Active Deployments
Orchestrate complex deployments across Microsoft 365 services with automated pipelines. Deploy configurations, policies, apps, and settings to multiple tenants with validation, rollback capabilities, and detailed tracking.
Note: Deploy standardized configurations across all managed tenants from a single pipeline. Maintain consistency while allowing tenant-specific customizations.
Deployment Types
Configuration Deployment
Deploy Intune policies, Conditional Access rules, compliance policies, and security configurations.
- Device configuration profiles
- Compliance policies
- Conditional Access policies
- Security baselines
- Settings catalog profiles
Application Deployment
Deploy applications to devices via Intune. Supports Win32 apps, Microsoft Store apps, and LOB applications.
- Win32 applications
- Microsoft Store apps
- iOS/Android apps
- Web links
- Office suite deployment
Script Deployment
Deploy PowerShell and shell scripts to managed devices for custom configurations and remediation.
- PowerShell scripts
- Shell scripts (macOS)
- Proactive remediation
- Platform scripts
Identity Configuration
Deploy Entra ID configurations including authentication methods, named locations, and administrative units.
- Authentication methods
- Named locations
- Administrative units
- App registrations
Multi-Tenant Deployment
Deploy configurations to multiple tenants simultaneously:
| Tenant | Status | Items | Progress |
|---|---|---|---|
| Contoso Corp | Complete | 12/12 | 100% |
| Fabrikam Inc | In Progress | 8/12 | 67% |
| Northwind LLC | Pending | 0/12 | 0% |
Deployment Strategies
Rolling Deployment
Deploy to tenants sequentially with configurable batch sizes. Pause on failures for investigation.
Use case: Cautious rollout with manual validation between batches.
Parallel Deployment
Deploy to all tenants simultaneously for fastest completion. Best for tested, stable configurations.
Use case: Urgent security updates across all tenants.
Canary Deployment
Deploy to a small subset first, then expand if successful. Automatic promotion based on health metrics.
Use case: Testing new configurations with minimal risk.
Scheduled Deployment
Queue deployment for a future time, typically during maintenance windows or off-hours.
Use case: Planned changes during low-usage periods.
Validation and Conflicts
Pre-Deployment Validation
Automatic checks before deployment begins:
- License requirements met
- Required permissions available
- No naming conflicts
- Dependencies satisfied
- Target groups exist
Conflict Detection
- Policy name conflict — “Security Baseline” already exists. Options: rename, merge, or skip.
- Assignment overlap — Group “All Users” already has conflicting policy assigned.
Rollback
Undo deployments when issues are discovered:
- Automatic Rollback — Triggered when deployment fails validation or health checks. Reverts all changes in the deployment.
- Manual Rollback — Initiate rollback from deployment history. Select specific items to revert or roll back entire deployment.
Note: Some items cannot be rolled back (deleted items, user data changes). Review rollback preview before execution.
Best Practices
- Use canary deployments for new configurations — Test on a small subset of tenants before full rollout
- Version your deployment packages — Maintain version history for tracking and rollback purposes
- Review deployment plan before execution — Always check what will be created, modified, or deleted
- Schedule large deployments during maintenance windows — Reduce user impact by deploying during off-hours
API Reference
GET /api/automation/deployments— List deployment historyPOST /api/automation/deployments— Create and execute deploymentPOST /api/automation/deployments/:id/validate— Validate deployment before executionPOST /api/automation/deployments/:id/rollback— Rollback completed deploymentGET /api/automation/packages— List deployment packages