Azure DevOps Blog
DevOps, Git, and Agile updates from the team building Azure DevOps
Latest posts
One Pipeline to Rule Them All: Ensuring CodeQL Scanning Results and Dependency Scanning Results Go to the Intended Repository
"One Ring to rule them all, One Ring to find them, One Ring to bring them all, and in the darkness bind them." – J.R.R. Tolkien, The Lord of the Rings In the world of code scanning and dependency scanning, your pipeline is the One Ring—a single definition that can orchestrate scans across multiple repositories. However, much like the One Ring, if misused, it can lead to chaos: publishing results to the unintended repository. Fear not, brave developer! This guide will show you how to wield your pipeline wisely so that CodeQL scanning results and Dependency Scanning results are always published to the inten...
Introducing Azure DevOps ID Token Refresh and Terraform Task Version 5
We are excited to share some recent updates that improve the experience of using Workload identity federation (OpenID Connect) with Azure DevOps and Terraform on Microsoft Azure. Many working parts have come together to make this possible and we'll share those here. We are also very pleased to announce version 5 of the Microsoft DevLabs Terraform Task, which supports ID Token refresh by default. What is ID Token Refresh? Workload identity federation requires an ID Token issued from the identity provider, in our case Azure DevOps. This ID Token has a short lifespan of ~5 minutes by design. It is immediately ex...
Spring Cleaning: A CTA for Azure DevOps OAuth Apps with expired or long-living secrets
Today, we officially closed the doors on any new Azure DevOps OAuth app registrations. As we prepare for the end-of-life for Azure DevOps OAuth apps in 2026, we'll begin outreach to engage existing app owners and support them through the migration process to use the Microsoft Identity platform instead for future app development with Azure DevOps. This platform, used across Microsoft teams, can access the same Azure DevOps REST APIs, with the added benefit of ongoing regular investment and additional security controls available to company admins. We've collected a list of helpful resources from Microsoft Entra do...
Azure Boards + GitHub: Recent Updates
Over the past several months, we’ve delivered a series of improvements to the Azure Boards + GitHub integration. Whether you're tracking code, managing pull requests, or connecting pipelines, these updates aim to simplify and strengthen the link between your work items and your GitHub activity. Here’s a recap of everything we’ve released (or are just about to release): 🔗 Smarter Link Management for Branches, PRs, and Commits We’ve made it easier than ever to keep your work items automatically updated as your development progresses: These changes reduce the need for manual linking and help keep your work...
April Patches for Azure DevOps Server and Team Foundation Server
Today we are releasing patches that impact our self-hosted product, Azure DevOps Server, as well as Team Foundation Server 2018.3.2. We strongly encourage and recommend that all customers use the latest, most secure release of Azure DevOps Server. You can download the latest version of the product, Azure DevOps Server 2022.2 from the Azure DevOps Server download page. Previously, the Azure DevOps Agent used the Edgio CDN with endpoint . As part of Edgio's retirement, the domain is being decommissioned. To ensure continued availability, we have migrated to an Akamai-backed CDN with a new endpoint . This patch in...
Boards Integration with GitHub Enterprise Cloud and Data Residency (Public Preview)
Back in January, we launched a private preview of our Boards integration with GitHub Enterprise Cloud with data residency. If you're unfamiliar with GitHub's data residency option and what it means for your organization, you can learn more in the original announcement. Since the private preview launch, we’ve gathered valuable feedback from early adopters, and today, we’re excited to open up the experience to a wider audience with a public preview. How it works We’ve introduced a new option that allows you to connect an Azure Boards project to your GitHub Enterprise Cloud organization with data residency. Af...
CDN Domain URL change for Agents in Pipelines
Introduction We have announced the retirement of Edgio CDN for Azure DevOps and are transitioning to a solution served by Akamai and Azure Front Door CDNs. This change affects Azure DevOps Pipelines customers. This article provides guidance for the Azure DevOps Pipelines customers to check if they are impacted by this change in CDN and the changes required if impacted. Impacted Azure DevOps Service and Azure DevOps Server Customers should complete the suggested changes by May 1, 2025 and May 15, 2025 respectively. Why the change Azure DevOps Pipelines customers can configure various forms of self-hosted Agent ...
TFVC Policies Storage Updates
TFVC Check-In Policies TFVC projects can have check-in policies such as Build (Require last build was successful), Work Item (Require associated work item), Changeset comments policy (Require users to add comment to their check-in), etc. We are changing the way we store these policies on the server. This change will slightly affect TFVC users since they would need to initiate migration process from their side. Phase I – User opt-in (Apr 2025) This is a phase in progress. We provided means for users to start their migration process. Migration from obsolete policies to active ones should be done by the project a...
Important Update: Server Name Indication (SNI) Now Mandatory for Azure DevOps Services
Earlier this year, we announced an upgrade to our network infrastructure and the new IP addresses you need to allow list in your firewall - Update to Azure DevOps Allowed IP addresses - Azure DevOps Blog. This is our second blog post to inform you that starting from April 23rd, 2025, we will be requiring Server Name Indication (SNI) on all incoming HTTPS connections to Azure DevOps Services. SNI is an extension to the TLS protocol that allows clients to specify the hostname they are connecting to. All modern browsers and client software support SNI and use it by default, ensuring a seamless transition for most ...