This has been the standard for quite some time, but it also lagged behind the modern security landscape. In the past couple of years, threat actors became more advanced and have started leveraging significantly more complex techniques to exfiltrate and misuse user credentials. Access and refresh tokens, the two credential artifacts that applications store after you sign in, became a prime target for those that want to steal personal and organizational data.

To protect against both this and many other classes of emerging threats, we’ve been investing in making Entra ID-based authentication flows more robust, secure, and easier to use by driving adoption of authentication brokers.

An authentication broker is an application that runs on a user’s machine that manages the authentication handshakes and token maintenance for connected accounts, such as your personal Microsoft or work and school Entra ID accounts. Unlike browser-based authentication flows, an authentication broker provides a much smoother user experience. Instead of sending the user out to sign in outside the app, they simply get a prompt to either select an existing account that is already connected or add a new account.

Once an account is connected to an authentication broker, it can be securely used across many other installed applications that need to sign users in without going through the trouble of re-entering the same credentials over and over.

On Windows machines, the authentication broker is the Web Account Manager (WAM) – a feature of the operating system available in Windows 10 (Version 1703 – Creators Update) and above as well as Windows Server 2019 and above.

Authentication brokers bring with them many benefits that go beyond an improved user experience, that include:

• Enhanced security by default. As new security enhancements are developed, they will be seamlessly delivered with the broker, without developers needing to update their application logic. This significantly reduces the update and maintenance burden and ensures that customers get the best protection no matter what.
• Feature support. With the help of the broker, applications can natively access enhanced security capabilities such as Windows Hello, conditional access policies, and FIDO keys in a compliant and consistent manner. This means that organizational policies can be applied and respected by all client applications.
• System integration. Applications that use the broker plug-and-play with the built-in account picker, allowing the user to quickly pick an existing account instead of reentering the same credentials over and over. Once an account is connected, it can be easily used across other installed tools on the same computer.
• Token protection. WAM and other authentication brokers ensure that the refresh tokens are bound to the device, helping prevent attacks where a malicious actor exfiltrates user credentials and attempts to access data from another device. By default, authentication brokers ensure that the refresh tokens are protected and not accessible to the client application. And even in the worst case, a leaked refresh token is unusable outside the device it was issued on. Learn more in the Token Protection documentation.

Developer tool support for authentication brokers

Our developer tools are designed for a wide range of professionals, including software engineers, IT administrators, data scientists, DevOps teams, and more. These individuals and their organizations require strong security measures within their development environments and tools to effectively build, deploy, and maintain the suite of applications and services.

To ensure that their credentials are secure, we’ve started rolling out updates to Visual Studio, Visual Studio Code, Azure CLI, Azure PowerShell, and a range of our libraries, including Azure Identity and MSAL, to use authentication brokers such as WAM, as well as upcoming macOS and Linux brokers, out-of-the-box.

In most of our tools running on Windows, WAM is already the default way to sign in with Microsoft personal and Entra ID accounts. This includes:

• Visual Studio 2022, starting with version 17.11
• Visual Studio Code, starting with version 1.97
• Azure PowerShell, starting with version 12.0.0
• Azure CLI, starting with version 2.61.0

As new authentication brokers are developed, we expect this pattern to become the norm across macOS and Linux systems as well.

The change to use authentication brokers instead of browser-based authentication is entirely transparent to our customers and does not require any added work. When customers sign in, they will use the built-in OS account picker that will allow them to connect their accounts for single sign-on (SSO).

We are excited about taking another step in securing our customers and their credentials.

Feedback and support

If you or your organization are encountering any issues with WAM-based authentication, refer to Microsoft Entra authentication and authorization error codes and Errors associated with Web Account Manager (WAM) articles to troubleshoot your issue.

If you require additional support related to identity or account management, please report your issues in the Microsoft Support Community. If you are part of an organization that has a support contract with Microsoft, we recommend directly engaging with your designated support contact.

The post Securing Developer Tools with Authentication Brokers appeared first on Microsoft for Developers.

