πŸ”’ Guided

Pre-launch preview. Authorised access only.

Incorrect code

Guided by A Guide to Cloud
Explore AB-900 AI-901
Guided AI-300 Domain 1
Domain 1 β€” Module 5 of 5 100%
5 of 25 overall

AI-300 Study Guide

Domain 1: Design and Implement an MLOps Infrastructure

  • ML Workspace: Your AI Control Room Free
  • Data, Environments & Components
  • Compute Targets: Choosing the Right Engine
  • Infrastructure as Code: Provisioning at Scale
  • Git & CI/CD for ML Projects

Domain 2: Implement Machine Learning Model Lifecycle and Operations

  • MLflow: Track Every Experiment Free
  • AutoML & Hyperparameter Tuning
  • Training Pipelines: Automate Everything
  • Distributed Training: Scale to Big Data
  • Model Registration & Versioning
  • Model Approval & Responsible AI Gates
  • Deploying Models: Endpoints in Production
  • Drift, Monitoring & Retraining

Domain 3: Design and Implement a GenAIOps Infrastructure

  • Foundry: Hubs, Projects & Platform Setup Free
  • Network Security & IaC for Foundry
  • Deploying Foundation Models
  • Model Versioning & Production Strategies
  • PromptOps: Design, Compare, Version & Ship

Domain 4: Implement Generative AI Quality Assurance and Observability

  • Evaluation: Datasets, Metrics & Quality Gates Free
  • Safety Evaluations & Custom Metrics
  • Monitoring GenAI in Production
  • Cost Tracking, Logging & Debugging

Domain 5: Optimize Generative AI Systems and Model Performance

  • RAG Optimization: Better Retrieval, Better Answers Free
  • Embeddings & Hybrid Search
  • Fine-Tuning: Methods, Data & Production

AI-300 Study Guide

Domain 1: Design and Implement an MLOps Infrastructure

  • ML Workspace: Your AI Control Room Free
  • Data, Environments & Components
  • Compute Targets: Choosing the Right Engine
  • Infrastructure as Code: Provisioning at Scale
  • Git & CI/CD for ML Projects

Domain 2: Implement Machine Learning Model Lifecycle and Operations

  • MLflow: Track Every Experiment Free
  • AutoML & Hyperparameter Tuning
  • Training Pipelines: Automate Everything
  • Distributed Training: Scale to Big Data
  • Model Registration & Versioning
  • Model Approval & Responsible AI Gates
  • Deploying Models: Endpoints in Production
  • Drift, Monitoring & Retraining

Domain 3: Design and Implement a GenAIOps Infrastructure

  • Foundry: Hubs, Projects & Platform Setup Free
  • Network Security & IaC for Foundry
  • Deploying Foundation Models
  • Model Versioning & Production Strategies
  • PromptOps: Design, Compare, Version & Ship

Domain 4: Implement Generative AI Quality Assurance and Observability

  • Evaluation: Datasets, Metrics & Quality Gates Free
  • Safety Evaluations & Custom Metrics
  • Monitoring GenAI in Production
  • Cost Tracking, Logging & Debugging

Domain 5: Optimize Generative AI Systems and Model Performance

  • RAG Optimization: Better Retrieval, Better Answers Free
  • Embeddings & Hybrid Search
  • Fine-Tuning: Methods, Data & Production
Domain 1: Design and Implement an MLOps Infrastructure Premium ⏱ ~13 min read

Git & CI/CD for ML Projects

ML code deserves the same discipline as app code. Learn to manage ML projects with Git, automate training with GitHub Actions, and build CI/CD pipelines that ship models safely.

Git for machine learning

β˜• Simple explanation

Git is version control for code β€” like β€œTrack Changes” in Word, but for everything.

Without Git, your ML project looks like: model_final.py, model_final_v2.py, model_ACTUALLY_final.py. With Git, you have a clean history: who changed what, when, and why. You can go back to any point in time.

But ML projects are special β€” you’re not just tracking code. You’re tracking experiments (which code + data + parameters produced which model). Git tracks the code; MLflow (Module 6) tracks the experiments. Together, they give you full reproducibility.

