diff --git a/.github/actions/submodule-release-updater/action.yml b/.github/actions/submodule-release-updater/action.yml
index 8641094d..0cabd4db 100644
--- a/.github/actions/submodule-release-updater/action.yml
+++ b/.github/actions/submodule-release-updater/action.yml
@@ -1,9 +1,19 @@
 # A GitHub action to create pull requests for new releases of submodules in a repository.
 #
+# NOTE: This file is automatically synchronized from Mu DevOps. Update the original file there
+#       instead of the file in this repo.
+#
+# - Mu DevOps Repo: https://github.com/microsoft/mu_devops
+# - File Sync Settings: https://github.com/microsoft/mu_devops/blob/main/.sync/Files.yml
+#
 # Copyright (c) Microsoft Corporation.
 # SPDX-License-Identifier: BSD-2-Clause-Patent
 #
 
+# NOTE: Because this pipeline YAML file is a Nunjucks template, the pipeline syntax of `{{}}` will conflict with
+#       Nunjucks style. Surround pipeline YAML code that uses `{{}}` within `raw` and `endraw` tags
+#       to allow it to pass through Nunjucks processing.
+
 name: 'Submodule Release Updater'
 
 description: 'Checks if new releases are available for submodules and creates pull requests to update them.'
@@ -423,3 +433,4 @@ runs:
 
         with open(os.environ['GITHUB_OUTPUT'], 'a') as fh:
             print(f'submodule-update-count={submodule_update_count}', file=fh)
+
diff --git a/.github/workflows/auto-approve.yml b/.github/workflows/auto-approve.yml
index 4c5bc6e3..1f4e5ea1 100644
--- a/.github/workflows/auto-approve.yml
+++ b/.github/workflows/auto-approve.yml
@@ -29,5 +29,5 @@ jobs:
 
     if: |
       github.event.pull_request.user.login == 'dependabot[bot]' || github.event.pull_request.user.login == 'uefibot'
-    uses: microsoft/mu_devops/.github/workflows/AutoApprover.yml@v12.0.2
+    uses: microsoft/mu_devops/.github/workflows/AutoApprover.yml@v12.2.0
     secrets: inherit
diff --git a/.github/workflows/auto-merge.yml b/.github/workflows/auto-merge.yml
index 4540ef8a..c1b3184f 100644
--- a/.github/workflows/auto-merge.yml
+++ b/.github/workflows/auto-merge.yml
@@ -32,5 +32,5 @@ jobs:
 
     if: |
       github.event.pull_request.user.login == 'dependabot[bot]' || github.event.pull_request.user.login == 'uefibot'
-    uses: microsoft/mu_devops/.github/workflows/AutoMerger.yml@v12.0.2
+    uses: microsoft/mu_devops/.github/workflows/AutoMerger.yml@v12.2.0
     secrets: inherit
diff --git a/.github/workflows/label-sync.yml b/.github/workflows/label-sync.yml
index 3f9599c4..06c30d31 100644
--- a/.github/workflows/label-sync.yml
+++ b/.github/workflows/label-sync.yml
@@ -28,4 +28,4 @@ jobs:
     permissions:
       issues: write
 
-    uses: microsoft/mu_devops/.github/workflows/LabelSyncer.yml@v12.0.2
+    uses: microsoft/mu_devops/.github/workflows/LabelSyncer.yml@v12.2.0
diff --git a/.github/workflows/release-draft.yml b/.github/workflows/release-draft.yml
index 65666635..269a0867 100644
--- a/.github/workflows/release-draft.yml
+++ b/.github/workflows/release-draft.yml
@@ -32,5 +32,5 @@ jobs:
       contents: write
       pull-requests: write
 
-    uses: microsoft/mu_devops/.github/workflows/ReleaseDrafter.yml@v12.0.2
+    uses: microsoft/mu_devops/.github/workflows/ReleaseDrafter.yml@v12.2.0
     secrets: inherit
diff --git a/.github/workflows/stale-leaf.yml b/.github/workflows/stale-leaf.yml
index b4b9fb86..f155bf8b 100644
--- a/.github/workflows/stale-leaf.yml
+++ b/.github/workflows/stale-leaf.yml
@@ -29,4 +29,4 @@ jobs:
       issues: write
       pull-requests: write
 
-    uses: microsoft/mu_devops/.github/workflows/Stale.yml@v12.0.2
+    uses: microsoft/mu_devops/.github/workflows/Stale.yml@v12.2.0
diff --git a/Containers/Ubuntu-22/Dockerfile b/Containers/Ubuntu-22/Dockerfile
index 5a0de86d..f0da81f7 100644
--- a/Containers/Ubuntu-22/Dockerfile
+++ b/Containers/Ubuntu-22/Dockerfile
@@ -11,6 +11,10 @@
 #  SPDX-License-Identifier: BSD-2-Clause-Patent
 #
 