Many Azure DevOps customers have been looking at the innovations coming out of GitHub and wondering how they can realize the benefits of those innovations while still using the capabilities they love in Azure DevOps. In the rest of this post, we’ll answer that question by looking at work we’ve been doing across Microsoft and GitHub to enable customers to acquire and use Azure DevOps and GitHub together to get the best of both worlds.

GitHub innovation available to all Azure DevOps customers

At last year’s Build conference, we announced GitHub Advanced Security for Azure DevOps (GHAzDO), which integrates the core capabilities of GitHub Advanced Security – secret scanning, code scanning, and dependency vulnerability scanning – directly into Azure DevOps. Since then, we’ve delivered a steady stream of improvements to GHAzDO, including (most recently) pull request annotations that highlight new code security and dependency vulnerabilities right in the Azure Repos pull request experience. In the coming months, our ongoing investments in GHAzDO will include secret validity (or “liveness”) checking, support for Dependabot auto-updates of dependency vulnerabilities, and more.

Azure DevOps customers can similarly benefit from many of the key capabilities of GitHub Copilot for Business without making any other changes to their Azure DevOps usage. GitHub Copilot features like code completions, chat, extensions, and more are available directly in Visual Studio or Visual Studio Code. And Enterprise accounts can be used to manage GitHub Copilot licenses without any other GitHub Enterprise usage.

GitHub innovation available to Azure DevOps customers using GitHub repositories

Of course, additional innovative capabilities in both GitHub Copilot and GitHub Advanced Security are available to customers who have their code in GitHub repositories. To better enable this for Azure DevOps customers without compromising their overall experience, we’ve been working hard across Microsoft and GitHub to improve the integrations between our two DevSecOps products. Our overarching goal is for the two products to feel like an integrated suite, with the same end-to-end traceability Azure DevOps customers have come to expect.

In GitHub Copilot, many additional capabilities light up for customers whose code repositories are stored in GitHub, including codebase aware chat capabilities, pull request experiences like Copilot Workspace, and fine-tuned models.

Similarly, GitHub Advanced Security (GHAS) has many capabilities that GitHub Advanced Security for Azure DevOps (GHAzDO) lacks. And while we will continue to invest in closing gaps between GHAzDO and GHAS, GHAS will always run ahead of GHAzDO. Today, this includes Copilot autofix capabilities and the new security campaigns features.

To take advantage of these capabilities in GitHub, Azure DevOps customers will need to migrate some or all their repositories to GitHub. To do this, we recommend:

• Setting up a GitHub Enterprise organization. As a best practice, we recommend GitHub Enterprise Managed Users using the same Microsoft Entra tenant used by your Azure DevOps organization. With this configuration, you can use Entra groups to manage access to both organizations in a consistent way.
• Migrating repositories using GitHub Enterprise Importer. Start slow, and make sure to do a trial run or two to prove things out.
• Installing the Azure Boards and Azure Pipelines apps into your GitHub organization.

The Azure Boards app enables the same end-to-end traceability customers are used to when using all Azure DevOps – from ideas tracked in Boards all the way to production environments deployed by Azure Pipelines. And the Azure Pipelines app enables the same capabilities customers using Azure Repos are used to, including Pull Request triggers, Continuous Integration triggers, governed templates, and more.

Many customers are already using these two apps to integrate Azure DevOps with GitHub. In October, customers:

• Created more than 800 thousand links between Azure Boards and GitHub repositories (up 67% from last year), with the largest single customer creating more than 60 thousand.
• Ran more than 32 million Azure Pipelines jobs that consumed GitHub repositories (up 42%), with the largest single customer running more than 2 million.

Let’s take a quick tour of the integrated experience!

It all starts by creating an initial link between an idea tracked in Azure Boards and the code changes that will bring that idea to life. This can be done either through a rich Boards user experience:

Or by using AB# syntax in your commit message or PR description:

GitHub pull request link experience for Azure Boards

Either way, you’ll get Azure Boards work item links in the Development section of your GitHub pull request, just as you would if you were using GitHub Issues. And you’ll see up-to-date status in your Azure Boards work item as your GitHub pull request gets updated.

If you’ve configured PR triggers for your pipeline, you’ll see results show up right in the Checks experience within your pull request. And all the rich Azure Pipeline capabilities you expect will continue to be available, including governed templates, the newly announced Managed DevOps Pools, and more.

