Pipeline emails from AzureDevOps@microsoft.com links removed

Question

Pipeline emails from AzureDevOps@microsoft.com links removed

Yvonne 30

Pipeline emails from AzureDevOps@microsoft.com links removed. Have anyone run into this issue and what did you do to fix it?

We have done extensive tracing with Microsoft support and Cisco, since we have Cisco email security. We DO NOT have any policies in place. No EAC rules or Defender policies.

This is what we are getting in the email of the body:

Provide N/A with the key vault secret id [link removed] and direct them to the [link removed]1 script to retrieve the application information.

Pravallika KV 13,545 Reputation points Microsoft External Staff Moderator

2026-03-19T19:14:47.2233333+00:00
Hi @Yvonne

Thanks for reaching out to Microsoft Q&A.

When something like that happens, it almost always comes down to an intermediary (your Cisco Email Security gateway, Exchange, an ATP/Safe‐Links policy, etc.) sanitizing or dropping HTML <a> tags.

Here’s a quick sanity check and some things to try on the Cisco side:

Send the same pipeline‐failure or success notification to an external mail account (Gmail, Outlook.com, etc.) that doesn’t go through your Cisco appliance. Do the links survive?

On your Cisco Email Security appliance/service, search the message logs for that message ID and look for any “URL removal” or “HTML sanitization” actions.

Verify you don’t have a “Strip HTML tags” or “Remove URLs” content filter enabled, even by accident or inherited from a global policy.

Check whether Azure DevOps is sending the notifications as HTML (it usually does). If it somehow fell back to plain-text, links wouldn’t be clickable anyway.

If you’re also using Microsoft ATP Safe Links or a similar Office 365 feature in parallel, try disabling it for a test user to see if it’s causing the issue.

Hope this helps!
Yvonne 30 Reputation points

2026-03-19T19:27:21.64+00:00

We have went through extensive tracing with Cisco and also with Microsoft and we have also determined that there are no transport rules or policies in Defender.
Pravallika KV 13,545 Reputation points Microsoft External Staff Moderator

2026-03-24T00:05:52.0533333+00:00

Hi @Yvonne , Following up to see if the provided information was helpful. If you have any further queries do let us know.
Deleted

This comment has been deleted due to a violation of our Code of Conduct. The comment was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.

2 answers

Your answer

Pravallika KV 13,545 Reputation points Microsoft External Staff Moderator

2026-03-19T19:14:47.2233333+00:00

Hi @Yvonne

Thanks for reaching out to Microsoft Q&A.

When something like that happens, it almost always comes down to an intermediary (your Cisco Email Security gateway, Exchange, an ATP/Safe‐Links policy, etc.) sanitizing or dropping HTML <a> tags.

Here’s a quick sanity check and some things to try on the Cisco side:

Send the same pipeline‐failure or success notification to an external mail account (Gmail, Outlook.com, etc.) that doesn’t go through your Cisco appliance. Do the links survive?

On your Cisco Email Security appliance/service, search the message logs for that message ID and look for any “URL removal” or “HTML sanitization” actions.

Verify you don’t have a “Strip HTML tags” or “Remove URLs” content filter enabled, even by accident or inherited from a global policy.

Check whether Azure DevOps is sending the notifications as HTML (it usually does). If it somehow fell back to plain-text, links wouldn’t be clickable anyway.

If you’re also using Microsoft ATP Safe Links or a similar Office 365 feature in parallel, try disabling it for a test user to see if it’s causing the issue.

Hope this helps!
Yvonne 30 Reputation points

2026-03-19T19:27:21.64+00:00

We have went through extensive tracing with Cisco and also with Microsoft and we have also determined that there are no transport rules or policies in Defender.
Pravallika KV 13,545 Reputation points Microsoft External Staff Moderator

2026-03-24T00:05:52.0533333+00:00

Hi @Yvonne , Following up to see if the provided information was helpful. If you have any further queries do let us know.
Deleted

This comment has been deleted due to a violation of our Code of Conduct. The comment was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.

Answer 1

Pravallika KV 13,545 Microsoft External Staff Moderator

Hi @Yvonne ,

Thanks for reaching out to Microsoft Q&A.

The links are being removed because Azure DevOps automatically masks secrets or sensitive information in emails. Any URL containing a Key Vault secret ID or other secret variable will be replaced with [link removed] by design. To include links safely, you need to reference non-secret variables or indirect URLs that don’t expose sensitive data.

Hope this helps!

If the resolution was helpful, kindly take a moment to click on User's image and click on Yes for was this answer helpful. And, if you have any further query do let us know.

Pravallika KV 13,545 Reputation points Microsoft External Staff Moderator

2026-03-25T00:02:34.1133333+00:00

Hi @Yvonne ,Following up to see if the provided answer was helpful. If this answers your query, do click Accept Answer =>Yes, and upvote it. If you have any further queries do let us know.

Answer 2

Azure DevOps notification emails can be modified or filtered by systems between Azure DevOps and the mailbox, including group subscriptions and organization-level notification settings. When links or content are missing in pipeline emails, the primary supported checks are:

Verify how the email is being generated and who it is sent to
- Check whether the email is coming from a team/organization subscription or an individual subscription. If it is a group or team subscription, the subscription owner might have changed the template or scope.
- Inspect the To: line of the email to confirm whether it is being sent to a group address of which the affected mailbox is a member.
Inspect the subscription that generated the email
- At the bottom (footer) of Azure DevOps notification emails there is a link to view the subscription that triggered the email.
- Open that link and review the subscription configuration (event type, filters, and delivery settings). If it is an organization or team subscription, opt out or adjust it as needed.
Check for permission-based filtering
- Azure DevOps filters notification recipients based on permissions to the underlying artifacts (for example, pipelines, work items, or other resources referenced in the email).
- If the creator or last modifier of the subscription has lost permissions to the project, Azure DevOps can silently stop or alter notifications. Verify that the subscription creator and any users with subscription-level access still have valid permissions in the project.
- Use notification delivery logs to see how the email was generated and whether any filtering occurred. For details, see the guidance on enabling subscription logging.
If the problem persists
- If none of the above explains the missing links or altered content, engage Azure DevOps customer support with examples of affected messages, including headers and the subscription details from the email footer.

These steps focus on confirming that the issue is not caused by Azure DevOps notification configuration or permission-based filtering before continuing to work with the email security vendor.

References:

Share via

Pipeline emails from AzureDevOps@microsoft.com links removed

2 answers

Your answer