Head Topics

Microsoft's security roadmap: Protect Azure DevOps secrets

Danmark Nyheder Nyheder

Microsoft's security roadmap: Protect Azure DevOps secrets
Danmark Seneste Nyt,Danmark Overskrifter
  • 📰 TheRegister
  • ⏱ Reading Time:
  • 64 sec. here
  • 3 min. at publisher
  • 📊 Quality Score:
  • News: 29%
  • Publisher: 61%

Microsoft's security roadmap: Protect secrets in Azure DevOps

Criminals can use leaked credentials like PATs to get into organizations using Azure DevOps and access source code, launch supply chain attacks, or compromise the infrastructure.

Microsoft will also release Workload Identity federation for Azure Deployments, first in public preview in the third quarter and then generally by the end of the year. Developers are wary of storing secrets like passwords or certificate in Azure DevOps because they become vulnerable to theft when service connections in Azure DevOps are updated.

"As part of its execution, a pipeline can exchange its own internal token with an AAD token, thereby gaining access to Azure resources," Microsoft wrote."Once implemented, this mechanism will be recommended in the product over other types of Azure service connections that exist today."to limit the operations of Azure AD OAuth applications, such as viewing source code or configuring pipelines, when connecting to Azure DevOps.

"This highly requested feature offers Azure DevOps customers a more secure alternative to PATs," Redmond wrote."And Managed Identities offer the ability for applications running on Azure resources to obtain Azure AD tokens without needing to manage any credentials at all."All this comes the same week Microsoft made changes in its Entra suite. The first, as we've documented, was the name change from Azure AD to Entra.

Vi har opsummeret denne nyhed, så du kan læse den hurtigt. Hvis du er interesseret i nyheden, kan du læse hele teksten her. Læs mere:

TheRegister /  🏆 67. in UK

Danmark Seneste Nyt, Danmark Overskrifter

Similar News:Du kan også læse nyheder, der ligner denne, som vi har indsamlet fra andre nyhedskilder.

TeamTNT gang may go after Azure and Google Cloud usersTeamTNT gang may go after Azure and Google Cloud usersInfosec watchers: TeamTNT crew may blast holes in Azure, Google Cloud users
Læs mere »

Microsoft Office officially replaces Calibri with AptosMicrosoft Office officially replaces Calibri with AptosIt's still not Comic Sans, which was first inspired by 'MS Bob' (or more properly, as Verity Stob might insist, 'Microsoft Robert')
Læs mere »

Xbox Game Pass Friends and Family preview ends next month, Microsoft confirmsXbox Game Pass Friends and Family preview ends next month, Microsoft confirmsMicrosoft's Xbox Game Pass Friends and Family preview will come to a close next month.
Læs mere »

Microsoft has a new default font, which means you do tooMicrosoft has a new default font, which means you do tooAptos was apparently 'crafted to embody the many aspects of the human experience.'
Læs mere »

FTC motion denied, as Microsoft's Activision acquisition nears completionFTC motion denied, as Microsoft's Activision acquisition nears completionThe US Federal Trade Commission (FTC) has seen its initial motion to appeal against this week's Microsoft and Activisio…
Læs mere »

Larry 'Major Nelson' Hryb departs Microsoft after 22 yearsLarry 'Major Nelson' Hryb departs Microsoft after 22 yearsLarry 'Major Nelson' Hryb, long one of the most recognisable presences on the Xbox team, has announced his departure fr…
Læs mere »



Render Time: 2025-04-08 08:20:02