Difference between Microsoft Hosted Agents and Self-hosted agents and their applicability

Question

I'm new to Azure pipelines and curious to know the exact difference between Microsoft Hosted agents and Self-Hosted Agents. Also need to know in what scenarios we should use either of the agents. Do these agents have relation with On-prem and cloud deployments?

Answer 1

Microsoft-hosted agents :

With Microsoft-hosted agents, maintenance and upgrades are taken care of for you. Each time you run a pipeline, you get a fresh virtual machine. The virtual machine is discarded after one use. Microsoft-hosted agents can run jobs directly on the VM or in a container.

The pre-defined Azure Pipelines agent pool offers several virtual machine images to choose from, each including a broad range of tools and software. You can see the installed software for each hosted agent by choosing the Included Software link in the table.

Microsoft-hosted agents run on secure Azure platform. However, you must be aware of the following security considerations.

• Although Microsoft-hosted agents run on Azure public network, they are not assigned public IP addresses. So, external entities cannot target Microsoft-hosted agents.
• Microsoft-hosted agents are run in individual VMs, which are re-imaged after each run. Each agent is dedicated to a single organization, and each VM hosts only a single agent.
• There are several benefits to running your pipeline on Microsoft-hosted agents, from a security perspective. If you run untrusted code in your pipeline, such as contributions from forks, it is safer to run the pipeline on Microsoft-hosted agents than on self-hosted agents that reside in your corporate network.
• When a pipeline needs to access your corporate resources behind a firewall, you have to whitelist the IP address range for the Azure geography. This may increase your exposure as the range of IP addresses is rather large and since machines in this range can belong to other customers as well. The best way to prevent this is to avoid the need to access internal resources.
• Hosted images do not conform to CIS hardening benchmarks. To use CIS-hardened images, you must create either self-hosted agents or scale-set agents.

For capabilities, limitations and other details about hosted agent ,please refer to this document.

For many teams this is the simplest way to run your jobs. You can try it first and see if it works for your build or deployment. If not, you can use a self-hosted agent.

Self-hosted agents :

Self-hosted agents give you more control to install dependent software needed for your builds and deployments. Also, machine-level caches and configuration persist from run to run, which can boost speed.

You can install the agent on Linux, macOS, Windows machines or Docker container.

The performance advantages of private agent:

• If you use a self-hosted agent, you can run incremental builds. For example, if you define a pipeline that does not clean the repo and does not perform a clean build, your builds will typically run faster. When you use a Microsoft-hosted agent, you don't get these benefits because the agent is destroyed after the build or release pipeline is completed.
• A Microsoft-hosted agent can take longer to start your build. While it often takes just a few seconds for your job to be assigned to a Microsoft-hosted agent, it can sometimes take several minutes for an agent to be allocated depending on the load on our system.

Summary: There are many differences between hosted agent and self-hosted agent, you can choose the appropriate agent according to your needs. For details,please refer to the documentation .