March Patches for Azure DevOps Server

Azure DevOps Server remains a cornerstone for enterprises that require on‑premises version control, work‑item tracking, and CI/CD pipelines. Microsoft follows a regular cadence of security and reliability updates, and the March 13 2026 release—re‑published after a brief rollback—introduces Patch 2 as the latest corrective bundle. The patch is distributed through the official download portal and is signed to meet corporate compliance standards. By delivering the fix as a separate installer, Microsoft allows administrators to schedule downtime and test the update in isolated environments before rolling it out across production clusters.

The underlying issue stems from a code path introduced in the original Azure DevOps Server launch that could silently deactivate group memberships under specific conditions. Such deactivation jeopardizes access controls, potentially locking out developers, auditors, or automated build agents, and can trigger compliance violations in regulated sectors. Patch 2 directly addresses the faulty logic, restoring the intended group state and eliminating the need for the manual mitigation script that many customers deployed after the initial advisory. Organizations that applied the earlier script now only need to install Patch 2 to complete remediation.

Administrators should download Patch 2 from the Azure DevOps Server download page and run the installer during a maintenance window. After installation, the built‑in verification command `<patch-installer>.exe CheckInstall` confirms the patch’s presence, providing an audit‑ready log entry. Maintaining the latest patch level not only safeguards against the specific group‑membership bug but also ensures compatibility with upcoming feature releases and cloud‑connected extensions. As Microsoft continues to align on‑premises and Azure‑hosted services, timely patch adoption will remain a critical component of an organization’s DevOps governance strategy.