Security

Updates to Azure Pipelines Runtime Variables Settings [Updated]

May 19, 2022 May 19, 2022 05/19/22

Gloridel Morales

We have gotten a lot of feedback on this change and after internal deliberation, we are now rolling back this change ASAP. Final Update as of 5/19/22 @ 10:08 AM PST: Again, I am deeply sorry for the inconvenience and disruption this has caused. We remain deeply committed to making sure our customers have a first-class experience using ...

Reconfigure Azure DevOps Server to use Kerberos instead of NTLM

May 3, 2022 May 3, 2022 05/3/22

Angel Wong

Multiple on-prem customers have reported that after upgrading Git LFS to version 3.0 (or higher), they are no longer able to authenticate against Azure DevOps Server. This is because Git LFS has dropped support for NTLM authentication in version 3.0 (Changelog from 24th September 2021). While it is possible to roll back Git LFS to the last 2....

AzureFunBytes Episode 64 – Building SOC Efficiency with @Azure Sentinel with @rodtrent

January 12, 2022 Jan 12, 2022 01/12/22

Jay Gordon

This week we’ll investigate the use cases for implementing the first cloud-native Security and Event Management service (SIEM) Microsoft Sentinel.

Updated: Azure DevOps (and Azure DevOps Server) and the log4j vulnerability

December 14, 2021 Dec 14, 2021 12/14/21

Gloridel Morales

For Azure DevOps, our analysis pointed towards the Search service not being vulnerable. Even so, we are following the guidance and upgrading to the latest Log4j version and reviewing our network security group rules for the Search service as part of a defense in depth strategy. We will continue posting updates to this blog post as we learn mor

Azure DevOps Response to GitKraken SSH Bug

October 11, 2021 Oct 11, 2021 10/11/21

Gloridel Morales

Azure DevOps was recently informed by GitKraken's development team, Axosoft, of a security vulnerability in GitKarken's key generation algorithm. This vulnerability led to the generation of insecure SSH keys. We identified customers affected by this vulnerability and revoked their SSH keys. Check out the blog post for more details.

AzureFunBytes Episode 58 – Improve your Open Source Security with @WhiteSourceSoft

October 5, 2021 Oct 5, 2021 10/5/21

Jay Gordon

As developers progress along the software delivery lifecycle there's a need to ensure that security scans can be automated. By implementing products like WhiteSource you can automatically detect, prioritize, and remediate your open source security vulnerabilities.

AzureFunBytes Episode 56 – Secretless Applications with @ChristosMatskas

September 21, 2021 Sep 21, 2021 09/21/21

Jay Gordon

Secretless application development strives to solve some important problems, like preventing your credentials from being leaked. If you are seeing connection strings, usernames or passwords in log files, you're adding to your risk profile.

AzureFunBytes Episode 42 – Hybrid Cloud on Azure with @ThomasMaurer

June 8, 2021 Jun 8, 2021 06/8/21

Jay Gordon

This week my guest was Senior Cloud Advocate Thomas Maurer . We dove into the world of hybrid cloud ! Not every application is born in the cloud, but they can certainly interact with it. A hybrid cloud is a type of cloud computing that combines on-premises infrastructure—or a private cloud—with a public cloud.

New policies to restrict personal access token scope and lifespan

June 3, 2021 Jun 3, 2021 06/3/21

pazand

Azure DevOps Administrators can now define a maximum lifespan for personal access tokens (PATs) and restrict the creation of global and full-scoped personal access tokens (PATs). These policies will affect all users and Azure DevOps organizations linked to the Azure AD tenant.

Azure DevOps Blog

Security - Azure DevOps Blog

Updates to Azure Pipelines Runtime Variables Settings [Updated]

Reconfigure Azure DevOps Server to use Kerberos instead of NTLM

Top stories from the #AzureDevOps #community for 2022.25.02 are here!

AzureFunBytes Episode 64 – Building SOC Efficiency with @Azure Sentinel with @rodtrent

Updated: Azure DevOps (and Azure DevOps Server) and the log4j vulnerability

Azure DevOps Response to GitKraken SSH Bug

AzureFunBytes Episode 58 – Improve your Open Source Security with @WhiteSourceSoft

AzureFunBytes Episode 56 – Secretless Applications with @ChristosMatskas

AzureFunBytes Episode 42 – Hybrid Cloud on Azure with @ThomasMaurer

New policies to restrict personal access token scope and lifespan

Archive

Top Bloggers

Relevant Links