Microsoft announces Azure tools to help developers deploy complex environments and secure their apps

At Build 2023, Microsoft revealed how its new Azure tools can save developers time and stress.
Written by David Gewirtz, Senior Contributing Editor
Microsoft sign logo
Photo by Cesc Maymo/Getty Images

At Build 2023 today, Microsoft announced the general availability of Azure Deployment Environments. This capability helps developers and infrastructure admins play nice with each other.

Here's the challenge this tool helps to solve. Back in the day, if you were building an application, you might need a complex network backend to provide all the services the app needs.

Also: Microsoft makes a push for AI responsibility and safety through Azure

Azure Deployment Environments does all that work automatically. The infrastructure admin teams define, using an infrastructure-as-code approach, the full environmental structure. They can manage costs, time-to-live, organizational security, and best practices. These environmental structures then become templates in Azure.

Screenshot by David Gewirtz/ZDNET

When a developer needs that infrastructure to develop and test their code, all they need to do is go to their portal and choose the infrastructure template they want. Azure Deployment Environments then spins up the entire infrastructure and even provides a global Web URL so the developer can share front-end access with clients and team members.

Overall, Azure Deployment Environments can be a huge time savings, reduce deeply frustrating configuration errors, and allow coders to code and admins to admin. The service is free to Azure customers.

Next up is another tool that can ease the workload of developers and reduce the worry of admins: GitHub Advanced Security for Azure DevOps. Last year, Microsoft announced this service was coming, and now, Microsoft is announcing the availability of a public preview.

Also: Bolstered Dev Box leads developer delights at Microsoft Build 2023

This brings the GitHub Advanced Security features to Azure DevOps, integrating directly into Azure Repos and Azure Pipelines. There are three main capabilities that can make developers' lives easier and make their organizations more secure:

Secret scanning: Blocks the push of code that contains credentials (like passwords and API keys) to repositories, and also scans repos to find any already-published credentials. Since so many breaches are the result of leaked credentials, this is a powerful way to protect your organization (and, probably, your job).

Dependency scanning: Checks to make sure any packages you rely on don't contain any known vulnerabilities and lets you know if you're relying on something that could cause security issues.

Screenshot by David Gewirtz/ZDNET

Code scanning: Scans your code for coding errors, like failing to validate input, that can lead to security issues. Uses the CodeQL static analysis engine and tests languages including C/C++, C#, Go, Java and Kotlin, JavaScript and TypeScript, Python, and Ruby.

Pricing will be $49 per active committer per month, the same as for GitHub Advanced Security and will be done through your regular Azure billing cycle. Scheduling for general availability has not yet been announced.

You can follow my day-to-day project updates on social media. Be sure to follow me on Twitter at @DavidGewirtz, on Facebook at Facebook.com/DavidGewirtz, on Instagram at Instagram.com/DavidGewirtz, and on YouTube at YouTube.com/DavidGewirtzTV.

Editorial standards