diff --git a/.azure-pipelines/compliance/CredScanSuppressions.json b/.azure-pipelines/compliance/CredScanSuppressions.json
deleted file mode 100644
index a04c7ae3..00000000
--- a/.azure-pipelines/compliance/CredScanSuppressions.json
+++ /dev/null
@@ -1,10 +0,0 @@
-// More info at https://eng.ms/docs/microsoft-security/security/azure-security/cloudai-security-fundamentals-engineering/cred-bot-trinity/credential-risk-exposure-defense/troubleshoot_guides/local-suppressions
-{
-    "tool": "Credential Scanner",
-    "suppressions": [
-        {
-            "hash": "w/yYaqoTFu/NCkKHDlTys3CUaiD1oUfPeYtWpI04Bws=",
-            "_justification": "This code is adding an auth header to a request, it is not a secret."
-        }
-    ]
-}
diff --git a/.azure-pipelines/compliance/PoliCheckExclusions.xml b/.azure-pipelines/compliance/PoliCheckExclusions.xml
deleted file mode 100644
index 564475e2..00000000
--- a/.azure-pipelines/compliance/PoliCheckExclusions.xml
+++ /dev/null
@@ -1,11 +0,0 @@
-<PoliCheckExclusions>
-    <!-- More info at https://eng.ms/docs/microsoft-security/security/azure-security/cloudai-security-fundamentals-engineering/security-integration/guardian-wiki/sdl-azdo-extension/policheck-build-task#excluding-files-or-folders-from-the-policheck-scan -->
-    <!--Each of these exclusions is a folder name -if \[name]\exists in the file path, it will be skipped -->
-    <Exclusion Type="FolderPathFull">NODE_MODULES|BACKUPTEMPLATES|.VSCODE-TEST|DIST</Exclusion>
-    <!--Each of these exclusions is a folder name -if any folder or file starts with "\[name]", it will be skipped -->
-    <!--<Exclusion Type="FolderPathStart">ABC|XYZ</Exclusion>-->
-    <!--Each of these file types will be completely skipped for the entire scan -->
-    <!--<Exclusion Type="FileType">.ABC|.XYZ</Exclusion>-->
-    <!--The specified file names will be skipped during the scan regardless which folder they are in -->
-    <Exclusion Type="FileName">NOTICE.HTML</Exclusion>
-</PoliCheckExclusions>
diff --git a/.azure-pipelines/release-npm.yml b/.azure-pipelines/release-npm.yml
deleted file mode 100644
index d3c2a735..00000000
--- a/.azure-pipelines/release-npm.yml
+++ /dev/null
@@ -1,42 +0,0 @@
-trigger: none # Disable the branch trigger
-pr: none # Disable PR trigger
-
-# Choose a package to publish at the time of job creation
-parameters:
-  - name: packageToPublish
-    displayName: Package to Publish
-    type: string
-    values:
-      - microsoft-vscode-processutils
-      - microsoft-vscode-container-client
-      - microsoft-vscode-docker-registries
-      - microsoft-vscode-inproc-mcp
-  - name: publishVersion
-    displayName: Publish Version
-    type: string
-  - name: dryRun
-    displayName: Dry Run
-    type: boolean
-    default: false
-
-# Grab the base templates from https://github.com/microsoft/vscode-azuretools/tree/main/azure-pipelines
-resources:
-  repositories:
-    - repository: templates
-      type: github
-      name: microsoft/vscode-azuretools
-      ref: main
-      endpoint: GitHub-AzureTools
-  pipelines:
-    - pipeline: build # This must be "build"
-      source: \Azure Tools\VSCode\Packages\vscode-docker-extensibility # name of the pipeline that produces the artifacts
-
-# Use those base templates
-extends:
-  template: azure-pipelines/1es-release-npm.yml@templates
-  parameters:
-    packageToPublish: ${{ parameters.packageToPublish }}
-    publishVersion: ${{ parameters.publishVersion }}
-    dryRun: ${{ parameters.dryRun }}
-    OwnerAlias: "devinb"
-    ApproverAlias: "bwater"
diff --git a/.azure-pipelines/1esmain.yml b/.config/build.yml
similarity index 65%
rename from .azure-pipelines/1esmain.yml
rename to .config/build.yml
index c8554075..b89af2a8 100644
--- a/.azure-pipelines/1esmain.yml
+++ b/.config/build.yml
@@ -1,36 +1,34 @@
-# Trigger the build whenever `main` or `rel/*` is updated
-trigger:
-  - main
-  - rel/*
-
-# Disable PR trigger
-pr: none
-
-# Scheduled nightly build of `main`
-schedules:
-  - cron: "0 0 * * *"
-    displayName: Nightly scheduled build
-    always: false # Don't rebuild if there haven't been changes
-    branches:
-      include:
-        - main
-
-# `resources` specifies the location of templates to pick up, use it to get AzExt templates
-resources:
-  repositories:
-    - repository: azExtTemplates
-      type: github
-      name: microsoft/vscode-azuretools
-      ref: main
-      endpoint: GitHub-AzureTools # The service connection to use when accessing this repository
-
-variables:
-  # Required by MicroBuild template
