At the moment, we formally closed the doorways on any new Azure DevOps OAuth app registrations.
As we put together for the end-of-life for Azure DevOps OAuth apps in 2026, we’ll start outreach to have interaction present app house owners and assist them by means of the migration course of to make use of the Microsoft Identification platform as an alternative for future app improvement with Azure DevOps. This platform, used throughout Microsoft groups, can entry the identical Azure DevOps REST APIs, with the additional advantage of ongoing common funding and extra safety controls accessible to firm admins. We’ve collected a listing of useful assets from Microsoft Entra docs to assist you on this migration effort.
We may even start repeatedly eradicating apps with secrets and techniques which have expired greater than six months in the past (180 days in the past). App house owners of those inactive apps might be knowledgeable and if there’s any additional want for the app registration between now and Azure DevOps OAuth’s end-of-life in 2026, you might be requested to rotate the app secret earlier than April 30.
Lastly, we’ll even be reaching out to app house owners of apps with long-lasting secrets and techniques. Now with our new overlapping secrets and techniques function, apps with long-lasting secrets and techniques have a downtime-free strategy to repeatedly rotate their secrets and techniques and transfer away from unnecessarily long-living secrets and techniques. We advocate all app house owners construct a secret rotation move into their app code. Not solely is that this good app safety follow, all new Azure DevOps OAuth app secrets and techniques will now default to a 60-day secret lifespan.