We still have more planned work to further enhance the experience – see our public roadmap for the latest information. And as more customers adopt this approach, we will continue to learn from them and further integrate our two products.

Licensing integration

For some time now, Visual Studio subscribers have had usage rights for both GitHub Enterprise and Azure DevOps. But other users have had to pay for both products to use them together … until now! We are excited to announce that starting in January, we are including Azure DevOps Basic usage rights with GitHub Enterprise licenses and automating the experience for Azure DevOps customers.

Just as with Visual Studio subscriptions, we will automatically detect GitHub Enterprise Licenses for users when they log into Azure DevOps and grant them a new GitHub Enterprise access level (with access equivalent to Azure DevOps Basic).

This capability will begin lighting up for GitHub Enterprise Cloud customers in January, and for GitHub Enterprise Cloud with Data Residency customers early in the new year.

Update: Originally, this blog post called out December, 2024 for when the licensing integration work would light up for GitHub Enterprise Cloud customers. We now expect the integration to light up in January.

We are committed to enabling Azure DevOps customers to get the best out of both Azure DevOps and GitHub. We hope you’ll try out the latest integrations and innovations and let us know what you think!

The post Getting the most out of Azure DevOps and GitHub appeared first on Microsoft for Developers.

Since GitHub joined Microsoft in 2018, we’ve been working hard to bring our tools and services together to deliver a productive and delightful experience for developers so they can focus on driving innovation through their code. We started by integrating features and services developers love and use every day from GitHub into our code editors. This includes creating and managing pull requests, issues, and repositories, and making it easier to deploy apps and services to Azure with GitHub Actions. We continue to innovate and collaborate to deliver an unparalleled end-to-end experience for developers and their teams.

GitHub Copilot is the most adopted AI pair programming tool today with more than 1.8 million paid developers in addition to the 1 million students, teachers, and open-source maintainers that use GitHub for free. Copilot now makes it much easier to learn a new technology or programming language, ramp up on a codebase that’s new to you, or learn how to best configure your developer workstation. Let’s take a deeper look at how we’re building, innovating, and integrating GitHub Copilot throughout the entire development lifecycle into the tools and services you love.

GitHub Copilot: Code faster with the world’s most widely adopted AI developer tool

Developing Copilot has been a cross-team effort and we’ve been relentlessly focused on building and releasing innovations to enhance the developer experience. Since the early days of code completions and contextual awareness, we’ve aimed to get to the heart of what developers can use to reduce toil and distraction and replace it with joy.

In 2021, we started by bringing Copilot’s code completions into the Visual Studio family. Today, Copilot is capable of so much more than completion, which makes it an essential part of any developer’s setup. Use Copilot Chat to ask Copilot to explain, refactor, optimize, debug, document, and test your code. As you type, inline suggestions come to life, enabling you to convert comments to code, get help fixing errors, or let it write the test for the function you just wrote.

As we continue to innovate together—we’re creating new ways to interact with chat. In addition to submitting prompts, developers can use keywords to help Copilot better understand your prompt, leverage slash commands to avoid writing complex prompts, and incorporate chat variables to specify context. Recently, we have added new support for multimodal modals, and the ability to speak directly to Copilot.

Perhaps most excitingly, AI model selection in Copilot unlocks a new world of possibilities giving developers the freedom to explore new models and select workable options. In Visual Studio Code, developers can access models from the model catalog like Anthropic’s Claude 3.5 Sonnet, Google’s Gemini 1.5 Pro, and OpenAI’s o1-preview and o1-mini. OpenAI and Claude 3.5 Sonnet models are available now; Google’s Gemini 1.5 Pro is coming soon.

GitHub Copilot continues to evolve with new capabilities for developers. With AI-powered code review, makes feedback from pull requests immediately actionable and easy to see in the context of your code editor.  With Copilot Extensibility, extensions can interface with services like Jira, Sentry, and more from the comfort of Copilot Chat in your favorite code editor, without having to disrupt your flow or context-switch. Best yet, you can create your very own extensions that integrate with your own data, services, and workflows into Copilot.

