diff --git a/.azure-pipelines/SignExtension.signproj b/.azure-pipelines/SignExtension.signproj
deleted file mode 100644
index 2207d638..00000000
--- a/.azure-pipelines/SignExtension.signproj
+++ /dev/null
@@ -1,29 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<Project ToolsVersion="Current" Sdk="Microsoft.Build.NoTargets/3.7.56">
-  <PropertyGroup>
-    <TargetFramework>net8.0</TargetFramework>
-  </PropertyGroup>
-  <ItemGroup>
-    <!-- FilesToSign needs to be inside $(OutDir) hence we copy it into
-    $(OutDir) before (from CWD) and move it back outside after the signing -->
-    <FilesToSign Include="$(OutDir)\extension.signature.p7s">
-      <!-- Add the certificate friendly name below -->
-      <Authenticode>VSCodePublisher</Authenticode>
-    </FilesToSign>
-  </ItemGroup>
-
-  <ItemGroup>
-    <PackageReference Include="Microsoft.VisualStudioEng.MicroBuild.Core" Version="1.0.0">
-      <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
-      <PrivateAssets>all</PrivateAssets>
-    </PackageReference>
-  </ItemGroup>
-
-  <Target Name="CopySignatureFile" BeforeTargets="SignFiles">
-    <Copy SourceFiles="$(ProjectDir)\..\extension.manifest" DestinationFiles="$(OutDir)\extension.signature.p7s" />
-  </Target>
-
-  <Target Name="CopyBackSignatureFile" AfterTargets="SignFiles">
-    <Copy SourceFiles="$(OutDir)\extension.signature.p7s" DestinationFiles="$(ProjectDir)\..\extension.signature.p7s" />
-  </Target>
-</Project>
diff --git a/.azure-pipelines/compliance/CredScanSuppressions.json b/.azure-pipelines/compliance/CredScanSuppressions.json
deleted file mode 100644
index 7d951a3a..00000000
--- a/.azure-pipelines/compliance/CredScanSuppressions.json
+++ /dev/null
@@ -1,5 +0,0 @@
-// More info at https://eng.ms/docs/microsoft-security/security/azure-security/cloudai-security-fundamentals-engineering/cred-bot-trinity/credential-risk-exposure-defense/troubleshoot_guides/local-suppressions
-{
-    "tool": "Credential Scanner",
-    "suppressions": []
-}
diff --git a/.azure-pipelines/compliance/PoliCheckExclusions.xml b/.azure-pipelines/compliance/PoliCheckExclusions.xml
deleted file mode 100644
index 564475e2..00000000
--- a/.azure-pipelines/compliance/PoliCheckExclusions.xml
+++ /dev/null
@@ -1,11 +0,0 @@
-<PoliCheckExclusions>
-    <!-- More info at https://eng.ms/docs/microsoft-security/security/azure-security/cloudai-security-fundamentals-engineering/security-integration/guardian-wiki/sdl-azdo-extension/policheck-build-task#excluding-files-or-folders-from-the-policheck-scan -->
-    <!--Each of these exclusions is a folder name -if \[name]\exists in the file path, it will be skipped -->
-    <Exclusion Type="FolderPathFull">NODE_MODULES|BACKUPTEMPLATES|.VSCODE-TEST|DIST</Exclusion>
-    <!--Each of these exclusions is a folder name -if any folder or file starts with "\[name]", it will be skipped -->
-    <!--<Exclusion Type="FolderPathStart">ABC|XYZ</Exclusion>-->
-    <!--Each of these file types will be completely skipped for the entire scan -->
-    <!--<Exclusion Type="FileType">.ABC|.XYZ</Exclusion>-->
-    <!--The specified file names will be skipped during the scan regardless which folder they are in -->
-    <Exclusion Type="FileName">NOTICE.HTML</Exclusion>
-</PoliCheckExclusions>
diff --git a/.azure-pipelines/release.yml b/.azure-pipelines/release.yml
deleted file mode 100644
index 328d9c55..00000000
