Azure DevOps Roadmap
| What's New | Developer Community | DevOps Blog | Documentation |
This feature list is a peek into our roadmap. It identifies some of the significant features we are currently working on and a rough timeframe for when you can expect to see them. It is not comprehensive but is intended to provide some visibility into key investments. At the top you will find a list of our large multi-quarter initiatives and the features that they break down into. Further down you will find the full list of significant features we have planned.
Each feature is linked to an article where you can learn more about a particular item. These features and dates are the current plans and are subject to change. The Timeframe columns reflect when we expect the feature to be available on Azure DevOps Services; the Server columns reflect when we expect the feature to ship in Azure DevOps Server.
GitHub Advanced Security for Azure DevOps
GitHub Advanced Security (GHAS) for Azure DevOps, now in public preview, is a suite of developer security analysis tools integrated directly into Azure DevOps to protect your Azure Repos and Pipelines. It includes:
- Secret Scanning to detect credentials and other secrets that may have already been committed to your Azure Repos, as well as push protection to prevent developers from accidentally pushing new secrets.
- Dependency Scanning to identify any known vulnerable open-source packages you may be using, and offer straightforward guidance on how to upgrade those packages to fix the vulnerabilities.
- Code Scanning with CodeQL, a powerful static analysis engine that identifies deep application security vulnerabilities in your source code.
Minimizing the risks associated with credential theft
Azure DevOps supports many different authentication mechanisms, including basic authentication, personal access tokens (PATs), SSH, and Azure Active Directory access tokens. These mechanisms are not created equal from a security perspective, especially when it comes to the potential for credential theft. For example, unintended leakage of credentials like PATs can let malicious actors into Azure DevOps organizations where they can gain access to critical assets like source code, pivot toward supply chain attacks, or even pivot toward compromising production infrastructure.
To minimize the risks of credential theft, we have work in flight covering four distinct areas:
- Enable administrators to improve authentication security through control plane policies.
- Reducing the need for PATs and other stealable secrets by adding support for more secure alternatives.
- Deepening Azure DevOps' integration with Azure Active Directory to better support its various security features.
- Avoiding the need to store production secrets in Azure Pipelines service connections.
We expect this work to be a major focus of our efforts for multiple quarters.
|PAT lifecycle APIs||General||2022 Q4||2022.1|
|Control plane for personal access tokens (PAT)||General||2022 Q4||2022.1|
|Managed Identity and Service Principal support (preview)||General||2023 Q1||N/A|
|Secret-free deployments from Azure Pipelines (preview)||Pipelines||2023 Q2||N/A|
|Granular scopes for Azure Active Directory OAuth||General||2023 Q2||N/A|
|Managed Identity and Service Principal support (GA)||General||2023 H2||N/A|
|Secret-free deployments from Azure Pipelines (GA)||Pipelines||2023 H2||N/A|
|Policies to disable alternate authentication credentials||General||Future||N/A|
|Full support for Conditional Access Policies||General||Future||N/A|
Updated Boards experience
The Azure Boards user experience is being updated from the ground up. While the functionality remains the same, you can expect a more modern design, responsive reflows, improved performance, and improved accessibility.
Learn more about how to enable the New Boards Hub and provide us with feedback.
Note that most new features we are shipping in Boards are only available in the New Boards Hub. These investments include:
|Move to position||Boards||2022 Q2||Future|
|Adding Assigned To avatar to child items on cards||Boards||2022 Q2||Future|
|Move to Column and Move to Swimlane||Boards||2022 Q1||Future|
|Filter to work item history||Boards||2022 Q3||Future|
|Copy work item attachment URL||Boards||2022 Q4||Future|
|Maintain backlog hierarchy when filters are applied||Boards||2022 Q4||Future|
|Ability to change link type from Web UI||Boards||2022 Q4||Future|
|Swimlane colors on Kanban board||Boards||2023 Q1||Future|
|Swimlane rules on Kanban board||Boards||2023 Q2||Future|
|Markdown editor for work item comments (preview)||Boards||2023 Q2||Future|
|Automated team work item rules||Boards||2023 Q3||Future|
|Include additional fields on page filters||Boards||2023 Q3||Future|
Pipelines agent Node lifecycle
Azure Pipelines tasks can be authored either in Node or PowerShell, and they use the corresponding runner in the Azure Pipelines agent. Node has a regular cadence of releases, with Node 16 being the LTS and Node 18 the Current version as of October, 2022. The original design of the Node task runner did not make Node version upgrades straightforward for task authors, and as a result has not kept up with the latest Node releases. We've heard feedback from customers on this, and are now making a number of changes to enable Azure Pipelines agents to keep installed Node versions in sync with the Node release cadence and support lifecycle while minimizing impacts on task and pipeline authors.
As a first step, we recently released a new Node 16 task runner for the agent. Over the next few months, we plan to provide improved guidance for task authors to keep up with Node updates. Because not all tasks in the Marketplace will be continuously updated to run on the latest versions of Node, we will also provide pipeline authors the ability to continue using non-upgraded tasks. Once all these features are available, we'll remove end-of-life versions of Node from Microsoft hosted agents and self-hosted agent images.
|Node 16 runner along with other runners||Pipelines||2022 Q3||Future|
|Tasks can express compatibility with multiple Node runners||Pipelines||2022 Q3||Future|
|All in-the-box tasks run on Node 16||Pipelines||2023 Q2||Future|
|Ability to run tasks on next available Node version, if targeted version is not available||Pipelines||2023 Q2||Future|
|Removal of Node 6 and 10 from Microsoft hosted pools||Pipelines||2023 Q2||Future|
|Ship a Node 16 only agent in addition to the one that has all three versions (6, 10, 16)||Pipelines||2023 Q2||Future|
|Ability to download and install old runners on self-hosted agents||Pipelines||2023 Q2||Future|
|Stop shipping Node 6 and Node 10 runners with the agent||Pipelines||2023 Q2||Future|
Customers prefer YAML pipelines over classic for builds (CI). However, for releases (CD), many customers have continued to use classic release management pipelines over YAML. The primary reason for this is the lack of parity in various CD features between the two solutions. Over the next year, we will invest in bridging these gaps. As a first step, we will focus on checks. Checks are the primary mechanism in YAML pipelines to gate promotion of a build from one stage to another.
|Auditing for checks||Pipelines||2022 Q4||Future|
|Custom variables in checks||Pipelines||2023 Q1||Future|
|Checks scalability||Pipelines||2023 Q2||Future|
|Sequencing approvals and other checks||Pipelines||2023 Q3||Future|
|Service connections in checks||Pipelines||2023 Q4||Future|
How to provide feedback
We would love to hear what you think about these features. Report any problems or suggest a feature through Developer Community.
You can also get advice and your questions answered by the community on Stack Overflow.