Azure DevOps Blog
DevOps, Git, and Agile updates from the team building Azure DevOps
Latest posts
July Patches for Azure DevOps Server
Today we are releasing patches that impact the latest version of our self-hosted product, Azure DevOps Server. We strongly encourage and recommend that all customers use the latest, most secure release of Azure DevOps Server. You can download the latest version of the product, Azure DevOps Server 2022.2 from the Azure DevOps Server download page. Azure DevOps Server 2020.1.2 Patch 17 Release notes If you have Azure DevOps Server 2020.1.2, you should install Azure DevOps Server 2020.1.2 Patch 17 to have the most secure and updated product experience. With this patch we are fixing a null reference exception in...
Markdown Support Arrives for Work Items
After several months in private preview and many bug fixes along the way, we’re excited to announce that Markdown support in large text fields is now generally available! 🎉 🦄 How it works By default, all existing and new work items will continue using the HTML editor for large text fields. However, you now have the option to opt-in and use the Markdown editor for individual work items and fields. Existing work items Open the work item and click into a large text field (e.g., Description). The field will initially appear as an HTML editor, but you’ll now see an option to convert it to Markdown. We perform a...
Removing Azure Resource Manager reliance on Azure DevOps sign-ins
Azure DevOps will no longer depend on the Azure Resource Manager (ARM) resource (https://management.azure.com) when you sign in or refresh Microsoft Entra access tokens. Previously, Azure DevOps required the ARM audience during sign-in and token refresh flows. This requirement meant administrators had to allow all Azure DevOps users to bypass ARM-based Conditional Access policies to maintain access to ADO. Tokens for Azure DevOps no longer require the ARM audience. As a result, you can manage Azure DevOps access more effectively by creating Azure DevOps-specific Conditional Access policy instead of relying on th...
Azure DevOps MCP Server, Public Preview
A few weeks ago at BUILD, we announced the upcoming Azure DevOps MCP Server: 👉 Azure DevOps with GitHub Repositories – Your path to Agentic AI Today, we’re excited to share that the local Azure DevOps MCP Server is now available in public preview. This lets GitHub Copilot in Visual Studio and Visual Studio Code access and interact with your Azure DevOps environment, including work items, pull requests, test plans, builds, releases, and wiki pages. 🤷♂️ What is an MCP Server? A local MCP Server (Model Context Provider) is a tool that sits between your AI assistant (like GitHub Copilot) and your Azure DevOps or...
June Patches for Azure DevOps Server
Today we are releasing patches that impact the latest version of our self-hosted product, Azure DevOps Server. We strongly encourage and recommend that all customers use the latest, most secure release of Azure DevOps Server. You can download the latest version of the product, Azure DevOps Server 2022.2 from the Azure DevOps Server download page. Note: Azure DevOps Server 2022.2 is the latest version of Azure DevOps Server. If you have installed Azure DevOps Server 2022 or Azure DevOps Server 2022.1, you should first upgrade to Azure DevOps Server 2022.2 and then install Azure DevOps Server 2022.2 Patch 6. ...
Restricting PAT Creation in Azure DevOps Is Now in Preview
As organizations continue to strengthen their security posture, restricting usage of personal access tokens (PATs) has become a critical area of focus. With the latest public preview of the Restrict personal access token creation policy in Azure DevOps, Project Collection Administrators (PCAs) now have another powerful tool to reduce unnecessary PAT usage and enforce tighter controls across their organizations. 🗣️ This has been one of our most requested features -- we're excited to finally deliver it. Why This Matters PATs are a convenient way for users to authenticate with Azure DevOps, but they also pose...
GitHub Secret Protection and GitHub Code Security for Azure DevOps
Following the changes to GitHub Advanced Security on GitHub, we're launching the standalone security products of GitHub Secret Protection and GitHub Code Security for Azure DevOps today. You can bring the protection of Advanced Security to your enterprise with the flexibility to enable the right level of protection for your repositories. GitHub Secret Protection for Azure DevOps Secret Protection is available for $19 per active committer per month, which provides features including: GitHub Code Security for Azure DevOps Code Security is available for $30 per active committer per month, which provides f...
Azure DevOps with GitHub Repositories – Your path to Agentic AI
GitHub Copilot has evolved beyond a coding assistant in the IDE into an agentic teammate – providing actionable feedback on pull requests, fixing bugs and implementing new features, creating pull requests and responding to feedback, and much more. These new capabilities will transform every aspect of the software development lifecycle, as we are already seeing on our own teams within Microsoft and GitHub. Copilot’s agentic capabilities are most powerful when your code lives in GitHub, and that’s why we’ve been working hard to make the experience of using GitHub, Copilot, and Azure DevOps seamless. Now is the tim...
One Pipeline to Rule Them All: Ensuring CodeQL Scanning Results and Dependency Scanning Results Go to the Intended Repository
"One Ring to rule them all, One Ring to find them, One Ring to bring them all, and in the darkness bind them." – J.R.R. Tolkien, The Lord of the Rings In the world of code scanning and dependency scanning, your pipeline is the One Ring—a single definition that can orchestrate scans across multiple repositories. However, much like the One Ring, if misused, it can lead to chaos: publishing results to the unintended repository. Fear not, brave developer! This guide will show you how to wield your pipeline wisely so that CodeQL scanning results and Dependency Scanning results are always published to the inten...