-  - name: TeamName
-    value: "Container Tools Team"
-
-# Use those templates
-extends:
-  template: azure-pipelines/1esmain.yml@azExtTemplates
-  parameters:
-    enableSigning: false
+# Trigger the build whenever `main` or `rel/*` is updated
+trigger:
+  - main
+  - rel/*
+
+# Disable PR trigger
+pr: none
+
+# Scheduled nightly build of `main`
+schedules:
+  - cron: "0 0 * * *"
+    displayName: Nightly scheduled build
+    always: false # Don't rebuild if there haven't been changes
+    branches:
+      include:
+        - main
+
+resources:
+  repositories:
+    # Use the shared templates from microsoft/vscode-azuretools
+    - repository: azExtTemplates
+      type: github
+      name: microsoft/vscode-azuretools
+      ref: bmw/pipelinesv2_2 # TODO: update to final branch
+      endpoint: GitHub-AzureTools # The service connection to use when accessing this repository
+
+variables:
+  - name: TeamName
+    value: "Container Tools Team" # Required for MicroBuild signing and telemetry
+
+extends:
+  template: azdo-pipelines/1es-mb-main.yml@azExtTemplates # Use the main build template
+  parameters:
+    signType: none
diff --git a/.config/release.yml b/.config/release.yml
new file mode 100644
index 00000000..2c3e5449
--- /dev/null
+++ b/.config/release.yml
@@ -0,0 +1,53 @@
+# Only run this pipeline when manually triggered
+trigger: none
+pr: none
+
+parameters:
+  # Choose a package to publish at the time of job creation
+  - name: packageToPublish
+    displayName: Package to publish
+    type: string
+    values:
+      - microsoft-vscode-processutils
+      - microsoft-vscode-container-client
+      - microsoft-vscode-docker-registries
+      - microsoft-vscode-inproc-mcp
+  # The version to publish--used for ensuring the expected version is published
+  - name: publishVersion
+    displayName: Version to publish
+    type: string
+  # Whether to do a dry run (i.e., not actually publish)
+  - name: dryRun
+    displayName: Dry run
+    type: boolean
+    default: false
+
+resources:
+  pipelines:
+    # Reference the build pipeline to get the artifacts
+    - pipeline: build # This must be "build"
+      source: \Azure Tools\VSCode\Packages\vscode-docker-extensibility # Name of the pipeline that produces the artifacts
+  repositories:
+    # Use the shared templates from microsoft/vscode-azuretools
+    - repository: azExtTemplates
+      type: github
+      name: microsoft/vscode-azuretools
+      ref: bmw/pipelinesv2_2 # TODO: update to final branch
+      endpoint: GitHub-AzureTools # The service connection to use when accessing this repository
+
+variables:
+  # Pick up shared AZCode variables
+  - template: azdo-pipelines/azcode.variables.yml@azExtTemplates
+  - name: TeamName
+    value: "Container Tools Team" # Required for MicroBuild signing and telemetry
+
+extends:
+  template: azdo-pipelines/1es-mb-release-npm.yml@azExtTemplates # Use the NPM release template
+  parameters:
+    packageToPublish: ${{ parameters.packageToPublish }}
+    publishVersion: ${{ parameters.publishVersion }}
+    dryRun: ${{ parameters.dryRun }}
+    ownerAliases: ${{ variables.npmReleaseOwnerAliases }}
+    approverAliases: ${{ variables.npmReleaseApproverAliases }}
+    gitHubServiceConnection: ${{ variables.gitHubServiceConnection }}
+    releaseApprovalEnvironment: VSCodeDockerExtensionPublish
diff --git a/.azure-pipelines/compliance/tsaoptions.json b/.config/tsaoptions.json
similarity index 96%
rename from .azure-pipelines/compliance/tsaoptions.json
rename to .config/tsaoptions.json
index 30552aa5..c3df8067 100644
--- a/.azure-pipelines/compliance/tsaoptions.json
+++ b/.config/tsaoptions.json
@@ -1,14 +1,14 @@
-{
-    "tsaVersion": "TsaV2",
-    "codeBase": "NewOrUpdate",
-    "codeBaseName": "vscode-docker-extensibility",
-    "tsaStamp": "DevDiv",
-    "notificationAliases": [
-        "DockerToolsTeam@microsoft.com"
-    ],
-    "instanceUrl": "https://devdiv.visualstudio.com",
-    "projectName": "DevDiv",
-    "areaPath": "DevDiv\\VS Azure Tools\\Container Tools",
-    "iterationPath": "DevDiv",
-    "allTools": true
-}
+{
+    "tsaVersion": "TsaV2",
+    "codeBase": "NewOrUpdate",
+    "codeBaseName": "vscode-docker-extensibility",
+    "tsaStamp": "DevDiv",
+    "notificationAliases": [
+        "DockerToolsTeam@microsoft.com"
+    ],
+    "instanceUrl": "https://devdiv.visualstudio.com",
+    "projectName": "DevDiv",
+    "areaPath": "DevDiv\\VS Azure Tools\\Container Tools",
+    "iterationPath": "DevDiv",
+    "allTools": true
+}