diff --git a/.azurepipelines/MuDevOpsWrapper.yml b/.azurepipelines/MuDevOpsWrapper.yml
index 8556e1b4cc..a1babf8890 100644
--- a/.azurepipelines/MuDevOpsWrapper.yml
+++ b/.azurepipelines/MuDevOpsWrapper.yml
@@ -19,7 +19,7 @@ resources:
       type: github
       endpoint: microsoft
       name: microsoft/mu_devops
-      ref: refs/tags/v7.2.0
+      ref: refs/tags/v9.1.1
 
 parameters:
 - name: do_ci_build
@@ -42,13 +42,6 @@ parameters:
   displayName: Perform Stuart PR Evaluation
   type: boolean
   default: true
-- name: calculate_code_coverage
-  displayName: Calculate Code Coverage From Unit Tests
-  default: false
-- name: coverage_publish_target
-  displayName: Code Coverage Publish Target
-  type: string
-  default: 'ado' # 'ado', 'codecov'
 - name: container_build
   displayName: Flag for whether this repo should do stuart_setup
   type: boolean
@@ -95,8 +88,6 @@ jobs:
     do_ci_build: ${{ parameters.do_ci_build }}
     do_ci_setup: ${{ parameters.do_ci_setup }}
     do_pr_eval: ${{ parameters.do_pr_eval }}
-    calculate_code_coverage: ${{ parameters.calculate_code_coverage }}
-    coverage_publish_target: ${{ parameters.coverage_publish_target }}
     do_non_ci_setup: ${{ parameters.do_non_ci_setup }}
     do_non_ci_build: ${{ parameters.do_non_ci_build }}
     build_matrix: ${{ parameters.build_matrix }}
diff --git a/.azurepipelines/Ubuntu-GCC5.yml b/.azurepipelines/Ubuntu-GCC5.yml
index 550026ee8e..e299a2d476 100644
--- a/.azurepipelines/Ubuntu-GCC5.yml
+++ b/.azurepipelines/Ubuntu-GCC5.yml
@@ -17,6 +17,7 @@
 variables:
 - group: architectures-arm-64-x86-64
 - group: tool-chain-ubuntu-gcc
+- group: coverage
 
 extends:
   template: MuDevOpsWrapper.yml
diff --git a/.azurepipelines/Windows-VS.yml b/.azurepipelines/Windows-VS.yml
index c6abec3468..0bc7e1fd4d 100644
--- a/.azurepipelines/Windows-VS.yml
+++ b/.azurepipelines/Windows-VS.yml
@@ -17,6 +17,7 @@
 variables:
 - group: architectures-x86-64
 - group: tool-chain-windows-visual-studio-latest
+- group: coverage
 
 extends:
   template: MuDevOpsWrapper.yml
diff --git a/.github/workflows/auto-approve.yml b/.github/workflows/auto-approve.yml
index f136045896..fa4340652e 100644
--- a/.github/workflows/auto-approve.yml
+++ b/.github/workflows/auto-approve.yml
@@ -23,7 +23,11 @@ on:
 
 jobs:
   approval_check:
+
+    permissions:
+      pull-requests: write
+
     if: |
       github.event.pull_request.user.login == 'dependabot[bot]' || github.event.pull_request.user.login == 'uefibot'
-    uses: microsoft/mu_devops/.github/workflows/AutoApprover.yml@v7.2.0
+    uses: microsoft/mu_devops/.github/workflows/AutoApprover.yml@v9.1.1
     secrets: inherit
diff --git a/.github/workflows/auto-merge.yml b/.github/workflows/auto-merge.yml
index dd835308cc..dc4b1fe392 100644
--- a/.github/workflows/auto-merge.yml
+++ b/.github/workflows/auto-merge.yml
@@ -24,7 +24,13 @@ on:
 
 jobs:
   merge_check:
+
+    permissions:
+      contents: read
+      pull-requests: write
+      issues: write
+
     if: |
       github.event.pull_request.user.login == 'dependabot[bot]' || github.event.pull_request.user.login == 'uefibot'
-    uses: microsoft/mu_devops/.github/workflows/AutoMerger.yml@v7.2.0
+    uses: microsoft/mu_devops/.github/workflows/AutoMerger.yml@v9.1.1
     secrets: inherit
diff --git a/.github/workflows/issue-assignment.yml b/.github/workflows/issue-assignment.yml
index 65d93fed26..f3b2367a6f 100644
--- a/.github/workflows/issue-assignment.yml
+++ b/.github/workflows/issue-assignment.yml
@@ -18,4 +18,9 @@ on:
 
 jobs:
   apply:
-    uses: microsoft/mu_devops/.github/workflows/IssueAssignment.yml@v7.2.0
+
+    permissions:
+      contents: read
+      issues: write
+
+    uses: microsoft/mu_devops/.github/workflows/IssueAssignment.yml@v9.1.1
diff --git a/.github/workflows/label-issues.yml b/.github/workflows/label-issues.yml
index 739549e922..f5706cc641 100644
--- a/.github/workflows/label-issues.yml
+++ b/.github/workflows/label-issues.yml
@@ -31,4 +31,9 @@ on:
 
 jobs:
   apply:
-    uses: microsoft/mu_devops/.github/workflows/Labeler.yml@v7.2.0
+
+    permissions:
+      contents: read
+      pull-requests: write
+
+    uses: microsoft/mu_devops/.github/workflows/Labeler.yml@v9.1.1
diff --git a/.github/workflows/label-sync.yml b/.github/workflows/label-sync.yml
index 9289e064ce..c551f4022b 100644
--- a/.github/workflows/label-sync.yml
+++ b/.github/workflows/label-sync.yml
@@ -24,4 +24,8 @@ on:
 
 jobs:
   sync:
-    uses: microsoft/mu_devops/.github/workflows/LabelSyncer.yml@v7.2.0
+
+    permissions:
+      issues: write
+
+    uses: microsoft/mu_devops/.github/workflows/LabelSyncer.yml@v9.1.1
diff --git a/.github/workflows/pull-request-formatting-validator.yml b/.github/workflows/pull-request-formatting-validator.yml
index 13ad68a915..ea405cb6a6 100644
--- a/.github/workflows/pull-request-formatting-validator.yml
+++ b/.github/workflows/pull-request-formatting-validator.yml
@@ -23,6 +23,11 @@ on:
 jobs:
   validate_pr:
     runs-on: ubuntu-latest
+
+    permissions:
+      contents: read
+      pull-requests: write
+
     steps:
       - run: |
           prTitle="$(gh api graphql -F owner=$OWNER -F name=$REPO -F pr_number=$PR_NUMBER -f query='
@@ -48,7 +53,7 @@ jobs:
 
       - name: Check for Validation Errors
         if: env.VALIDATION_ERROR
-        uses: actions/github-script@v7
+        uses: actions/github-script@v6
         with:
           script: |
             core.setFailed('PR Formatting Validation Check Failed!')
diff --git a/.github/workflows/release-draft.yml b/.github/workflows/release-draft.yml
index ad79b83d8b..45c294ccd2 100644
--- a/.github/workflows/release-draft.yml
+++ b/.github/workflows/release-draft.yml
@@ -27,5 +27,10 @@ on:
 
 jobs:
   draft:
-    uses: microsoft/mu_devops/.github/workflows/ReleaseDrafter.yml@v7.2.0
+
+    permissions:
+      contents: write
+      pull-requests: write
+
+    uses: microsoft/mu_devops/.github/workflows/ReleaseDrafter.yml@v9.1.1
     secrets: inherit
diff --git a/.github/workflows/scheduled-maintenance.yml b/.github/workflows/scheduled-maintenance.yml
index 348f4a4ae8..eef4487f8d 100644
--- a/.github/workflows/scheduled-maintenance.yml
+++ b/.github/workflows/scheduled-maintenance.yml
@@ -24,6 +24,11 @@ on:
 jobs:
   repo_cleanup:
     runs-on: ubuntu-latest
+
+    permissions:
+      pull-requests: write
+      issues: write
+
     steps:
       - name: Get Repository Info
         run: echo "REPOSITORY_NAME=${GITHUB_REPOSITORY#*/}" >> $GITHUB_ENV
diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml
index 79087d5f79..eaa5419b17 100644
--- a/.github/workflows/stale.yml
+++ b/.github/workflows/stale.yml
@@ -24,4 +24,9 @@ on:
 
 jobs:
   check:
-    uses: microsoft/mu_devops/.github/workflows/Stale.yml@v7.2.0
+
+    permissions:
+      issues: write
+      pull-requests: write
+
+    uses: microsoft/mu_devops/.github/workflows/Stale.yml@v9.1.1
diff --git a/.github/workflows/triage-issues.yml b/.github/workflows/triage-issues.yml
index 276e64b362..3d0636e84a 100644
--- a/.github/workflows/triage-issues.yml
+++ b/.github/workflows/triage-issues.yml
@@ -19,4 +19,8 @@ on:
 
 jobs:
   triage:
-    uses: microsoft/mu_devops/.github/workflows/IssueTriager.yml@v7.2.0
+
+    permissions:
+      issues: write
+
+    uses: microsoft/mu_devops/.github/workflows/IssueTriager.yml@v9.1.1