DevOps in a hybrid environment

Azure Active Directory
Key Vault

Solution ideas

This article is a solution idea. If you'd like us to expand the content with more information, such as potential use cases, alternative services, implementation considerations, or pricing guidance, let us know by providing GitHub feedback.

In many scenarios, the adoption of the Azure cloud as a business solution involves the migration of an on-premises environment. It's not practical to deprecate the on-premises environment quickly, and in many cases the on-premises environment will need to persist alongside the cloud environment for a significant amount of time. The tools provided in Azure allow for the implementation of a DevOps strategy that capably manages both cloud and on-premises environments in tandem.

Potential use cases

Organizations have adopted this solution to:

  • Accelerate time to market.
  • Build more agile practices.
  • Shift into a more rolling product-delivery approach.
  • Deploying changes with little to no system downtime.


Architecture diagram shows the developer to Azure Boards, GitHub, then to Azure Pipelines into Terraform and Azure A D: devops in a hybrid environment.

Download a Visio file of this architecture.


  1. GitHub Enterprise is used as the code repository for the application
  2. Pull Requests trigger CI builds and automated testing in Azure Pipelines
  3. Continuous monitoring with Azure Monitor extends to release pipelines to gate or rollback releases based on monitoring data
  4. A release on Azure Pipelines integrates the Terraform tool, managing both cloud and on-premises infrastructure as code, provisioning resources such as Azure Web Apps, VMs, and databases in both locations
  5. Azure Pipelines define both Continuous Delivery (CD) to a development environment in the cloud, and release deployments to an on-premises production environment.
  6. Azure Key Vault is used to securely inject secrets and credentials into a deployment, abstracting secrets away from developers
  7. Azure Monitor can be configured to log analytics from both the cloud and on-premises environments. Application Insights as a part of Azure Monitor can be connected to both cloud and on-premises applications for monitoring
  8. Azure AD in the cloud can be used to provide identity services for the application, both running on Azure and on-premises.


  • Azure Boards: Use Azure Board to plan work and track its progress, using Agile tools such as Kanban boards.
  • Source code is hosted on GitHub Enterprise, where developers can collaborate within your organization and the open source communities. GitHub Enterprise offers advanced security features to identify vulnerabilities in the code you write and in open source dependencies.
  • Azure Pipelines runs Continuous Integration and Continuous Delivery jobs for your application, as well as the creation of your infrastructure with the integration with Terraform.
  • You can use Azure Key Vault to store certificates, connection strings, tokens, and other secrets. These are read by your application at run-time, so they're abstracted away from your developers
  • Terraform is a third-party product developed by HashiCorp that allows infrastructure automation on Azure, on-premises, and other environments
  • Using Azure Monitor lets you get insights on the availability and performance of your application and infrastructure.
  • Azure AD provides identity and access management services for your application, both on-premises and on the cloud. Azure AD can synchronize with an on-premises Active Directory to seamlessly allow your users to authenticate everywhere.
  • Azure Web Apps is a managed platform for hosting web-based applications in the cloud.
  • Azure SQL Database is a managed database service for transactional applications.


This article is maintained by Microsoft. It was originally written by the following contributors.

Principal author: