Network Architecture Document: DevOps for RPA & Power Platform
Project: Automated Lifecycle Management (ALM) for UiPath & Power Platform
Date: December 2025
Based on: Proposta Técnica Ball DevOps - 2025.1440.01
Document Type: Network & Communication Architecture
1. Overview
This document details the network communication architecture for the DevOps CI/CD solution. All communications are based on SaaS services with HTTPS/TLS encryption, requiring only outbound connections from build agents.
Key Principles:
- All communications use HTTPS (port 443) with TLS 1.2+
- No inbound firewall rules required
- Authentication via OAuth 2.0, Service Principals, and API Keys
- Environment isolation through separate credentials and Variable Groups
2. High-Level Network Topology
2.1 Microsoft-Hosted Agents (Recommended)
This topology uses Azure-managed ephemeral agents with zero customer infrastructure requirements.
Erro ao renderizar diagrama Mermaid:
No input file specified, reading from stdin. If you want to specify an input file, please use `-i .` You can use `-i -` to read from stdin and to suppress this warning.
Error: Failed to launch the browser process!
[0121/135832.755502:FATAL:zygote_host_impl_linux.cc(128)] No usable sandbox! If you are running on Ubuntu 23.10+ or another Linux distro that has disabled unprivileged user namespaces with AppArmor, see https://chromium.googlesource.com/chromium/src/+/main/docs/security/apparmor-userns-restrictions.md. Otherwise see https://chromium.googlesource.com/chromium/src/+/main/docs/linux/suid_sandbox_development.md for more information on developing with the (older) SUID sandbox. If you want to live dangerously and need an immediate workaround, you can try using --no-sandbox.
TROUBLESHOOTING: https://pptr.dev/troubleshooting
at Interface.onClose (file:///opt/hostedtoolcache/node/20.19.6/x64/lib/node_modules/@mermaid-js/mermaid-cli/node_modules/@puppeteer/browsers/lib/esm/launch.js:303:24)
at Interface.emit (node:events:536:35)
at Interface.close (node:internal/readline/interface:530:10)
at Socket.onend (node:internal/readline/interface:256:10)
at Socket.emit (node:events:536:35)
at endReadableNT (node:internal/streams/readable:1698:12)
at process.processTicksAndRejections (node:internal/process/task_queues:82:21)
Key Characteristics:
- ✅ No customer infrastructure to manage
- ✅ No firewall configuration required
- ✅ Automatic updates and security patches
- ✅ Ephemeral - clean environment for each build
- ✅ Ideal for cloud-based UiPath Orchestrator
2.2 Self-Hosted Agents (Optional)
This topology requires customer-managed infrastructure, typically used for specific network requirements or compliance scenarios.
Erro ao renderizar diagrama Mermaid:
No input file specified, reading from stdin. If you want to specify an input file, please use `-i .` You can use `-i -` to read from stdin and to suppress this warning.
Error: Failed to launch the browser process!
[0121/135833.314372:FATAL:zygote_host_impl_linux.cc(128)] No usable sandbox! If you are running on Ubuntu 23.10+ or another Linux distro that has disabled unprivileged user namespaces with AppArmor, see https://chromium.googlesource.com/chromium/src/+/main/docs/security/apparmor-userns-restrictions.md. Otherwise see https://chromium.googlesource.com/chromium/src/+/main/docs/linux/suid_sandbox_development.md for more information on developing with the (older) SUID sandbox. If you want to live dangerously and need an immediate workaround, you can try using --no-sandbox.
TROUBLESHOOTING: https://pptr.dev/troubleshooting
at Interface.onClose (file:///opt/hostedtoolcache/node/20.19.6/x64/lib/node_modules/@mermaid-js/mermaid-cli/node_modules/@puppeteer/browsers/lib/esm/launch.js:303:24)
at Interface.emit (node:events:536:35)
at Interface.close (node:internal/readline/interface:530:10)
at Socket.onend (node:internal/readline/interface:256:10)
at Socket.emit (node:events:536:35)
at endReadableNT (node:internal/streams/readable:1698:12)
at process.processTicksAndRejections (node:internal/process/task_queues:82:21)
Key Characteristics:
- ⚠️ Customer must provision and maintain Ubuntu VM
- ⚠️ Requires firewall configuration for outbound HTTPS
- ⚠️ Customer responsible for patching and updates
- ✅ Static IP for predictable whitelisting
- ✅ Useful for specific compliance or network requirements
3. Communication Endpoints & Protocols
3.1 Azure DevOps
| Endpoint | Protocol | Port | Purpose |
|---|---|---|---|
dev.azure.com |
HTTPS | 443 | Main Azure DevOps portal |
*.visualstudio.com |
HTTPS | 443 | Legacy endpoints and APIs |
vstsagentpackage.azureedge.net |
HTTPS | 443 | Agent package downloads |
*.vsblob.visualstudio.com |
HTTPS | 443 | Blob storage for artifacts |
*.vsassets.io |
HTTPS | 443 | Static assets |
3.2 Azure Key Vault
| Endpoint | Protocol | Port | Purpose |
|---|---|---|---|
*.vault.azure.net |
HTTPS | 443 | Secret retrieval and management |
login.microsoftonline.com |
HTTPS | 443 | Azure AD authentication |
3.3 Power Platform
| Endpoint | Protocol | Port | Purpose |
|---|---|---|---|
*.crm.dynamics.com |
HTTPS | 443 | Dataverse API |
*.powerapps.com |
HTTPS | 443 | Power Apps services |
api.powerplatform.com |
HTTPS | 443 | Power Platform Admin API |
*.api.bap.microsoft.com |
HTTPS | 443 | Business Application Platform |
login.microsoftonline.com |
HTTPS | 443 | OAuth 2.0 authentication |
3.4 UiPath Orchestrator
| Endpoint | Protocol | Port | Purpose |
|---|---|---|---|
cloud.uipath.com |
HTTPS | 443 | UiPath Automation Cloud |
orchestrator.uipath.com |
HTTPS | 443 | Orchestrator API |
identity.uipath.com |
HTTPS | 443 | Identity Server (OAuth) |
3.5 Package Repositories
| Endpoint | Protocol | Port | Purpose |
|---|---|---|---|
api.nuget.org |
HTTPS | 443 | NuGet packages |
*.nuget.org |
HTTPS | 443 | NuGet CDN |
pkgs.dev.azure.com |
HTTPS | 443 | Azure Artifacts feeds |
uipath.pkgs.visualstudio.com |
HTTPS | 443 | UiPath Official Activity Feed |
gallery.uipath.com |
HTTPS | 443 | UiPath Marketplace |
4. Authentication Flows
4.1 Azure DevOps to Azure Key Vault
Erro ao renderizar diagrama Mermaid:
No input file specified, reading from stdin. If you want to specify an input file, please use `-i .` You can use `-i -` to read from stdin and to suppress this warning.
Error: Failed to launch the browser process!
[0121/135833.876563:FATAL:zygote_host_impl_linux.cc(128)] No usable sandbox! If you are running on Ubuntu 23.10+ or another Linux distro that has disabled unprivileged user namespaces with AppArmor, see https://chromium.googlesource.com/chromium/src/+/main/docs/security/apparmor-userns-restrictions.md. Otherwise see https://chromium.googlesource.com/chromium/src/+/main/docs/linux/suid_sandbox_development.md for more information on developing with the (older) SUID sandbox. If you want to live dangerously and need an immediate workaround, you can try using --no-sandbox.
TROUBLESHOOTING: https://pptr.dev/troubleshooting
at Interface.onClose (file:///opt/hostedtoolcache/node/20.19.6/x64/lib/node_modules/@mermaid-js/mermaid-cli/node_modules/@puppeteer/browsers/lib/esm/launch.js:303:24)
at Interface.emit (node:events:536:35)
at Interface.close (node:internal/readline/interface:530:10)
at Socket.onend (node:internal/readline/interface:256:10)
at Socket.emit (node:events:536:35)
at endReadableNT (node:internal/streams/readable:1698:12)
at process.processTicksAndRejections (node:internal/process/task_queues:82:21)
4.2 Pipeline to Power Platform
Erro ao renderizar diagrama Mermaid:
No input file specified, reading from stdin. If you want to specify an input file, please use `-i .` You can use `-i -` to read from stdin and to suppress this warning.
Error: Failed to launch the browser process!
[0121/135834.432396:FATAL:zygote_host_impl_linux.cc(128)] No usable sandbox! If you are running on Ubuntu 23.10+ or another Linux distro that has disabled unprivileged user namespaces with AppArmor, see https://chromium.googlesource.com/chromium/src/+/main/docs/security/apparmor-userns-restrictions.md. Otherwise see https://chromium.googlesource.com/chromium/src/+/main/docs/linux/suid_sandbox_development.md for more information on developing with the (older) SUID sandbox. If you want to live dangerously and need an immediate workaround, you can try using --no-sandbox.
TROUBLESHOOTING: https://pptr.dev/troubleshooting
at Interface.onClose (file:///opt/hostedtoolcache/node/20.19.6/x64/lib/node_modules/@mermaid-js/mermaid-cli/node_modules/@puppeteer/browsers/lib/esm/launch.js:303:24)
at Interface.emit (node:events:536:35)
at Interface.close (node:internal/readline/interface:530:10)
at Socket.onend (node:internal/readline/interface:256:10)
at Socket.emit (node:events:536:35)
at endReadableNT (node:internal/streams/readable:1698:12)
at process.processTicksAndRejections (node:internal/process/task_queues:82:21)
4.3 Pipeline to UiPath Orchestrator
Erro ao renderizar diagrama Mermaid:
No input file specified, reading from stdin. If you want to specify an input file, please use `-i .` You can use `-i -` to read from stdin and to suppress this warning.
Error: Failed to launch the browser process!
[0121/135834.985240:FATAL:zygote_host_impl_linux.cc(128)] No usable sandbox! If you are running on Ubuntu 23.10+ or another Linux distro that has disabled unprivileged user namespaces with AppArmor, see https://chromium.googlesource.com/chromium/src/+/main/docs/security/apparmor-userns-restrictions.md. Otherwise see https://chromium.googlesource.com/chromium/src/+/main/docs/linux/suid_sandbox_development.md for more information on developing with the (older) SUID sandbox. If you want to live dangerously and need an immediate workaround, you can try using --no-sandbox.
TROUBLESHOOTING: https://pptr.dev/troubleshooting
at Interface.onClose (file:///opt/hostedtoolcache/node/20.19.6/x64/lib/node_modules/@mermaid-js/mermaid-cli/node_modules/@puppeteer/browsers/lib/esm/launch.js:303:24)
at Interface.emit (node:events:536:35)
at Interface.close (node:internal/readline/interface:530:10)
at Socket.onend (node:internal/readline/interface:256:10)
at Socket.emit (node:events:536:35)
at endReadableNT (node:internal/streams/readable:1698:12)
at process.processTicksAndRejections (node:internal/process/task_queues:82:21)
5. Build Agent Network Architecture
5.1 Option A: Microsoft-Hosted Agents (Recommended)
Erro ao renderizar diagrama Mermaid:
No input file specified, reading from stdin. If you want to specify an input file, please use `-i .` You can use `-i -` to read from stdin and to suppress this warning.
Error: Failed to launch the browser process!
[0121/135835.539063:FATAL:zygote_host_impl_linux.cc(128)] No usable sandbox! If you are running on Ubuntu 23.10+ or another Linux distro that has disabled unprivileged user namespaces with AppArmor, see https://chromium.googlesource.com/chromium/src/+/main/docs/security/apparmor-userns-restrictions.md. Otherwise see https://chromium.googlesource.com/chromium/src/+/main/docs/linux/suid_sandbox_development.md for more information on developing with the (older) SUID sandbox. If you want to live dangerously and need an immediate workaround, you can try using --no-sandbox.
TROUBLESHOOTING: https://pptr.dev/troubleshooting
at Interface.onClose (file:///opt/hostedtoolcache/node/20.19.6/x64/lib/node_modules/@mermaid-js/mermaid-cli/node_modules/@puppeteer/browsers/lib/esm/launch.js:303:24)
at Interface.emit (node:events:536:35)
at Interface.close (node:internal/readline/interface:530:10)
at Socket.onend (node:internal/readline/interface:256:10)
at Socket.emit (node:events:536:35)
at endReadableNT (node:internal/streams/readable:1698:12)
at process.processTicksAndRejections (node:internal/process/task_queues:82:21)
Network Characteristics:
- No customer firewall configuration required
- All connections are outbound-only
- Agent IP ranges published by Microsoft (dynamic)
- Ephemeral - new VM for each job
5.2 Option B: Self-Hosted Agents
Erro ao renderizar diagrama Mermaid:
No input file specified, reading from stdin. If you want to specify an input file, please use `-i .` You can use `-i -` to read from stdin and to suppress this warning.
