Showing results for Security - Azure DevOps Blog

Azure DevOps will no longer depend on the Azure Resource Manager (ARM) resource (https://management.azure.com) when you sign in or refresh Microsoft Entra access tokens. Previously, Azure DevOps required the ARM audience during sign-in and token refresh flows. This requirement meant administrators had to allow all Azure DevOps users to bypass ARM-b...

Following the changes to GitHub Advanced Security on GitHub, we're launching the standalone security products of GitHub Secret Protection and GitHub Code Security for Azure DevOps today. You can bring the protection of Advanced Security to your enterprise with the flexibility to enable the right level of protection for your repositories. GitHub S...

"One Ring to rule them all, One Ring to find them, One Ring to bring them all, and in the darkness bind them." – J.R.R. Tolkien, The Lord of the Rings In the world of code scanning and dependency scanning, your pipeline is the One Ring—a single definition that can orchestrate scans across multiple repositories. However, much like the One Rin...

Today, we officially closed the doors on any new Azure DevOps OAuth app registrations. As we prepare for the end-of-life for Azure DevOps OAuth apps in 2026, we'll begin outreach to engage existing app owners and support them through the migration process to use the Microsoft Identity platform instead for future app development with Azure DevOps. ...

Earlier this year, we announced an upgrade to our network infrastructure and the new IP addresses you need to allow list in your firewall - Update to Azure DevOps Allowed IP addresses - Azure DevOps Blog. This is our second blog post to inform you that starting from April 23rd, 2025, we will be requiring Server Name Indication (SNI) on all incomin...

We are excited to announce some important upgrades to our networking infrastructure that will enhance the performance and reliability of our service. As part of these infrastructure upgrades, we are introducing new IP addresses that you will need to allow list in your firewall configurations. What’s Changing And Why? We are transitioning from the...

In the new year, we’ll be making moves towards strengthening Microsoft and our customers' security posture in regards to the usage and creation of personal access tokens (PATs). If you’ve been following this blog, you may have noticed we’ve been distancing away from PATs as the recommended authentication method for Azure DevOps APIs by offering mo...

In the world of software development, security is paramount. As developers, we strive to write clean, efficient, and most importantly, secure code. GitHub Advanced Security for Azure DevOps has always been at the forefront of providing tools that make it easier to build and release high-quality software. Today, we’re excited to announce a new featu...

In November 2019, we announced that the alternate credentials feature will be formally deprecated in March 2020. Since then, a small number of users were grandfathered in with continued usage of existing alternate credentials, which have remained active until today. We will be discontinuing all usage of alternate credentials this month. Users have...

We are excited to announce that we have published new content to the Azure DevOps Demo Generator and Azure DevOps Labs! The Azure DevOps Labs is a great tool to help you learn about the integrated features offered in Azure DevOps. Now you can use the Azure DevOps end-to-end concepts hands-on lab to learn how you can bring together your developme...