I recently wrote about testing Github tools for Conditional Access automation. I felt I would also need to test similar options with Azure DevOps. Since I’ve worked bit more with Azure DevOps; Turns out this integration is bit easier for me to do in Azure DevOps.
Tooling
- Node.JS ”CA-Manager” this is the part that different pipelines invoke for operations on CA and GIT
- Azure Pipelines are used to control the Node.JS ”CA-Manager”
Demo
- Admin changes the CA-Policy via modifying the shadow policy
- Azure DevOps Pipeline ”Shadow Policies” picks up the change (timer trigger, but triggered manually in the demo to avoid delay)
- Azure Devops submits Pull request from the pipeline itself
bash: node pr.js $(System.AccessToken) $(System.CollectionUri) $(Build.SourceBranch) $(Build.Repository.ID)
- Admin receives the pull request notification and views the changes in the commit
- Admin approves the pull request and completes the merge
- Merging of the pull request kicks off the CA Update pipeline
- After the pipeline completes the changes are now in prod
- Admin reviews the changes from Conditional Access policies
SecureCloudBlog 
0 comments on “Demo: Conditional Access Automation with Azure DevOps and Node.JS”