Source control for ML projects requires managing three types of artifacts:

  • Code β€” training scripts, pipeline definitions, component YAML (tracked in Git)
  • Configuration β€” environment specs, compute settings, hyperparameters (tracked in Git)
  • Experiment results β€” metrics, model weights, datasets (tracked in MLflow, NOT in Git)

The exam tests your understanding of what belongs in Git vs what belongs in MLflow or Azure ML registries. Large files (models, datasets) should never be committed to Git.

What goes in Git vs what doesn’t

ArtifactIn Git?Where Instead?
Training scripts (.py)Yesβ€”
Pipeline definitions (.yaml)Yesβ€”
Environment specs (conda.yaml)Yesβ€”
Component definitionsYesβ€”
Bicep/IaC templatesYesβ€”
GitHub Actions workflowsYesβ€”
Hyperparameter configsYesβ€”
Trained model weights (.pkl, .pt)NoAzure ML model registry
Datasets (CSV, parquet, images)NoAzure ML data assets / datastores
Experiment metrics and logsNoMLflow tracking
Secrets and API keysNoAzure Key Vault
πŸ’‘ Exam tip: Never commit models or data to Git

This sounds obvious, but exam questions may present scenarios where someone wants to β€œversion the model by committing it to Git.” The correct answer is always: register the model in the Azure ML model registry (or a shared registry for cross-workspace access).

Git is for code and configuration. MLflow and Azure ML are for experiment artifacts.

Repository structure for ML projects

A common structure that works well with Azure ML:

ml-project/
  .github/
    workflows/
      train-on-push.yml      # CI: train on feature branch push
      deploy-on-merge.yml    # CD: deploy model on merge to main
  infra/
    main.bicep               # Workspace + compute IaC
    params-dev.json
    params-prod.json
  src/
    train.py                 # Training script
    score.py                 # Inference script
    prepare.py               # Data preparation
  components/
    prepare/component.yaml   # Pipeline component definitions
    train/component.yaml
    evaluate/component.yaml
  pipelines/
    training-pipeline.yaml   # Full pipeline definition
  environments/
    training-env.yaml        # Conda environment for training
    scoring-env.yaml         # Conda environment for inference
  tests/
    test_prepare.py          # Unit tests for data prep
    test_score.py            # Unit tests for scoring

GitHub integration with Azure ML

Azure ML can connect directly to GitHub repositories, enabling:

  1. Code tracking β€” each experiment records the Git commit it ran from
  2. Automated training β€” GitHub Actions trigger training jobs on push or PR
  3. Secure access β€” GitHub connects to Azure ML via OIDC (no stored secrets)
Scenario: Kai builds NeuralSpark's ML CI/CD

Kai designs the following Git workflow for NeuralSpark:

Feature branch workflow:

  1. Data scientist creates feature/improve-churn-model branch
  2. Pushes code changes β†’ GitHub Actions runs unit tests
  3. If tests pass β†’ GitHub Actions submits a training job to Azure ML (dev workspace)
  4. Training job logs metrics to MLflow
  5. Data scientist reviews metrics, creates Pull Request
  6. Team reviews code + experiment results
  7. Merge to main β†’ triggers deployment workflow

Deployment workflow (on merge to main):

  1. Registers the model in the Azure ML registry
  2. Deploys to staging endpoint
  3. Runs smoke tests against staging
  4. If tests pass β†’ deploys to production endpoint

Priya (CTO) loves it: β€œNo more β€˜works on my machine’ β€” everything is automated and auditable.”

GitHub Actions for ML workflows

Trigger training on code push

# .github/workflows/train-on-push.yml
name: Train Model
on:
  push:
    branches: ['feature/**']
    paths: ['src/**', 'components/**', 'pipelines/**']

jobs:
  train:
    runs-on: ubuntu-latest
    permissions:
      id-token: write
      contents: read
    steps:
      - uses: actions/checkout@v4

      - name: Azure Login (OIDC)
        uses: azure/login@v2
        with:
          client-id: ${{ secrets.AZURE_CLIENT_ID }}
          tenant-id: ${{ secrets.AZURE_TENANT_ID }}
          subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}

