Head Topics

Microsoft's security roadmap: Protect Azure DevOps secrets

South Africa News News

Microsoft's security roadmap: Protect Azure DevOps secrets
South Africa Latest News,South Africa Headlines
  • 📰 TheRegister
  • ⏱ Reading Time:
  • 64 sec. here
  • 3 min. at publisher
  • 📊 Quality Score:
  • News: 29%
  • Publisher: 61%

Microsoft's security roadmap: Protect secrets in Azure DevOps

Criminals can use leaked credentials like PATs to get into organizations using Azure DevOps and access source code, launch supply chain attacks, or compromise the infrastructure.

Microsoft will also release Workload Identity federation for Azure Deployments, first in public preview in the third quarter and then generally by the end of the year. Developers are wary of storing secrets like passwords or certificate in Azure DevOps because they become vulnerable to theft when service connections in Azure DevOps are updated.

"As part of its execution, a pipeline can exchange its own internal token with an AAD token, thereby gaining access to Azure resources," Microsoft wrote."Once implemented, this mechanism will be recommended in the product over other types of Azure service connections that exist today."to limit the operations of Azure AD OAuth applications, such as viewing source code or configuring pipelines, when connecting to Azure DevOps.

"This highly requested feature offers Azure DevOps customers a more secure alternative to PATs," Redmond wrote."And Managed Identities offer the ability for applications running on Azure resources to obtain Azure AD tokens without needing to manage any credentials at all."All this comes the same week Microsoft made changes in its Entra suite. The first, as we've documented, was the name change from Azure AD to Entra.

We have summarized this news so that you can read it quickly. If you are interested in the news, you can read the full text here. Read more:

TheRegister /  🏆 67. in UK

South Africa Latest News, South Africa Headlines

Similar News:You can also read news stories similar to this one that we have collected from other news sources.

TeamTNT gang may go after Azure and Google Cloud usersTeamTNT gang may go after Azure and Google Cloud usersInfosec watchers: TeamTNT crew may blast holes in Azure, Google Cloud users
Read more »

Microsoft Office officially replaces Calibri with AptosMicrosoft Office officially replaces Calibri with AptosIt's still not Comic Sans, which was first inspired by 'MS Bob' (or more properly, as Verity Stob might insist, 'Microsoft Robert')
Read more »

Xbox Game Pass Friends and Family preview ends next month, Microsoft confirmsXbox Game Pass Friends and Family preview ends next month, Microsoft confirmsMicrosoft's Xbox Game Pass Friends and Family preview will come to a close next month.
Read more »

Microsoft has a new default font, which means you do tooMicrosoft has a new default font, which means you do tooAptos was apparently 'crafted to embody the many aspects of the human experience.'
Read more »

FTC motion denied, as Microsoft's Activision acquisition nears completionFTC motion denied, as Microsoft's Activision acquisition nears completionThe US Federal Trade Commission (FTC) has seen its initial motion to appeal against this week's Microsoft and Activisio…
Read more »

Larry 'Major Nelson' Hryb departs Microsoft after 22 yearsLarry 'Major Nelson' Hryb departs Microsoft after 22 yearsLarry 'Major Nelson' Hryb, long one of the most recognisable presences on the Xbox team, has announced his departure fr…
Read more »



Render Time: 2025-03-06 06:23:24