Content by angel wong (7)

Angel Wong warns that authentication tokens (including Azure DevOps scenarios) should not be treated as a stable data contract: token claims were never guaranteed, and additional encryption rolling out this summer will make token payloads unreadable, breaking apps that decode claims instead of using supported APIs.

Angel Wong details Microsoft's retirement plan for Global Personal Access Tokens in Azure DevOps, outlining key security implications and migration steps for practitioners.

Angel Wong outlines key security improvements and modernization efforts for legacy Visual Studio client authentication, urging developers to upgrade to supported tools to ensure continued secure access.

Angel Wong announces an important change to how Azure DevOps handles OAuth client secrets, introducing a ‘show-once’ system to improve security and retiring the existing secret retrieval API.

Angel Wong introduces support for Continuous Access Evaluation (CAE) on Azure DevOps, discussing its impact on real-time security and the implications for developers using Microsoft Entra ID.

Angel Wong announces important authentication updates for Azure DevOps, moving away from Azure Resource Manager dependence for Entra sign-ins. This guide helps administrators prepare for the coming changes in Conditional Access requirements.

Written by Angel Wong, this article explores the new preview policy in Azure DevOps to restrict personal access token creation. It details how organizations can reduce PAT usage and strengthen their security measures.