Former MS:<p>Different development teams have different attestation requirements. My team did not require commits to be attested via yubikey when I was there, although I know at least one team that had that requirement.<p>It was an internal team specific requirement though and one of their own choosing (meaning they imposed it on themselves).<p>A few other things:<p>- Azure DevOps is public, you can see it or try it out here: <a href="https://azure.microsoft.com/en-us/products/devops" rel="nofollow">https://azure.microsoft.com/en-us/products/devops</a><p>- Internally at MS, stuff is dogfooded on dev / test / pre-production builds so things are broken often. Think like being on Windows Insider constantly only its even earlier in development (canary releases or other trial branches).<p>- MS doesn't require you to use a specific browser internally. IIRC the internal standards actually require internal sites to support Firefox, as there are places in the world where MS has employees where Firefox usage must be supported.