{"id":3606,"date":"2026-03-11T23:46:28","date_gmt":"2026-03-11T23:46:28","guid":{"rendered":"https:\/\/rssfeedtelegrambot.bnaya.co.il\/index.php\/2026\/03\/11\/temporary-rollback-build-identities-can-access-advanced-security-read-alerts-again\/"},"modified":"2026-03-11T23:46:28","modified_gmt":"2026-03-11T23:46:28","slug":"temporary-rollback-build-identities-can-access-advanced-security-read-alerts-again","status":"publish","type":"post","link":"https:\/\/rssfeedtelegrambot.bnaya.co.il\/index.php\/2026\/03\/11\/temporary-rollback-build-identities-can-access-advanced-security-read-alerts-again\/","title":{"rendered":"Temporary rollback: build identities can access Advanced Security: read alerts again"},"content":{"rendered":"<p>If you use build service identities like <code>Project Collection Build Service<\/code> to call Advanced Security APIs, the <a href=\"https:\/\/learn.microsoft.com\/en-us\/azure\/devops\/release-notes\/2026\/sprint-269-update#build-identity-access-restricted-for-advanced-security-apis\">Advanced Security permission changes in Sprint 269<\/a> broke that. We restricted API access for build identities as a security improvement but failed to provide an early notice for customers that relied upon this for various automations.<\/p>\n<p>We\u2019re rolling it back temporarily. <strong>The restriction will be re-enforced on April 15, 2026.<\/strong><\/p>\n<h2>What you should do<\/h2>\n<p>Action is required. The recommended path is a service principal with <strong>Advanced Security: Read alerts<\/strong> permissions for your Advanced Security-enabled repositories. Scope it narrowly, and if the service principal isn\u2019t committing code, it won\u2019t consume an Advanced Security committer license.<\/p>\n<h3>Status checks in Sprint 272<\/h3>\n<p>We\u2019re also shipping <strong>status checks<\/strong> soon, which give teams a native way to gate on security posture without API-driven alert mutations from pipeline identities.<\/p>\n<p><a href=\"https:\/\/devblogs.microsoft.com\/devops\/wp-content\/uploads\/sites\/6\/2026\/03\/ado-status-checks.webp\"><img data-opt-id=1058046955  fetchpriority=\"high\" decoding=\"async\" src=\"https:\/\/devblogs.microsoft.com\/devops\/wp-content\/uploads\/sites\/6\/2026\/03\/ado-status-checks.webp\" alt=\"ado status checks image\" width=\"1643\" height=\"822\" class=\"aligncenter size-full wp-image-72540\" \/><\/a><\/p>\n<p>This won\u2019t replace every automation scenario, though it enables pull request-time blocking on the presence of high and critical alerts.<\/p>\n<p>Have feedback or hitting gaps moving to a service principal? <a href=\"https:\/\/aka.ms\/ghazdo-feedback\" target=\"_blank\">Let us know<\/a>.<\/p>\n<hr \/>\n<p><strong>Action required by April 15<\/strong>: move API automation to a service principal with <strong>Advanced Security: Read alerts<\/strong> or watch for status checks in Sprint 272.<\/p>\n<p>The post <a href=\"https:\/\/devblogs.microsoft.com\/devops\/temporary-rollback-build-identities-can-access-advanced-security-read-alerts-again\/\">Temporary rollback: build identities can access Advanced Security: read alerts again<\/a> appeared first on <a href=\"https:\/\/devblogs.microsoft.com\/devops\">Azure DevOps Blog<\/a>.<\/p>","protected":false},"excerpt":{"rendered":"<p>If you use build service identities like Project Collection Build Service to call Advanced Security APIs, the Advanced Security permission [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":3607,"comment_status":"","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[3],"tags":[],"class_list":["post-3606","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-azure"],"_links":{"self":[{"href":"https:\/\/rssfeedtelegrambot.bnaya.co.il\/index.php\/wp-json\/wp\/v2\/posts\/3606","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/rssfeedtelegrambot.bnaya.co.il\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/rssfeedtelegrambot.bnaya.co.il\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/rssfeedtelegrambot.bnaya.co.il\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/rssfeedtelegrambot.bnaya.co.il\/index.php\/wp-json\/wp\/v2\/comments?post=3606"}],"version-history":[{"count":0,"href":"https:\/\/rssfeedtelegrambot.bnaya.co.il\/index.php\/wp-json\/wp\/v2\/posts\/3606\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/rssfeedtelegrambot.bnaya.co.il\/index.php\/wp-json\/wp\/v2\/media\/3607"}],"wp:attachment":[{"href":"https:\/\/rssfeedtelegrambot.bnaya.co.il\/index.php\/wp-json\/wp\/v2\/media?parent=3606"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/rssfeedtelegrambot.bnaya.co.il\/index.php\/wp-json\/wp\/v2\/categories?post=3606"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/rssfeedtelegrambot.bnaya.co.il\/index.php\/wp-json\/wp\/v2\/tags?post=3606"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}