Build Self-Service Pipeline to Deploy Self-Hosted Environment Agents on Azure Workloads — The Token Phase

Gijs Reijn
10 min readApr 15, 2024

What constantly still struck me, is the fact that when you deploy a self-hosted Windows environment agent from Azure DevOps Services, it only supports Personal Access Tokens (PAT).

Figure 1 — Authentication options for Windows Agent

Yeah, you can probably relate to it, and it is still unfortunately the only option available in 2024.

Although I have installed countless agents onto environments, it was always done manually and if there is one thing that I don’t like doing, is repetitive steps over and over again by hand…

With more focus on platform engineering practices these days, I wondered how to build a self-service capability to deploy an environment agent onto Azure workloads, especially Windows.

That’s where the idea struck, why not use the same tool to deploy environment agents using a pipeline and leverage its API to do some tricks…

In this step-by-step article, you will learn how to use the REST API of Azure DevOps Services by creating PAT in a programmatical fashion.

When you’ve got the PAT, you can register environment agents, which are those resource types in environments you can add to an Azure Virtual Machine.



Gijs Reijn

Providing tips, tricks, best practices, solutions, and nonsense that might help your IT workday thrive.