Showing results for Security - Azure DevOps Blog

Mar 28, 2018
Post comments count0
Post likes count0

Deadline extended for connecting VSTS accounts to AzureAD

Justin Marks
Justin Marks

On January 5, 2018, I announced that Visual Studio Team Services will no longer allow creation of new MSA users with custom domain names backed by AzureAD.  While most customers agree with the direction of this change, I got clear feedback that they could not connect their VSTS to AzureAD by the March 31 deadline.  Based on this feedback, we are ch...

DevOpsSecurityAdmin & Licensing
Jan 30, 2018
Post comments count0
Post likes count0

Supporting AzureAD Conditional Access Policy across VSTS

Justin Marks
Justin Marks

In February 2017, VSTS announced support for Azure Active Directory Conditional Access Policy (CAP).  One caveat that was called out in that announcement was that alternate authentication mechanisms, such as personal access tokens, would not enforce CAP. As I discussed previously, many VSTS administrators gave us feedback that they need a way to e...

DevOpsSecurityAdmin & Licensing
Jan 29, 2018
Post comments count1
Post likes count0

VS Subscriptions and linking your VSTS account to AzureAD

Justin Marks
Justin Marks

A few weeks ago, I posted about a change coming to organizations managing their identities with Microsoft Accounts (MSAs); as of March 30th, you will no longer able to create new MSAs with a custom domain name that is linked to an Azure Active Directory tenant.  Many customers have reached out asking how this change affects their Visual Studio subs...

DevOpsSecurityAdmin & Licensing
Jan 5, 2018
Post comments count0
Post likes count0

VSTS will no longer allow creation of new MSA users with custom domain names backed by AzureAD

Justin Marks
Justin Marks

3-28-2018 UPDATE : The deadline listed below has been extended to the end of September.  Read my latest blog post for more information. On September 15, 2016, the Azure Active Directory (Azure AD) team blocked the ability to create new Microsoft accounts using email addresses in domains that are configured in Azure AD. Many VSTS customers expresse...

DevOpsSecurityAdmin & Licensing
Sep 22, 2017
Post comments count0
Post likes count0

Remembering How We Should Manage Open Source

Sam Guckenheimer
Sam Guckenheimer

A DevSecOps best practice is root cause analysis, so that we can learn from live site incidents and prevent their recurrence. Equifax made news recently with the exfiltration of data from half the US population. This is a sobering opportunity to look at the root cause. The Equifax attack used Apache Struts, a popular open source project for web ap...

DevOpsOpen SourceSecurity
May 22, 2017
Post comments count0
Post likes count0

Using Open Source Components? Using TFS?

Sam Guckenheimer
Sam Guckenheimer

Back in March, I wrote about the WhiteSource Bolt extension for VSTS. This is a fantastic way to automate security checks for open source vulnerabilities in the release pipeline of your team project. The most frequent question I’ve received is, When can we have this for TFS too? I’m happy to announce that the extension now works with TFS on-pre...

DevOpsCI/CDOpen Source
Mar 7, 2017
Post comments count0
Post likes count0

Open Source Scanning in Visual Studio Team Services with WhiteSource Bolt

Sam Guckenheimer
Sam Guckenheimer

Most organizations today consume open source software in their development projects. The reuse of components enables great productivity gains. However, this practice has an unintended consequence: you can reuse security vulnerabilities or violate licenses without realizing the risk. I wrote about this in an article in MSDN Magazine on Rugged DevOps...

DevOpsCI/CDGit & Version Control
Nov 30, 2016
Post comments count0
Post likes count0

Live Dependency Validation in Visual Studio 2017

Jean-Marc Prieur
Jean-Marc Prieur

Last month we announced that Visual Studio “Dev15” Preview 5 now supported Live Dependency Validation. In this blog post,   On demand video about dependency validation During the connect 2016 event, we’ve proposed an on-demand video which explains in detail why you’d want to use Dependency Validation and ...

DevOpsOpen SourceSecurity
Oct 14, 2016
Post comments count0
Post likes count0

UML Designers have been removed; Layer Designer now supports live architectural analysis

Jean-Marc Prieur
Jean-Marc Prieur

We are removing the UML designers from Visual Studio "15" Enterprise. Removing a feature is always a hard decision, but we want to ensure that our resources are invested in features that deliver the most customer value.  Our reasons are twofold: If you are a significant user of the UML designers, you can continue to use Visual Studio 2015...

DevOpsOpen SourceSecurity
Oct 7, 2016
Post comments count0
Post likes count0

Live architecture dependency validation in Visual Studio “15” Preview 5

Importer
Importer

In the past year, you told us that you considered removing unwanted dependencies to be an important part of managing your technical debt. The Layer designer enables you to validate architectural dependencies in your Visual Studio solutions. It first shipped in Visual Studio 2010, and is now part of Visual Studio Enterprise. But the experience could...

DevOpsOpen SourceSecurity