Finally, for task-focused scenarios, we’ve built Visual Studio Code extensions for the new GitHub Copilot Workspace so developers can get straight to the task at hand, jumpstarting the process by describing what they want in a natural language. Alongside Visual Studio Code, GitHub Copilot is deeply integrated into our entire developer tools ecosystem with handcrafted experiences and features based on the work that developers need to do within the tool of their choice.

Visual Studio and GitHub Copilot

Visual Studio is our premier IDE for .NET, C++, and game developers. In Visual Studio, developers build large-scale applications with sometimes a hundred projects for their distributed system. With GitHub Copilot, developers can index and search their entire codebase for deep insight, make code edits across multiple files and projects with the upcoming Edits feature, and get advanced visualizations and debugging insights to help them solve problems.

For example, GitHub Copilot can be used with the Visual Studio profiler to identify and suggest fixes for a performance issue in the Visual Studio profiler codebase itself!

GitHub Copilot has been infused throughout Visual Studio with new features, including the ability to set breakpoints, suggest code fixes, debug exceptions and tests, migrate projects, and much more.  With Visual Studio, .NET, and GitHub Copilot, solutions for some of the hardest challenges in building software at scale are now within reach of every developer.

Working across GitHub Codespaces and Visual Studio Code

Setting up a developer workstation is an arduous task, but we’ve built a seamless connection between Visual Studio Code and GitHub Codespaces to make it a breeze. You can use your local install of Visual Studio Code or one hosted on the web to create, manage, work in, and delete Codespaces all via the GitHub Codespaces extension. Dev containers are the common format for setting up both, which helped the GitHub team reduce their dev box setup time from 45 minutes to under a minute to onboard developers.

We love how developers around the globe are using Codespaces for help with everyday development and how they’re being used to teach others to code with samples, workshops, and documentation. The near-instant coding environment has been integrated through all our training modules on Microsoft Learn and has become our standardized way to get started with learning any Microsoft technology.

Better collaboration for Dev Teams

Software is a team sport. In the last few years, dev teams using Azure DevOps have been seeking better integration with GitHub. Thousands of companies using Azure DevOps want to leverage the strength of both platforms and we’ve been working to make that possible. Developers and dev teams can now use GitHub Advanced Security for Azure DevOps and GitHub Copilot for Business within Azure DevOps. Secure your Azure Repos with advanced scanning features and harness the AI-driven coding assistance of GitHub Copilot, all without leaving your current workflow.

Streamlined Integration and Migration

We’re also focused on improving the integration between Azure Boards, Azure Pipelines, and GitHub Repositories. This work will empower dev teams to fully leverage the advanced features of Copilot and GitHub Advanced Security, while leveraging enterprise-focused project and tracking capabilities in Azure Boards, and the robust continuous delivery capabilities in Azure Pipelines. Developers can now create GitHub branches directly from Azure Boards, find Azure Boards work item links in GitHub pull requests, trigger Azure Pipeline jobs at pull request time or after changes are merged, and more.

Our goal is to provide developers using all of these products with the same end-to-end traceability they’ve come to expect from Azure DevOps. With the GitHub Enterprise Importer, developers can transition their repos from Azure repos to GitHub repos all while continuing to use Azure Boards and Azure Pipelines, and access GitHub’s powerful capabilities in AI and security.

Simplifying cloud deployments

We want to make the path to Azure easier and more intuitive for developers. To do that, we’re building better integration with GitHub.

Learn how to build and deploy to the cloud with GitHub Copilot for Azure

GitHub Copilot makes it easier to learn how to build and deploy to the cloud and how to do it without friction safely from the cockpit of where your code lives. We recently launched the preview of GitHub Copilot for Azure, which builds upon the Copilot Chat capabilities in Visual Studio Code to help developers manage resources and deploy applications. Using GitHub Copilot for Azure, developers can get personalized guidance to learn, provision, deploy, diagnose, and estimate costs for Azure services and resources without needing to leave the comfort of their personalized code editor.

Seamless Azure CI/CD integration with GitHub Actions

GitHub Actions for Azure helps you create workflows that build, test, package, release, and deploy to Azure for CI/CD integration. GitHub Actions also includes support for key utilities that can streamline testing and deployment of intelligent apps with a variety of AI models, including Azure Resource Manager templates, Azure CLI, and Azure Policy.

