Azure DevOps PAT V2
Service Name: Azure DevOps
Service Description: Azure DevOps is a Microsoft product that provides version control, reporting, requirements management, project management, automated builds, testing and release management capabilities.
Service Address: https://dev.azure.com/
Validation Type: API Auth
IP Allow list: Does not exist
Secret Access Scope: Grants programmatic access to Azure DevOps resources based on the scopes defined during token creation.
Secret Revokement URL: https://dev.azure.com/YourOrganization/_usersSettings/tokens
Secret Example: vzgj5yavsmkbpwgaar6c7f5vz4bw2gcagmfijdtevc5aq4c3g75a
Suspicious Activity Investigation Instructions:
- Review Azure DevOps audit logs for unusual activity or resource access
- Check for unauthorized repository clones, code changes, or pipeline executions
- Look for unusual build or release pipeline modifications
- Monitor for unexpected permission changes or team membership modifications
- Verify no unauthorized service connections have been created
Mitigation Instructions:
- Immediately revoke the compromised PAT in Azure DevOps settings
- Navigate to your Azure DevOps organization settings
- Go to Personal Access Tokens under User Settings
- Find the compromised token and click "Revoke"
- Review all recent activities performed with the token
- Create a new PAT with appropriate scopes if needed
- Consider implementing IP restrictions for Azure DevOps access
- Enable multi-factor authentication for all users