(Organization) Disallow extensions from accessing resources on the local network.

Why This Matters

Attackers can exploit malicious or compromised Azure DevOps extensions to pivot from your build pipeline into internal corporate resources. Disallowing extensions from accessing the local network prevents lateral movement and data exfiltration through your CI/CD environment. Without this restriction, an extension with network access could reach internal services, databases, or other sensitive systems.

What Aether365 Checks

This check verifies that your Azure DevOps organization policy prevents extensions from making requests to local network resources. It appears in the Aether365 dashboard under microsoft-365 checks.