Error: Failed to launch the browser process!
[0121/135836.093434:FATAL:zygote_host_impl_linux.cc(128)] No usable sandbox! If you are running on Ubuntu 23.10+ or another Linux distro that has disabled unprivileged user namespaces with AppArmor, see https://chromium.googlesource.com/chromium/src/+/main/docs/security/apparmor-userns-restrictions.md. Otherwise see https://chromium.googlesource.com/chromium/src/+/main/docs/linux/suid_sandbox_development.md for more information on developing with the (older) SUID sandbox. If you want to live dangerously and need an immediate workaround, you can try using --no-sandbox.
TROUBLESHOOTING: https://pptr.dev/troubleshooting
at Interface.onClose (file:///opt/hostedtoolcache/node/20.19.6/x64/lib/node_modules/@mermaid-js/mermaid-cli/node_modules/@puppeteer/browsers/lib/esm/launch.js:303:24)
at Interface.emit (node:events:536:35)
at Interface.close (node:internal/readline/interface:530:10)
at Socket.onend (node:internal/readline/interface:256:10)
at Socket.emit (node:events:536:35)
at endReadableNT (node:internal/streams/readable:1698:12)
at process.processTicksAndRejections (node:internal/process/task_queues:82:21)
Network Characteristics:
- Requires outbound firewall rules
- Static IP (predictable for whitelisting)
- Customer maintains patching and updates
- Useful for specific compliance or network requirements
6. Firewall Configuration
6.1 Required Outbound Rules (Self-Hosted Agents)
| Rule Name | Source | Destination | Port | Protocol | Purpose |
|---|---|---|---|---|---|
| Azure DevOps | Agent | dev.azure.com, *.visualstudio.com |
443 | HTTPS | Pipeline orchestration |
| Azure AD | Agent | login.microsoftonline.com |
443 | HTTPS | Authentication |
| Key Vault | Agent | *.vault.azure.net |
443 | HTTPS | Secret retrieval |
| Power Platform | Agent | *.crm.dynamics.com, *.powerapps.com, api.powerplatform.com |
443 | HTTPS | Solution deployment |
| UiPath Cloud | Agent | cloud.uipath.com, orchestrator.uipath.com, identity.uipath.com |
443 | HTTPS | Package deployment |
| UiPath Packages | Agent | uipath.pkgs.visualstudio.com, gallery.uipath.com |
443 | HTTPS | UiPath Activity Feed & Marketplace |
| NuGet | Agent | api.nuget.org, *.nuget.org |
443 | HTTPS | Package restore |
| Azure Artifacts | Agent | pkgs.dev.azure.com |
443 | HTTPS | Private packages |
6.2 Firewall Rule Diagram
Erro ao renderizar diagrama Mermaid:
No input file specified, reading from stdin. If you want to specify an input file, please use `-i .` You can use `-i -` to read from stdin and to suppress this warning.
Error: Failed to launch the browser process!
[0121/135836.654880:FATAL:zygote_host_impl_linux.cc(128)] No usable sandbox! If you are running on Ubuntu 23.10+ or another Linux distro that has disabled unprivileged user namespaces with AppArmor, see https://chromium.googlesource.com/chromium/src/+/main/docs/security/apparmor-userns-restrictions.md. Otherwise see https://chromium.googlesource.com/chromium/src/+/main/docs/linux/suid_sandbox_development.md for more information on developing with the (older) SUID sandbox. If you want to live dangerously and need an immediate workaround, you can try using --no-sandbox.
TROUBLESHOOTING: https://pptr.dev/troubleshooting
at Interface.onClose (file:///opt/hostedtoolcache/node/20.19.6/x64/lib/node_modules/@mermaid-js/mermaid-cli/node_modules/@puppeteer/browsers/lib/esm/launch.js:303:24)
at Interface.emit (node:events:536:35)
at Interface.close (node:internal/readline/interface:530:10)
at Socket.onend (node:internal/readline/interface:256:10)
at Socket.emit (node:events:536:35)
at endReadableNT (node:internal/streams/readable:1698:12)
at process.processTicksAndRejections (node:internal/process/task_queues:82:21)
7. Security Controls
7.1 Encryption
| Layer | Encryption | Standard |
|---|---|---|
| Transport | TLS 1.2+ | All HTTPS communications |
| Authentication | OAuth 2.0 | Power Platform, UiPath |
| Secrets at Rest | AES-256 | Azure Key Vault |
| Secrets in Transit | TLS 1.2+ | Variable Group to Pipeline |
7.2 Authentication Methods by Service
Erro ao renderizar diagrama Mermaid:
No input file specified, reading from stdin. If you want to specify an input file, please use `-i .` You can use `-i -` to read from stdin and to suppress this warning.
