www.stepsecurity.io 7/15/2026, 11:10:38 PM · external

Device Policy secures VS Code extensions with MDM and Terraform

Device Policy secures VS Code extensions with MDM and Terraform
CyberSIXT Evidence Panel Source marked as original reporting

THE article introduces Device Policy, a new feature that allows security teams to enforce a list of approved VS Code extensions across their organization using tools like Intune, Jamf, or the DMG agent. Key points include:

1. **Functionality**: Device Policy enables the definition of policies specifying which VS Code extensions are allowed or blocked, enhancing security by preventing unauthorized extensions from being installed.

2. **Building Blocks**: Policies define allowed extensions, while profiles bundle these policies for delivery to devices.

3. **Implementation**: Device Policy can be delivered through common MDM systems or directly via the DMG agent if no MDM is present.

4. **Tamper-resistance**: Once enforced, policies cannot be bypassed by developers, ensuring compliance.

5. **Terraform Integration**: Device Policy offers an integration with Terraform for managing policies as code, allowing for version control and consistent infrastructure management.

6. **Getting Started**: Users can access Device Policy through the StepSecurity dashboard and create policies based on existing extension inventories.

View full article

Article by CyberSIXT