Due to the potential for future protocol downgrade attacks and other Transport Layer Security (TLS) protocol versions 1.0 and 1.1 vulnerabilities not specific to Microsoft’s implementation, it is required that dependencies on all security protocols older than TLS 1.2 be removed wherever possible. Per Microsoft’s position to protect against crypto...

We are rolling out a new tenant policy in Azure DevOps to configure who are allowed to create new Azure DevOps organizations in your company.

Today, we are enabling developers to sign in with their existing GitHub account to Microsoft online services, on any Microsoft log in page. Using your GitHub credentials, you can now sign in via OAuth anywhere a personal Microsoft account does, including Azure DevOps and Azure.

On the 12th of July 2018, malicious code was detected in two popular open-source NPM packages, eslint-scope (version 3.7.2) and eslint-config-eslint (version 5.0.2). As a result, developers who downloaded and installed these packages may have had credentials stored in their .npmrc file compromised. This may include credentials required to access pa...

Ever since we introduced the support for Azure AD groups in VSTS, the usage of Azure AD groups for managing permissions by our customers have grown significantly. The growth in usage also highlighted a gap we had where VSTS took anywhere between 24-48 hours to catch up with any membership changes that happened in upstream Azure AD. This meant a use...

Cloud Solution Provider (CSP) is a one stop program for Microsoft partners to sell all Microsoft online commercial services to their customers. While CSP partners can purchase O365, Azure and other commercial services for their customers from Microsoft today, they can't purchase Visual Studio subscriptions, team services users and many first party ...