Share via

Azure DevOps org doesn't get linked into Defender for Cloud via devops connector ( yes - i've followed all instructions + troubleshooting steps)

Mihai 20 Reputation points
2025-06-04T19:24:28.4266667+00:00

Hi,

It seems that I've run into the issue where the Azure DevOps org doesn't get linked back into the Defender for Cloud:

  • i checked all the pre-requisites on both sides of the setup - Azure DevOps and Defender for Cloud
  • both apps show the correct tenant + subscriptions
  • checked and validated permissions on both apps for the user
  • Azure DevOps policies have 3rd party OAuth enabled
  • checked FAQs, troubleshooting guides and the existing Q&As
  • pipeline run succesfully and artifact published with msdo.sarif showing published

Everything seeme to be in the right place it's just that Defender for cloud doesn't get the security scans results and the connector shows on empty list for existing azure devops orgs.

Any ideas are greatly appreciated.

Thank you,

Mihai

Microsoft Security | Microsoft Defender | Microsoft Defender for Cloud
0 comments
Accepted answer
  1. Jose Benjamin Solis Nolasco 3,431 Reputation points
    2025-06-04T20:04:45.71+00:00

    Hello Mihai. I hope you are doing well,

    Did you try to redeploy it? Please follow this guide and this check list may help you...

    (Official Documentation) https://learn.microsoft.com/en-us/azure/defender-for-cloud/quickstart-onboard-devops

    1. Same Azure Tenant Ensure Azure DevOps org and Azure subscription are in the same tenant. If not, Defender for Cloud won't detect the org correctly.
    2. Required Permissions
      • You must be a Project Collection Administrator in Azure DevOps.
      • You must have Contributor and preferably Security Admin roles in Azure for the subscription where Defender for Cloud is enabled.
    3. Third-party OAuth Access
      • Confirm that third-party OAuth access is enabled in the Azure DevOps organization under Organization settings > Policies.
    4. Avoid Preview Portals
      • Make sure you're using the standard Azure portal, not a preview or private version.
    5. Correct Account During Authorization
      • During the DevOps connector setup in Defender for Cloud, ensure you are logged into the correct Azure DevOps account and tenant when authorizing access.
    6. Install Required Extensions in Azure DevOps
      • Microsoft Security DevOps (msdo) extension
      • SARIF SAST Scans Tab extension These are necessary to export SARIF scan results and view them in Defender for Cloud.

    {B5DC53CD-C048-47AF-922A-869082286318}

    If my answer helped you resolve your issue, please consider marking it as the correct answer. This helps others in the community find solutions more easily. Thanks!

    0 comments

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Mihai 20 Reputation points
    2025-06-04T20:39:31.81+00:00

    @Jose Benjamin Solis Nolasco - Thank you for your comment on - "During the DevOps connector setup in Defender for Cloud, ensure you are logged into the correct Azure DevOps account and tenant when authorizing access."

    I was using the correct account and tenant on both ends ... it is just that I used two separate browser windows running in Incognito mode. Deleted connector and recreated it using the same steps but using the same "normal" browser window and all is good.

    Definetely interesting and I will dig into it a little bit deeper, not sure I understand the whys behind the different behaviour of the portal.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.