The Azure Developer CLI (azd) gives developers a direct path in the dev loop to provision Azure resources, deploy, and set up a CI/CD pipeline for continuous deployments. GitHub Actions workflows are now automatically generated when creating apps with azd templates and infrastructure for popular services, including Azure App Service and Static Web Apps.

To help start you on your AI app development journey, we’ve launched the AI app templates gallery with a curated collection of templates that can be deployed to Azure using Visual Studio Code or GitHub Codespaces. These templates are completely open source on GitHub for you to contribute your own ideas.

Tools for building your own intelligent apps

The AI field is evolving rapidly, and it can be hard to keep up. GitHub Models supports secure experimentation with models, providing QuickStart code for various languages and frameworks to simplify model exploration. You can seamlessly transition from GitHub Models to Codespaces, Visual Studio Code, and Azure as you go from experiment to prototype to production deployment. If you’re not sure where to start or want to test drive, you can experiment in the GitHub playground for free and scale your AI apps to paid endpoints using Azure for secure, enterprise-level deployment and monitoring.

You can now also scale your AI applications with key insights leveraging Azure AI evaluation and online experimentation Actions (both in preview). These capabilities can be fully integrated into your CI/CD development workflows with pre-production evaluation and online experimentation results posted directly back to GitHub for analysis.

Self-provisioning GitHub from the Azure portal

Procurement of tools and infrastructure should be simple and easily accessible. You can now purchase and self-provision GitHub directly from the Azure portal, including setting up an Enterprise Managed Users configuration. Speaking of Azure, the new GitHub Enterprise Cloud with data residency is built on top of Azure, which means that you get the security, business continuity, and disaster recovery capabilities of the cloud.

Developers build our future

As we look ahead, the future of software development has never been brighter. Microsoft and GitHub are committed to empowering developers around the world to innovate, collaborate, and create solutions that’ll shape the next generation of technology. By combining our strengths, we’re paving the way for a more connected and dynamic digital landscape. We’re excited to continue this journey with you and we can’t wait to see what amazing things we’ll build together.

We’ve just launched the Microsoft for Developers blog, where we’ll strive to tell the full end-to-end story for developers as they build and infuse their applications with AI, migrate their applications to the cloud, or take advantage of the latest features and platform capabilities.

To stay up to date with the new Microsoft for Developers blog, subscribe in your favorite RSS reader or by signing up for email notifications whenever we publish a new post.

The post Software is a team sport: Building the future of software development together appeared first on Microsoft for Developers.

Whether you use the Visual Studio family of IDEs, GitHub, Azure DevOps or build apps for Azure, Windows, M365, Teams or Microsoft Copilot, now more than ever, we need a place to share with you how you can use our products together so you can focus on writing the code that’s unique to your organization.

Microsoft for Developers will strive to tell the full end-to-end story for developers as they build and infuse their applications with AI, migrate their applications to the cloud, or take advantage of the latest features and platform capabilities. You’ll find updates on how to become more productive than ever as we integrate all of our tools and services with GitHub Copilot and surface the knowledge in the code editors that you use every day.

Developer blogs here at Microsoft are trusted by millions of developers to get deep insight and the latest news about the products they love – directly from the product teams at Microsoft that build them. Our plan is to not change anything about the current developer blog ecosystem that developers trust. You’ll still get all of your product-specific updates and insights from blogs such as .NET, Visual Studio, VS Code, GitHub, and so many more. Think of this new blog as a unified hub for major announcements that span multiple products and deep insights into making them all work for you.

Often adopting new technology requires culture change in the form of upskilling, changing organizational structure or job content. We’ll share insights and best practices for DevSecOps, platform engineering, cloud-native architectures, building with AI, and enterprise integration.

Finally, we’ll share your stories about how you’re using these products and services together to build world class applications and services to empower people around the world to achieve more.

To stay up to date with the new Microsoft for Developers blog, subscribe in your favorite RSS reader or by signing up for e-mail notifications whenever we release a new blog.

#HappyCoding

The post Welcome to the Microsoft for Developers blog appeared first on Microsoft for Developers.