Skip to content

Azure DevOps PAT V2

Service Name: Azure DevOps

Service Description: Azure DevOps is a Microsoft product that provides version control, reporting, requirements management, project management, automated builds, testing and release management capabilities.

Service Address: https://dev.azure.com/

Validation Type: API Auth

IP Allow list: Does not exist

Secret Access Scope: Grants programmatic access to Azure DevOps resources based on the scopes defined during token creation.

Secret Revokement URL: https://dev.azure.com/YourOrganization/_usersSettings/tokens

Secret Example: vzgj5yavsmkbpwgaar6c7f5vz4bw2gcagmfijdtevc5aq4c3g75a

Suspicious Activity Investigation Instructions:

  • Review Azure DevOps audit logs for unusual activity or resource access
  • Check for unauthorized repository clones, code changes, or pipeline executions
  • Look for unusual build or release pipeline modifications
  • Monitor for unexpected permission changes or team membership modifications
  • Verify no unauthorized service connections have been created

Mitigation Instructions:

  • Immediately revoke the compromised PAT in Azure DevOps settings
  • Navigate to your Azure DevOps organization settings
  • Go to Personal Access Tokens under User Settings
  • Find the compromised token and click "Revoke"
  • Review all recent activities performed with the token
  • Create a new PAT with appropriate scopes if needed
  • Consider implementing IP restrictions for Azure DevOps access
  • Enable multi-factor authentication for all users