VSTS builds should be used to build your package and VSTS release management should be used to do the deployments. It is possible to do deployment tasks via the build as well, but a more controlled and recommended way is to use release management in VSTS for deployment purposes.
Hosted agent
There are four hosted agents you get for VSTS
- Hosted agent without Visual Studio 2017
- Hosted agent with Visual Studio 2017 support
- Agent on Linux
- Agent on Mac
These hosted agents can be used to do builds and deployments to servers which are publicly accessible from the agent. Let's say you want to deploy to Azure web applications, then you can use the hosted agent in VSTS release management to run the required deployment scripts or tasks.
But these hosted agents do not have "line of sight" to your local network. For example, your machines behind a corporate firewall are not exposed publicly. In such scenarios, a hosted agent cannot deploy to your machine, behind your corporate firewall, because the agent cannot see your machine.
Private agents
You can set up an agent for VSTS in your corporate domain, which can access VSTS via web, so it can listen to any deployment jobs. This private agent inside your firewall, has the "line of sight" to your machines inside the firewall, so the agent can do deployments to them.
Other scenarios for which you may need private agents for builds, is when you need some specific SDK availability which is not available on hosted agents. Let's say you are having a SharePoint 2013 based application. To build that, the build server needs to have SharePoint 2013 installed, which is not offered in hosted agents. You have to use a private agent to set up SharePoint 2013 to allow building the application based on SharePoint 2013.
Refer to here for more details.
Deployment groups
You can use deployment groups to do deployments to the machines inside your corporate domain firewall since you will be deploying private agents to each of the machines that requires a deployment to happen. Deployment groups are explained here.