Billing and Token Management events now available in Auditing

Angel Wong

Angel

Since releasing the auditing feature in Azure DevOps, we’ve heard continued interest from you on other events you would like to see appear in your logs. Such events enable your teams to better monitor activities and changes that happen within your organizations and get ahead of any potential security breaches.

We’re happy to announce two new event types are now available in the auditing logs:

  • Billing setup and management events
  • Personal Access Tokens (PATs) and SSH Keys management events

Billing setup and management events

To view any billing-related changes in Azure DevOps, you traditionally would have needed to check the Azure portal for a general idea of when billing for a certain meter started, which requires multiple steps and specific subscription permissions.

There are three main categories of newly audited billing events now available:

  • Subscription changes, which includes the linking of a subscription for the first time, changing of subscriptions, and the unlinking and opting out of billing
  • Pipeline purchases, and
  • Max quantity changes for usage-based meters, such as Artifacts and Cloud Load Testing

Billing Events in Auditing

PAT and SSH Keys management events

Personal Access Tokens (PATs) and SSH Keys enable you and your teammates to authenticate with Azure DevOps in a non-interactive way. Many of you have expressed the need to to understand by whom and how these tokens are used, in order to prevent malicious activity by unauthorized users. With this release, new events will be added to the Auditing Logs whenever these tokens are successfully created, updated, revoked and/or removed.

Image pat mgmt

Coming next to Auditing

In 2021, we’ll be looking at getting even more events into your auditing logs, so that your teams have the data they need to ensure that your organizations are secure against unauthorized usage by malicious actors.

Be on the lookout for updates to include:

  • successful web sign-in attempts, and
  • token access events generated during the usage of PAT and SSH keys.

To see these new events, head over to the Auditing page through your Organizations’ settings page. For additional information on these new events and all available events in your auditing logs, please see our documentation.

We’d love to hear your feedback on these continued improvements we’re bringing to auditing on Azure DevOps! You can share your thoughts directly with the product team using @AzureDevOps, Developer Community, or by commenting on this post below.

0 comments

Leave a comment