Limit job authorization scope to current project for classic release pipelines.

Why This Matters

Restricting job authorization to the current project scope is a key security control for classic release pipelines in Azure DevOps. Without this limit, a pipeline job could potentially access resources across multiple projects, increasing the risk of lateral movement or unauthorized access in the event of a pipeline compromise. Administrators should enforce this setting to maintain a least-privilege security posture and reduce the attack surface within their Azure DevOps organization.

What Aether365 Checks

Aether365 verifies that the job authorization scope is limited to the current project for all classic release pipelines. This check appears in your Aether365 dashboard under the microsoft-365 security checks, helping ensure your Azure DevOps environments align with security best practices.