--- a/.azure-pipelines/release.yml
+++ /dev/null
@@ -1,36 +0,0 @@
-trigger: none # Only run this pipeline when manually triggered
-
-parameters:
-  - name: publishVersion
-    displayName: Version to publish
-    type: string
-  - name: dryRun
-    displayName: Dry run
-    type: boolean
-    default: false
-
-resources:
-  pipelines:
-    - pipeline: build # This must be "build"
-      source: \Azure Tools\VSCode\Extensions\vscode-containers # name of the pipeline that produces the artifacts
-  repositories:
-    - repository: azExtTemplates
-      type: github
-      name: microsoft/vscode-azuretools
-      ref: main
-      endpoint: GitHub-AzureTools # The service connection to use when accessing this repository
-
-variables:
-  # Required by MicroBuild template
-  - name: TeamName
-    value: "Container Tools Team"
-
-# Use those templates
-extends:
-  template: azure-pipelines/release-extension.yml@azExtTemplates
-  parameters:
-    publishVersion: ${{ parameters.publishVersion }}
-    dryRun: ${{ parameters.dryRun }}
-    environmentName: VSCodeDockerExtensionPublish
-    publishCommands: # Temporary for Authentication Challenges proposed API
-      - "vsce publish --azure-credential --packagePath vscode-containers-${{ parameters.publishVersion }}.vsix --manifestPath extension.manifest --signaturePath extension.signature.p7s --allow-proposed-apis authenticationChallenges"
diff --git a/.azure-pipelines/1esmain.yml b/.config/build.yml
similarity index 55%
rename from .azure-pipelines/1esmain.yml
rename to .config/build.yml
index c6648b0b..f552b141 100644
--- a/.azure-pipelines/1esmain.yml
+++ b/.config/build.yml
@@ -1,34 +1,36 @@
-# Trigger the build whenever `main` or `rel/*` is updated
-trigger:
-  - main
-  - rel/*
-
-# Disable PR trigger
-pr: none
-
-# Scheduled nightly build of `main`
-schedules:
-  - cron: "0 0 * * *"
-    displayName: Nightly scheduled build
-    always: false # Don't rebuild if there haven't been changes
-    branches:
-      include:
-        - main
-
-# `resources` specifies the location of templates to pick up, use it to get AzExt templates
-resources:
-  repositories:
-    - repository: azExtTemplates
-      type: github
-      name: microsoft/vscode-azuretools
-      ref: main
-      endpoint: GitHub-AzureTools # The service connection to use when accessing this repository
-
-variables:
-  # Required by MicroBuild template
-  - name: TeamName
-    value: "Container Tools Team"
-
-# Use those templates
-extends:
-  template: azure-pipelines/1esmain.yml@azExtTemplates
+# Trigger the build whenever `main` or `rel/*` is updated
+trigger:
+  - main
+  - rel/*
+
+# Disable PR trigger
+pr: none
+
+# Scheduled nightly build of `main`
+schedules:
+  - cron: "0 0 * * *"
+    displayName: Nightly scheduled build
+    always: false # Don't rebuild if there haven't been changes
+    branches:
+      include:
+        - main
+
+resources:
+  repositories:
+    # Use the shared templates from microsoft/vscode-azuretools
+    - repository: azExtTemplates
+      type: github
+      name: microsoft/vscode-azuretools
+      ref: bmw/pipelinesv2_2 # TODO: update to final branch
+      endpoint: GitHub-AzureTools # The service connection to use when accessing this repository
+
+variables:
+  # Pick up shared AZCode variables
+  - template: azdo-pipelines/azcode.variables.yml@azExtTemplates
+  - name: TeamName