+# NOTE: Because this pipeline YAML file is a Nunjucks template, the pipeline syntax of `{{}}` will conflict with
+#       Nunjucks style. Surround pipeline YAML code that uses `{{}}` within `raw` and `endraw` tags
+#       to allow it to pass through Nunjucks processing.
+
 #
 # The build container layer is intended for pipeline use and is the minimal set
 # of tools required for building Project MU.
@@ -42,6 +46,8 @@ RUN apt-get update && \
         curl \
         flex \
         git \
+        gnupg \
+        gnupg2 \
         lcov \
         jq \
         m4 \
@@ -49,16 +55,20 @@ RUN apt-get update && \
         mono-complete \
         nasm \
         npm \
-        python3 \
-        python3-pip \
-        python3-venv \
         software-properties-common \
         sudo \
         unzip \
         uuid-dev \
         wget \
         && \
+    apt-get update && \
+    apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys F23C5A6CF475977595C89F51BA6932366A755776 && \
+    add-apt-repository ppa:deadsnakes/ppa -y && \
+    apt-get update && \
     apt-get install --yes --no-install-recommends \
+        python3.12 \
+        python3.12-distutils \
+        python3.12-venv \
         g++-${GCC_MAJOR_VERSION} gcc-${GCC_MAJOR_VERSION} \
         gcc-${GCC_MAJOR_VERSION}-x86-64-linux-gnux32 \
         gcc-${GCC_MAJOR_VERSION}-aarch64-linux-gnu \
@@ -66,6 +76,10 @@ RUN apt-get update && \
         gcc-${GCC_MAJOR_VERSION}-arm-linux-gnueabi \
         gcc-${GCC_MAJOR_VERSION}-arm-linux-gnueabihf \
         && \
+    curl -O https://bootstrap.pypa.io/get-pip.py && \
+    python3.12 get-pip.py && \
+    python3.12 -m pip install --upgrade setuptools && \
+    rm get-pip.py && \
     apt-get upgrade -y && \
     apt-get clean && \
     rm -rf /var/lib/apt/lists/*
@@ -129,10 +143,11 @@ RUN mkdir cargo_downloads && \
 # Alternatives
 #
 
+
 RUN update-alternatives \
-      --install /usr/bin/python python /usr/bin/python3.10 1 && \
+      --install /usr/bin/python python /usr/bin/python3.12 1 && \
     update-alternatives \
-      --install /usr/bin/python3 python3 /usr/bin/python3.10 1 && \
+      --install /usr/bin/python3 python3 /usr/bin/python3.12 1 && \
     update-alternatives \
       --install /usr/bin/gcc gcc /usr/bin/gcc-${GCC_MAJOR_VERSION} 100 \
       --slave /usr/bin/g++ g++ /usr/bin/g++-${GCC_MAJOR_VERSION} \
@@ -213,3 +228,4 @@ RUN apt-get update && \
         less \
         && \
     apt-get clean
+
diff --git a/Steps/SetupPythonPreReqs.yml b/Steps/SetupPythonPreReqs.yml
index 6487b471..37bd6561 100644
--- a/Steps/SetupPythonPreReqs.yml
+++ b/Steps/SetupPythonPreReqs.yml
@@ -1,10 +1,20 @@
 ## @file
 # Azure Pipelines step to setup Python pre-requisites.
 #
+# NOTE: This file is automatically synchronized from Mu DevOps. Update the original file there
+#       instead of the file in this repo.
+#
+# - Mu DevOps Repo: https://github.com/microsoft/mu_devops
+# - File Sync Settings: https://github.com/microsoft/mu_devops/blob/main/.sync/Files.yml
+#
 # Copyright (c) Microsoft Corporation. All rights reserved.
 # SPDX-License-Identifier: BSD-2-Clause-Patent
 ##
 
+# NOTE: Because this pipeline YAML file is a Nunjucks template, the pipeline syntax of `{{}}` will conflict with
+#       Nunjucks style. Surround pipeline YAML code that uses `{{}}` within `raw` and `endraw` tags
+#       to allow it to pass through Nunjucks processing.
+
 parameters:
 - name: install_pip_modules
   displayName: Install PIP Modules
@@ -24,7 +34,7 @@ steps:
 - ${{ if eq(parameters.install_python, true) }}:
   - task: UsePythonVersion@0
     inputs:
-      versionSpec: "3.12"
+      versionSpec: 3.12
       architecture: x64
 
 - ${{ if eq(parameters.install_pip_modules, true) }}: