Disable Marketplace tasks.

Why This Matters

Allowing installation of tasks from the public Marketplace introduces unverified code into your Azure DevOps pipelines. Malicious or poorly maintained tasks can expose secrets, modify pipeline behavior, or serve as a vector for supply chain attacks. Disabling Marketplace tasks reduces your attack surface and ensures only approved, internally vetted tasks are used.

What Aether365 Checks

Aether365 verifies that the Azure DevOps organization setting to disable installation of Marketplace tasks is enabled. This check appears in your Aether365 dashboard under the microsoft-365 checks category.