Azure DevOps Blog
DevOps, Git, and Agile updates from the team building Azure DevOps
Latest posts
New Test Run Hub in Azure Test Plans
Delivering high-quality software is a necessity and thatโs why Azure Test Plans has introduced the all-new Test Run Hub, an enabler for teams who want to take control of their testing process and drive continuous improvement. What Makes the Test Run Hub a Must-Have? The Test Run Hub is designed to help teams track test progress, analyze results, and maintain quality across every development cycle. Whether youโre running manual or automated tests, the new test run hub brings clarity and efficiency to your quality assurance workflow. Key Benefits Real-Time Visibility: Instantly monitor test progress and quali...
Azure Developer CLI: From Dev to Prod with Azure DevOps Pipelines
Building on our previous post about implementing dev-to-prod promotion with GitHub Actions, this follow-up demonstrates the same "build once, deploy everywhere" pattern using Azure DevOps Pipelines. You'll learn how to leverage Azure DevOps YAML pipelines with Azure Developer CLI (azd). This approach ensures consistent, reliable deployments across environments. Environment-Specific Infrastructure The infrastructure approach is identical to our previous GitHub Actions implementation. It uses conditional Bicep deployment with a single parameter. This drives environment-specific resource configuration. The same B...
Azure DevOps OAuth Client Secrets Now Shown Only Once
Weโre making an important change to how Azure DevOps displays OAuth client secrets to align with industry best practices and improve our overall security posture. Starting September, newly generated client secrets will be shown only once at the time of creation. After that, they will no longer be retrievable via the UI or API. This update helps reduce the risk of accidental exposure and encourages secure storage practices, such as saving secrets in Azure Key Vault or other secure vaults. These changes will go into effect for all apps by September 2, 2025. We will also be retiring the Get Registration Secret ...
Hunting Living Secrets: Secret Validity Checks Arrive in GitHub Advanced Security for Azure DevOps
If youโve ever waded through a swamp of secret scanning alerts wondering, โWhich of these are actually dangerous right now?โ โ this enhancement is for you. Secret validity checks in GitHub Advanced Security for Azure DevOps (and the standalone Secret Protection experience) add a highโsignal field to each alert: (still usable), or (couldnโt be verified). Instead of treating every alert like a fiveโalarm fire, you can now fastโpath the truly risky stuff and spend less time chasing ghosts. TL;DR Why This Matters Traditional secret scanning: Found something โ raise alert โ you investigate โ sometimes...
Real-Time Security with Continuous Access Evaluation (CAE) comes to Azure DevOps
Weโre thrilled to announce that Continuous Access Evaluation (CAE) is now supported on Azure DevOps, bringing a new level of near real-time security enforcement to your development workflows. ๐ What Is CAE? Continuous Access Evaluation (CAE) is a feature from Microsoft Entra ID that enables near real-time enforcement of Conditional Access policies. Traditionally, Microsoft Entra access tokens in Azure DevOps are valid for up to an hour, meaning that even after a userโs account is disabled or a password is changed, access may persist until the token expires. CAE changes that. With CAE, Azure DevOps can revoke a...
Automate your open-source dependency scanning with Advanced Security
Any experiences that require additional setup is cumbersome, especially when there are multiple people needed. In GitHub Advanced Security for Azure DevOps, we're working to make it easier to enable features and scale out enablement across your enterprise. You can now automatically inject the dependency scanning task into any pipeline run targeting your default branch. This is a quick way to ensure that your production code (and any code being merged into your production branch) are evaluated for open-source dependency vulnerabilities. Enabling one-click dependency scanning for your repository You'll need to h...
From Manual Testing to AI-Generated Automation: Our Azure DevOps MCP + Playwright Success Story
In todayโs fast-paced software development cycles, manual testing often becomes a significant bottleneck. Our team was facing a growing backlog of test cases that required repetitive manual executionโrunning the entire test suite every sprint. This consumed valuable time that could be better spent on exploratory testing and higher-value tasks. We set out to solve this by leveraging Azure DevOpsโ new MCP server integration with GitHub Copilot to automatically generate and run end-to-end tests using Playwright. This powerful combination has transformed our testing process: By automating our testing pipelin...
Azure Developer CLI: From Dev to Prod with One Click
This post walks through how to implement a "build once, deploy everywhere" pattern using Azure Developer CLI (azd) that provisions environment-specific infrastructure and promotes applications from dev to prod with the same build artifacts. You'll learn how to use conditional Bicep deployment, environment variable injection, package preservation across environments, and automated CI/CD promotion from development to production. Environment-Specific Infrastructure When deploying applications across environments, different requirements emerge: Rather than maintaining separate infrastructure templates or complex...
July Patches for Azure DevOps Server
Today we are releasing patches that impact our self-hosted product, Azure DevOps Server. We strongly encourage and recommend that all customers use the latest, most secure release of Azure DevOps Server. You can download the latest version of the product, Azure DevOps Server 2022.2 from the Azure DevOps Server download page. Azure DevOps Server 2020.1.2 Patch 17 Release notes If you have Azure DevOps Server 2020.1.2, you should install Azure DevOps Server 2020.1.2 Patch 17 to have the most secure and updated product experience. With this patch we are fixing a null reference exception in the multi-repo trigge...