Error: Failed to launch the browser process!
[0121/135837.204046:FATAL:zygote_host_impl_linux.cc(128)] No usable sandbox! If you are running on Ubuntu 23.10+ or another Linux distro that has disabled unprivileged user namespaces with AppArmor, see https://chromium.googlesource.com/chromium/src/+/main/docs/security/apparmor-userns-restrictions.md. Otherwise see https://chromium.googlesource.com/chromium/src/+/main/docs/linux/suid_sandbox_development.md for more information on developing with the (older) SUID sandbox. If you want to live dangerously and need an immediate workaround, you can try using --no-sandbox.
TROUBLESHOOTING: https://pptr.dev/troubleshooting
at Interface.onClose (file:///opt/hostedtoolcache/node/20.19.6/x64/lib/node_modules/@mermaid-js/mermaid-cli/node_modules/@puppeteer/browsers/lib/esm/launch.js:303:24)
at Interface.emit (node:events:536:35)
at Interface.close (node:internal/readline/interface:530:10)
at Socket.onend (node:internal/readline/interface:256:10)
at Socket.emit (node:events:536:35)
at endReadableNT (node:internal/streams/readable:1698:12)
at process.processTicksAndRejections (node:internal/process/task_queues:82:21)
7.3 Security Layers Summary
| Layer | Control | Implementation |
|---|---|---|
| Network | Outbound-only connections | No inbound firewall rules |
| Transport | TLS 1.2+ encryption | All HTTPS traffic |
| Identity | Azure AD + MFA | User authentication |
| Service Auth | Service Principals | Automated deployments |
| Secrets | Azure Key Vault | Centralized, audited |
| Isolation | Per-environment credentials | DEV/UAT/PROD separation |
| Audit | Azure DevOps logs | Pipeline execution history |
8. Environment-Specific Communication
8.1 Development Environment
Erro ao renderizar diagrama Mermaid:
No input file specified, reading from stdin. If you want to specify an input file, please use `-i .` You can use `-i -` to read from stdin and to suppress this warning.
Error: Failed to launch the browser process!
[0121/135837.755222:FATAL:zygote_host_impl_linux.cc(128)] No usable sandbox! If you are running on Ubuntu 23.10+ or another Linux distro that has disabled unprivileged user namespaces with AppArmor, see https://chromium.googlesource.com/chromium/src/+/main/docs/security/apparmor-userns-restrictions.md. Otherwise see https://chromium.googlesource.com/chromium/src/+/main/docs/linux/suid_sandbox_development.md for more information on developing with the (older) SUID sandbox. If you want to live dangerously and need an immediate workaround, you can try using --no-sandbox.
TROUBLESHOOTING: https://pptr.dev/troubleshooting
at Interface.onClose (file:///opt/hostedtoolcache/node/20.19.6/x64/lib/node_modules/@mermaid-js/mermaid-cli/node_modules/@puppeteer/browsers/lib/esm/launch.js:303:24)
at Interface.emit (node:events:536:35)
at Interface.close (node:internal/readline/interface:530:10)
at Socket.onend (node:internal/readline/interface:256:10)
at Socket.emit (node:events:536:35)
at endReadableNT (node:internal/streams/readable:1698:12)
at process.processTicksAndRejections (node:internal/process/task_queues:82:21)
8.2 User Acceptance Testing (UAT) Environment
Erro ao renderizar diagrama Mermaid:
No input file specified, reading from stdin. If you want to specify an input file, please use `-i .` You can use `-i -` to read from stdin and to suppress this warning.
Error: Failed to launch the browser process!
