  • Sentinel key: AppConfig:Version β€” when changed, all apps refresh their configuration

Infrastructure as Code

IaC Tools Comparison
FactorARM TemplatesBicepTerraform
LanguageJSON (verbose)DSL (clean, readable)HCL (HashiCorp)
Azure-nativeYes β€” first-partyYes β€” compiles to ARMNo β€” multi-cloud
State managementAzure handles (deployment history)Azure handles (compiles to ARM)State file (local/remote)
Multi-cloudNo β€” Azure onlyNo β€” Azure onlyYes β€” AWS, GCP, Azure
Modules/reuseLinked templates (complex)Modules (simple)Modules (mature ecosystem)
What-if/planYes (what-if)Yes (what-if)Yes (plan)
Best forLegacy templates, complex nested deploymentsNew Azure deployments, ARM migrationMulti-cloud, existing Terraform investment
Exam tip: Bicep is the recommended Azure IaC tool

Microsoft recommends Bicep for new Azure IaC projects. It compiles to ARM JSON, so there’s no risk β€” it’s syntactic sugar over ARM templates. If the exam asks about β€œAzure-native IaC” or β€œinfrastructure as code for Azure,” Bicep is the expected answer unless the scenario mentions multi-cloud (then Terraform).

Deployment patterns

PatternHow It WorksRiskBest For
Blue-GreenDeploy to inactive slot, swap when validatedLow β€” instant rollback by swapping backWeb apps with App Service deployment slots
CanaryRoute small % of traffic to new versionLow β€” limited blast radiusAPIs, microservices with traffic splitting
Ring-basedDeploy to ring 0 (team) β†’ ring 1 (early adopters) β†’ ring 2 (all)Lowest β€” progressive exposureLarge-scale services, multi-tenant SaaS
RollingUpdate instances in batchesMedium β€” mixed versions during rolloutVMSS, AKS rolling updates

πŸ›οΈ David’s deployment discipline: CloudPath Advisory requires:

  • All infrastructure defined in Bicep β€” no portal clicking for production
  • GitHub Actions pipelines β€” automated lint β†’ validate β†’ what-if β†’ deploy
  • Blue-green deployments for App Service β€” swap slots after smoke test
  • Ring-based for multi-tenant updates β€” internal users first, then pilot tenants, then all

Knowledge check

Question

What does Azure App Configuration provide that Key Vault doesn't?

Click or press Enter to reveal answer

Answer

App Configuration stores non-secret settings (feature flags, app settings, configuration metadata) with labels per environment, sentinel-based refresh, and feature management. Key Vault is for secrets, keys, certificates, and connection strings (which are secrets). Use both together: App Config for non-secret settings + Key Vault references for any sensitive values.

Click to flip back
Question

What's the recommended IaC tool for Azure-native deployments?

Click or press Enter to reveal answer

Answer

Bicep. It compiles to ARM JSON, uses clean readable syntax, and has native Azure module support. ARM templates are legacy (verbose JSON). Terraform is for multi-cloud scenarios. For Azure-only, Bicep is the standard recommendation.

Click to flip back
Question

What's the advantage of deployment slots over direct deployment?

Click or press Enter to reveal answer

Answer

Slots let you deploy to a staging slot, validate, then swap into production with zero downtime. The swap is instant (just a VIP change). If something is wrong, swap back immediately. Slots also warm up the app before production traffic hits it β€” eliminating cold-start issues during deployments.

Click to flip back
Knowledge Check

πŸš€ Marcus wants to release a new billing feature to 5% of NovaSaaS tenants first, then gradually expand to all tenants. The feature should be toggleable without redeployment. Which approach should he use?
Knowledge Check

πŸ›οΈ David's government client requires all infrastructure changes to be version-controlled, peer-reviewed, and deployed through an automated pipeline with no manual portal changes. Development, staging, and production must use identical configurations. Which approach should David recommend?

Next up: Moving to the cloud β€” Migration Strategy & Assessment.