AZ-400: Designing and Implementing Microsoft DevOps Solutions
Design and Implement Pipelines
Exploring Self Hosted Build Agents
Self-hosted build agents let you run Azure DevOps pipelines on machines you control. Unlike Microsoft-hosted agents, you can install custom software, configure security policies, and optimize hardware for your specific workloads. By managing your own infrastructure, you can reduce costs, improve performance, and ensure every tool or SDK you need is available on the agent.
1. Create a Personal Access Token (PAT)
Before registering an agent, you must generate a PAT in Azure DevOps.
- Click the Settings (gear) icon near your avatar, then select Personal access tokens.
- Choose New Token.
- Enter a descriptive Name and set an Expiration date.
- Under Scopes, grant only the minimum permissions:
- Agent Pools: read & manage
- Build: read & execute
Warning
Always restrict your PAT to the least-privilege scopes required. Avoid selecting Full Access unless absolutely necessary.
- Click Create, then immediately Copy the token—this is the only time it will be displayed.
2. Add a Self-Hosted Agent Pool
Now create a dedicated pool to organize your self-hosted agents.
- In your project, open Project settings (bottom-left).
- Select Agent pools.
- Click Add pool, choose Self-hosted, and fill in:
- Pool name:
KodeKloudCustomer
- Optionally, check Grant access permission to all pipelines
- Pool name:
- Click Create.
3. Download, Configure & Run the Agent
Select the agent package for your OS and follow these steps:
Windows PowerShell
PS C:\> mkdir agent; cd agent
PS C:\agent> Add-Type -AssemblyName System.IO.Compression.FileSystem
PS C:\agent> [System.IO.Compression.ZipFile]::ExtractToDirectory("$HOME\Downloads\vsts-agent-win-x64-3.243.1.zip", "$PWD")
PS C:\agent> .\config.cmd
PS C:\agent> .\run.cmd
Linux Bash
$ mkdir myagent && cd myagent
$ tar zxvf ~/Downloads/vsts-agent-linux-x64-3.243.1.tar.gz
$ ./config.sh
$ ./run.sh
During configuration, you will be prompted for:
- Server URL: e.g.,
https://dev.azure.com/yourOrg/
- Authentication type: press Enter for PAT
- Personal access token: paste your PAT
- Agent pool: press Enter for
KodeKloudCustomer
- Agent name: accept the default or enter a custom name
- Work folder: default is
_work
- Run as service: choose Yes/No
Sample Interactive Session on Windows
PS C:\agent> .\config.cmd
AzurePipelines agent v3.243.1 (commit 3bb22cd)
>> Connect:
Enter server URL > https://dev.azure.com/jeremy0665/
Enter authentication type (press enter for PAT)
Enter personal access token > ***********************************************************************
Connecting to server ...
>> Register Agent:
Enter agent pool (press enter for default) > KodeKloudCustomer
Enter agent name (press enter for DIGITALSTORM) > KodeKloudAgent1
Enter work folder (press enter for _work) >
Run agent as service? (Y/N) > N
Note
If you choose to run the agent as a service (Y
), it will automatically start on machine reboot.
Starting the Agent
PS C:\agent> .\run.cmd
2024-09-11 05:24:11Z: Listening for Jobs
Your agent should now appear Online and Idle in the KodeKloudCustomer
pool, ready to process pipeline jobs.
4. Troubleshooting & Best Practices
Issue | Recommendation |
---|---|
Connection failures | Ensure firewall allows outbound traffic to *.dev.azure.com |
Authentication errors | Double-check PAT validity and assigned scopes |
Dependency issues | Install and update required SDKs, CLIs, or packages |
Monitoring agent health | Review agent logs under _diag folder |
Security hardening | Patch OS regularly; use containers for isolation |
Note
Consider using containerized agents if you need rapid scaling and tighter isolation between builds.
Regularly update your agent binaries, monitor performance metrics, and audit access to maintain a secure and reliable build environment.
References
Watch Video
Watch video content