diff --git a/.pipelines/onebranch/pipeline.bootstrapper.official.yml b/.pipelines/onebranch/pipeline.bootstrapper.official.yml
index 186ae4d78bb..72dc01c9f31 100644
--- a/.pipelines/onebranch/pipeline.bootstrapper.official.yml
+++ b/.pipelines/onebranch/pipeline.bootstrapper.official.yml
@@ -34,6 +34,9 @@ extends:
       #  enabled: true # SDL results of non-official builds aren't uploaded to TSA by default.
       # credscan:
       #   suppressionsFile: $(Build.SourcesDirectory)\.config\CredScanSuppressions.json
+      disableLegacyManifest: true
+      sbom:
+        enabled: true
       policheck:
         break: true # always break the build on policheck issues. You can disable it by setting to 'false'
       suppression:
diff --git a/.pipelines/onebranch/pipeline.bootstrapper.pullrequest.yml b/.pipelines/onebranch/pipeline.bootstrapper.pullrequest.yml
index c8db158f27a..b7825d4e42f 100644
--- a/.pipelines/onebranch/pipeline.bootstrapper.pullrequest.yml
+++ b/.pipelines/onebranch/pipeline.bootstrapper.pullrequest.yml
@@ -42,6 +42,9 @@ extends:
       #  enabled: true # SDL results of non-official builds aren't uploaded to TSA by default.
       # credscan:
       #   suppressionsFile: $(Build.SourcesDirectory)\.config\CredScanSuppressions.json
+      disableLegacyManifest: true
+      sbom:
+        enabled: true
       policheck:
         break: true # always break the build on policheck issues. You can disable it by setting to 'false'
       suppression:
diff --git a/.pipelines/onebranch/pipeline.buildrp.official.yml b/.pipelines/onebranch/pipeline.buildrp.official.yml
index 09f4e46d0de..17e2d23021d 100644
--- a/.pipelines/onebranch/pipeline.buildrp.official.yml
+++ b/.pipelines/onebranch/pipeline.buildrp.official.yml
@@ -37,6 +37,9 @@ extends:
       #  enabled: true # SDL results of non-official builds aren't uploaded to TSA by default.
       # credscan:
       #   suppressionsFile: $(Build.SourcesDirectory)\.config\CredScanSuppressions.json
+      disableLegacyManifest: true
+      sbom:
+        enabled: true
       policheck:
         break: true # always break the build on policheck issues. You can disable it by setting to 'false'
       suppression:
diff --git a/.pipelines/onebranch/pipeline.buildrp.pullrequest.yml b/.pipelines/onebranch/pipeline.buildrp.pullrequest.yml
index a1098397d13..5e64a596529 100644
--- a/.pipelines/onebranch/pipeline.buildrp.pullrequest.yml
+++ b/.pipelines/onebranch/pipeline.buildrp.pullrequest.yml
@@ -37,6 +37,9 @@ extends:
       #  enabled: true # SDL results of non-official builds aren't uploaded to TSA by default.
       # credscan:
       #   suppressionsFile: $(Build.SourcesDirectory)\.config\CredScanSuppressions.json
+      disableLegacyManifest: true
+      sbom:
+        enabled: true
       policheck:
         break: true # always break the build on policheck issues. You can disable it by setting to 'false'
       suppression:
diff --git a/.pipelines/onebranch/pipeline.logging.geneva.bootstrapper.pullrequest.yml b/.pipelines/onebranch/pipeline.logging.geneva.bootstrapper.pullrequest.yml
index 9b4b06cf7f1..a6a32cd2fed 100644
--- a/.pipelines/onebranch/pipeline.logging.geneva.bootstrapper.pullrequest.yml
+++ b/.pipelines/onebranch/pipeline.logging.geneva.bootstrapper.pullrequest.yml
@@ -37,6 +37,9 @@ extends:
       #  enabled: true # SDL results of non-official builds aren't uploaded to TSA by default.
       # credscan:
       #   suppressionsFile: $(Build.SourcesDirectory)\.config\CredScanSuppressions.json
+      disableLegacyManifest: true
+      sbom:
+        enabled: true
       policheck:
         break: true # always break the build on policheck issues. You can disable it by setting to 'false'
       suppression:
diff --git a/.pipelines/onebranch/pipeline.logging.geneva.pullrequest.yml b/.pipelines/onebranch/pipeline.logging.geneva.pullrequest.yml
index e6541a8afb3..8fa0a38cf88 100644
--- a/.pipelines/onebranch/pipeline.logging.geneva.pullrequest.yml
+++ b/.pipelines/onebranch/pipeline.logging.geneva.pullrequest.yml
@@ -37,6 +37,9 @@ extends:
       #  enabled: true # SDL results of non-official builds aren't uploaded to TSA by default.
       # credscan:
       #   suppressionsFile: $(Build.SourcesDirectory)\.config\CredScanSuppressions.json
+      disableLegacyManifest: true
+      sbom:
+        enabled: true
       policheck:
         break: true # always break the build on policheck issues. You can disable it by setting to 'false'
       suppression:
diff --git a/.pipelines/onebranch/pipeline.logging.kusto.pullrequest.yml b/.pipelines/onebranch/pipeline.logging.kusto.pullrequest.yml
index 04674bb2fd1..1ba41811656 100644
--- a/.pipelines/onebranch/pipeline.logging.kusto.pullrequest.yml
+++ b/.pipelines/onebranch/pipeline.logging.kusto.pullrequest.yml
@@ -37,6 +37,9 @@ extends:
       #  enabled: true # SDL results of non-official builds aren't uploaded to TSA by default.
       # credscan:
       #   suppressionsFile: $(Build.SourcesDirectory)\.config\CredScanSuppressions.json
+      disableLegacyManifest: true
+      sbom:
+        enabled: true
       policheck:
         break: true # always break the build on policheck issues. You can disable it by setting to 'false'
       suppression: