The current content delivery network (CDN) provider Edgio, used by Azure DevOps is retiring. We’re urgently transitioning to a solution served by Akamai and Azure Front Door CDNs to maintain the responsiveness of our services.
What this means for you
For most of you, this transition will be seamless. To ensure that you can continue to access Azure DevOps without any interruptions, use the following Powershell commands to validate that your current firewall settings allow connectivity to the new CDN providers:
- Invoke-WebRequest -Uri https://cdn.vsassets.io/content/icons/favicon.ico
- Invoke-WebRequest -Method Head -Uri https://vstsagentpackage.azureedge.net/agent/3.248.0/vsts-agent-win-x64-3.248.0.zip
If your network includes firewalls that could affect access to the new CDNs, we recommend adding the following domain URLs to the allow list and not the individual IP addresses.
https://vstsagentpackage.azureedge.net
For more details, please refer to this guidance.
Our commitment
We appreciate your patience during this transition. For questions or feedback, please comment below.
Can we double check those domains please? They both CNAME to v0cdn.net endpoints which (as far as I can tell) are Edgio domains that are going away…
vsassets.io has been on the list of addresses for at least the past 2 years (https://github.com/MicrosoftDocs/azure-devops-docs/commit/90b95284da6c2e5d3016adf26b44787888bf0868) so isn’t a “new” endpoint
We use Azure Traffic Manager for geography- and percentage- based rollover on these domains. Currently, we are transitioning from Edgio domains (v0cdn.net) to Akamai (edgesuite.net / akamai.net) and Azure Front Door (azurefd.net) domains.
As you correctly noted, none of the vsassets.io subdomains are new; only their DNS resolution chain is changing. The blog announcement serves as a heads-up for customers who may have dependencies on specific IP addresses or low-level Edgio domains in their firewall or...
…. and yet again, you suggest the next scammer domain vsassets.io as replacement.
The TLD .io is not under Microsoft control or US control or jurisdiction. I cannot follow your recommendation to make exceptions for vsassets.io
You people at Microsoft are absolutely resilient to basic security concepts.
Hello Clayton,
are there changes to any of the outbound urls for Azure DevOps Pools mentioned here: https://learn.microsoft.com/en-us/azure/devops/managed-devops-pools/configure-networking?view=azure-devops&tabs=azure-portal#restricting-outbound-connectivity?
Regards
Mathias
Hello Mathias, thank you for your question!
There have been no changes to the list of outbound domains or their associated IP addresses. All recent updates relate to inbound traffic directed toward the CDN.