+    value: "Container Tools Team" # Required for MicroBuild signing and telemetry
+
+extends:
+  template: azdo-pipelines/1es-mb-main.yml@azExtTemplates # Use the main build template
+  parameters:
+    testARMServiceConnection: ${{ variables.testARMServiceConnection }}
diff --git a/.config/release.yml b/.config/release.yml
new file mode 100644
index 00000000..64bd87bd
--- /dev/null
+++ b/.config/release.yml
@@ -0,0 +1,42 @@
+# Only run this pipeline when manually triggered
+trigger: none
+pr: none
+
+parameters:
+  # The version to publish--used for ensuring the expected version is published
+  - name: publishVersion
+    displayName: Version to publish
+    type: string
+  # Whether to do a dry run (i.e., not actually publish)
+  - name: dryRun
+    displayName: Dry run
+    type: boolean
+    default: false
+
+resources:
+  pipelines:
+    # Reference the build pipeline to get the artifacts
+    - pipeline: build # This must be "build"
+      source: \Azure Tools\VSCode\Extensions\vscode-containers # Name of the pipeline that produces the artifacts
+  repositories:
+    # Use the shared templates from microsoft/vscode-azuretools
+    - repository: azExtTemplates
+      type: github
+      name: microsoft/vscode-azuretools
+      ref: bmw/pipelinesv2_2 # TODO: update to final branch
+      endpoint: GitHub-AzureTools # The service connection to use when accessing this repository
+
+variables:
+  # Pick up shared AZCode variables
+  - template: azdo-pipelines/azcode.variables.yml@azExtTemplates
+  - name: TeamName
+    value: "Container Tools Team" # Required for MicroBuild signing and telemetry
+
+extends:
+  template: azdo-pipelines/1es-mb-release-extension.yml@azExtTemplates # Use the extension release template
+  parameters:
+    packageToPublish: vscode-containers
+    publishVersion: ${{ parameters.publishVersion }}
+    dryRun: ${{ parameters.dryRun }}
+    releaseServiceConnection: ${{ variables.extensionReleaseServiceConnection }}
+    releaseApprovalEnvironment: VSCodeDockerExtensionPublish
diff --git a/.azure-pipelines/compliance/tsaoptions.json b/.config/tsaoptions.json
similarity index 96%
rename from .azure-pipelines/compliance/tsaoptions.json
rename to .config/tsaoptions.json
index 9dc3dd60..82613ce4 100644
--- a/.azure-pipelines/compliance/tsaoptions.json
+++ b/.config/tsaoptions.json
@@ -1,14 +1,14 @@
-{
-    "tsaVersion": "TsaV2",
-    "codeBase": "NewOrUpdate",
-    "codeBaseName": "vscode-containers",
-    "tsaStamp": "DevDiv",
-    "notificationAliases": [
-        "DockerToolsTeam@microsoft.com"
-    ],
-    "instanceUrl": "https://devdiv.visualstudio.com",
-    "projectName": "DevDiv",
-    "areaPath": "DevDiv\\VS Azure Tools\\Container Tools",
-    "iterationPath": "DevDiv",
-    "allTools": true
-}
+{
+    "tsaVersion": "TsaV2",
+    "codeBase": "NewOrUpdate",
+    "codeBaseName": "vscode-containers",
+    "tsaStamp": "DevDiv",
+    "notificationAliases": [
+        "DockerToolsTeam@microsoft.com"
+    ],
+    "instanceUrl": "https://devdiv.visualstudio.com",
+    "projectName": "DevDiv",
+    "areaPath": "DevDiv\\VS Azure Tools\\Container Tools",
+    "iterationPath": "DevDiv",
+    "allTools": true
+}
diff --git a/.vscodeignore b/.vscodeignore
index 7f9c00cb..7bf7b7de 100644
--- a/.vscodeignore
+++ b/.vscodeignore
@@ -1,4 +1,4 @@
-.azure-pipelines/**
+.config/**
 .github/**
 .gitattributes
 .gitignore