[0121/135838.302414:FATAL:zygote_host_impl_linux.cc(128)] No usable sandbox! If you are running on Ubuntu 23.10+ or another Linux distro that has disabled unprivileged user namespaces with AppArmor, see https://chromium.googlesource.com/chromium/src/+/main/docs/security/apparmor-userns-restrictions.md. Otherwise see https://chromium.googlesource.com/chromium/src/+/main/docs/linux/suid_sandbox_development.md for more information on developing with the (older) SUID sandbox. If you want to live dangerously and need an immediate workaround, you can try using --no-sandbox.
TROUBLESHOOTING: https://pptr.dev/troubleshooting
at Interface.onClose (file:///opt/hostedtoolcache/node/20.19.6/x64/lib/node_modules/@mermaid-js/mermaid-cli/node_modules/@puppeteer/browsers/lib/esm/launch.js:303:24)
at Interface.emit (node:events:536:35)
at Interface.close (node:internal/readline/interface:530:10)
at Socket.onend (node:internal/readline/interface:256:10)
at Socket.emit (node:events:536:35)
at endReadableNT (node:internal/streams/readable:1698:12)
at process.processTicksAndRejections (node:internal/process/task_queues:82:21)
8.3 Production Environment
Erro ao renderizar diagrama Mermaid:
No input file specified, reading from stdin. If you want to specify an input file, please use `-i .` You can use `-i -` to read from stdin and to suppress this warning.
Error: Failed to launch the browser process!
[0121/135838.863058:FATAL:zygote_host_impl_linux.cc(128)] No usable sandbox! If you are running on Ubuntu 23.10+ or another Linux distro that has disabled unprivileged user namespaces with AppArmor, see https://chromium.googlesource.com/chromium/src/+/main/docs/security/apparmor-userns-restrictions.md. Otherwise see https://chromium.googlesource.com/chromium/src/+/main/docs/linux/suid_sandbox_development.md for more information on developing with the (older) SUID sandbox. If you want to live dangerously and need an immediate workaround, you can try using --no-sandbox.
TROUBLESHOOTING: https://pptr.dev/troubleshooting
at Interface.onClose (file:///opt/hostedtoolcache/node/20.19.6/x64/lib/node_modules/@mermaid-js/mermaid-cli/node_modules/@puppeteer/browsers/lib/esm/launch.js:303:24)
at Interface.emit (node:events:536:35)
at Interface.close (node:internal/readline/interface:530:10)
at Socket.onend (node:internal/readline/interface:256:10)
at Socket.emit (node:events:536:35)
at endReadableNT (node:internal/streams/readable:1698:12)
at process.processTicksAndRejections (node:internal/process/task_queues:82:21)
9. Network Troubleshooting Checklist
9.1 Connectivity Test Commands
# Test Azure DevOps connectivity
curl -I https://dev.azure.com
# Test Azure AD
curl -I https://login.microsoftonline.com
# Test Power Platform
curl -I https://api.powerplatform.com
# Test UiPath Cloud
curl -I https://cloud.uipath.com
# Test NuGet
curl -I https://api.nuget.org
9.2 Common Issues & Solutions
| Issue | Possible Cause | Solution |
|---|---|---|
| Agent cannot connect to Azure DevOps | Firewall blocking | Add dev.azure.com, *.visualstudio.com to allow list |
| Authentication failures | Expired credentials | Rotate secrets in Key Vault |
| Power Platform deployment fails | Missing permissions | Verify App Registration has System Administrator role |
| UiPath package upload fails | API Key invalid | Generate new External Application credentials |
| TLS errors | Outdated TLS version | Ensure TLS 1.2+ is enabled |
10. Summary: Complete Communication Matrix
| Source | Destination | Protocol | Port | Authentication | Purpose |
|---|---|---|---|---|---|
| Developer | Azure DevOps | HTTPS | 443 | Azure AD + MFA | Repository & Pipeline access |
| Build Agent | Azure DevOps | HTTPS | 443 | PAT / Managed Identity | Job execution |
| Build Agent | Azure Key Vault | HTTPS | 443 | Service Principal | Secret retrieval |
| Build Agent | Azure AD | HTTPS | 443 | Client Credentials | Token acquisition |
| Build Agent | Power Platform | HTTPS | 443 | OAuth 2.0 | Solution deployment |
| Build Agent | UiPath Orchestrator | HTTPS | 443 | Client ID + Secret | Package deployment |
| Build Agent | NuGet | HTTPS | 443 | Anonymous / PAT | Package restore |
| Variable Group | Key Vault | HTTPS | 443 | Service Principal | Secret linking |