Azure DevOps Blog

DevOps, Git, and Agile updates from the team building Azure DevOps

Security - Azure DevOps Blog

Azure DevOps client libraries migrated to MSAL

November 15, 2022 Nov 15, 2022 11/15/22
Lubomir Sokolovsky
The Microsoft.VisualStudio.Services.InteractiveClient library is a public NuGet package that takes care of authenticating to Azure DevOps Services. It abstracts away the acquisition, management and refreshing of authentication tokens, so developers can focus on their goals and stay productive. Historically, the interactive client library has ...

All Azure DevOps REST APIs now support PAT scopes

November 9, 2022 Nov 9, 2022 11/9/22
Barry Wolfson
Recently, the Azure DevOps team completed an initiative to associate all Azure DevOps REST APIs with a granular personal access token (PAT) scope. As part of our ongoing investments in security, we undertook this effort to reduce the risks associated with a leaked PAT credential. Previously, a number of Azure DevOps REST APIs were not ...

Integrate security into your developer workflow with GitHub Advanced Security for Azure DevOps

October 12, 2022 Oct 12, 2022 10/12/22
Aaron Hallberg
Exciting things are in store for Azure DevOps in the coming year! We’re planning deep investments in security as well as broad investment across the product. Read on for more information, and then be sure to check out our updated roadmap at https://aka.ms/AzureDevOpsRoadmap. Deep investments in security First, we are super excited about ...

Updates to Azure Pipelines Runtime Variables Settings [Updated]

May 19, 2022 May 19, 2022 05/19/22
Gloridel Morales
We have gotten a lot of feedback on this change and after internal deliberation, we are now rolling back this change ASAP. Final Update as of 5/19/22 @ 10:08 AM PST: Again, I am deeply sorry for the inconvenience and disruption this has caused. We remain deeply committed to making sure our customers have a first-class experience using ...

Reconfigure Azure DevOps Server to use Kerberos instead of NTLM

May 3, 2022 May 3, 2022 05/3/22
Angel Wong
Multiple on-prem customers have reported that after upgrading Git LFS to version 3.0 (or higher), they are no longer able to authenticate against Azure DevOps Server. This is because Git LFS has dropped support for NTLM authentication in version 3.0 (Changelog from 24th September 2021). While it is possible to roll back Git LFS to the last 2....

Top stories from the #AzureDevOps #community for 2022.25.02 are here!

February 25, 2022 Feb 25, 2022 02/25/22
April Edwards
Welcome back! I am April Edwards and every week I try to bring you the latest updates from around the DevOps on Azure community. If you have a post you’d like to have me include, I am always listening. You can reach out on Twitter or LinkedIn and I will be sure to share your latest post with the community. Also, be sure to tag your posts ...

Updated: Azure DevOps (and Azure DevOps Server) and the log4j vulnerability

December 14, 2021 Dec 14, 2021 12/14/21
Gloridel Morales
For Azure DevOps, our analysis pointed towards the Search service not being vulnerable. Even so, we are following the guidance and upgrading to the latest Log4j version and reviewing our network security group rules for the Search service as part of a defense in depth strategy. We will continue posting updates to this blog post as we learn mor

Azure DevOps Response to GitKraken SSH Bug

October 11, 2021 Oct 11, 2021 10/11/21
Gloridel Morales
Azure DevOps was recently informed by GitKraken's development team, Axosoft, of a security vulnerability in GitKarken's key generation algorithm. This vulnerability led to the generation of insecure SSH keys. We identified customers affected by this vulnerability and revoked their SSH keys. Check out the blog post for more details.

Feedback usabilla icon