      - name: Install Azure ML CLI
        run: az extension add --name ml

      - name: Submit Training Job
        run: |
          az ml job create \
            --file pipelines/training-pipeline.yaml \
            --resource-group rg-ml-dev \
            --workspace-name neuralspark-dev \
            --set display_name="train-${{ github.sha }}"

What’s happening:

  • Lines 5-6: Only triggers on feature branches when ML code changes
  • Lines 17-22: OIDC authentication β€” no stored secrets
  • Lines 28-33: Submits the training pipeline to the dev workspace, tagged with the Git commit SHA for traceability

Feature-based development

Feature branches isolate experiments. Each branch gets its own training runs, tracked by Git commit:

# Tag the training job with branch info
- name: Submit Training Job
  run: |
    az ml job create \
      --file pipelines/training-pipeline.yaml \
      --workspace-name neuralspark-dev \
      --set display_name="${{ github.ref_name }}-${{ github.run_number }}" \
      --set tags.branch="${{ github.ref_name }}" \
      --set tags.commit="${{ github.sha }}"

This means every experiment in MLflow can be traced back to the exact code that produced it.

Environment-based promotion

GitHub Actions environments let you add approval gates and secrets per stage:

# .github/workflows/deploy-model.yml
jobs:
  deploy-staging:
    environment: staging
    runs-on: ubuntu-latest
    steps:
      # Deploy to staging endpoint...

  deploy-production:
    needs: deploy-staging
    environment: production    # Requires manual approval
    runs-on: ubuntu-latest
    steps:
      # Deploy to production endpoint...

What’s happening:

  • Line 4: staging environment β€” automatic, no approvals
  • Lines 10-11: production environment β€” requires a team member to click β€œApprove” before deployment proceeds
  • This is how you prevent untested models from reaching production
πŸ’‘ Exam tip: GitHub environments and protection rules

The exam tests knowledge of GitHub environments for ML deployment:

  • Environments scope secrets and protection rules to specific stages
  • Required reviewers add human approval gates before production deployment
  • Wait timers add mandatory delay between stages (e.g., 30-minute soak in staging)

If a question asks β€œhow to require approval before deploying a model to production,” the answer is GitHub environments with required reviewers.

Key terms flashcards

Question

What should go in Git for an ML project?

Click or press Enter to reveal answer

Answer

Code (training scripts, inference scripts), configuration (pipeline YAML, environment specs, Bicep templates), and GitHub Actions workflows. NOT models, datasets, or secrets.

Click to flip back
Question

How does GitHub Actions authenticate to Azure ML securely?

Click or press Enter to reveal answer

Answer

Workload identity federation (OIDC) β€” issues short-lived tokens per workflow run. No stored secrets. Configured with client-id, tenant-id, and subscription-id.

Click to flip back
Question

What are GitHub environments used for in ML CI/CD?

Click or press Enter to reveal answer

Answer

They scope secrets and add protection rules (required reviewers, wait timers) to deployment stages. Used to add approval gates before production model deployment.

Click to flip back
Question

Feature branch workflow for ML β€” what's the pattern?

Click or press Enter to reveal answer

Answer

Create branch β†’ push code β†’ CI runs tests + submits training job β†’ review metrics β†’ create PR β†’ merge to main β†’ CD deploys model to staging β†’ approve β†’ deploy to production.

Click to flip back

Knowledge check

Knowledge Check

A data scientist at NeuralSpark commits a trained model file (.pkl) to the Git repository. What is the correct approach?
Knowledge Check

Kai wants to ensure that models cannot reach production without team review. What should he configure in the GitHub Actions deployment workflow?

🎬 Video coming soon

Next up: MLflow β€” tracking every experiment so you never lose a good result.

← Previous

Infrastructure as Code: Provisioning at Scale

Next β†’

MLflow: Track Every Experiment

Guided

I learn, I simplify, I share.

A Guide to Cloud YouTube Feedback

© 2026 Sutheesh. All rights reserved.

Guided is an independent study resource and is not affiliated with, endorsed by, or officially connected to Microsoft. Microsoft, Azure, and related trademarks are property of Microsoft Corporation. Always verify information against Microsoft Learn.