Events
Mar 17, 11 PM - Mar 21, 11 PM
Join the meetup series to build scalable AI solutions based on real-world use cases with fellow developers and experts.
Register nowThis browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Microsoft Entra ID is a separate Microsoft product with its own platform. As a leading identity and access management (IAM) provider, Microsoft Entra ID focuses on managing team members and safeguarding company resources. You can connect your Azure DevOps organization to a Microsoft Entra ID tenant, which offers many benefits to your company.
Once connected, the Microsoft Identity application platform on top of Microsoft Entra ID provides several advantages for app developers and org admins. You can register an application to access Azure tenants and define permissions needed from Azure resources, including Azure DevOps, which exists outside of the Azure tenant construct.
Microsoft Entra apps and Azure DevOps apps are separate entities with no knowledge of each other. The authentication methods differ: Microsoft Entra uses OAuth, while Azure DevOps uses its own OAuth. Microsoft Entra ID OAuth apps issue Microsoft Entra tokens, not Azure DevOps access tokens. These tokens have a standard one-hour duration before expiration.
Read the Microsoft Entra documentation thoroughly to understand the new functionality and different expectations during setup.
We support your app development with guidance for:
Personal access tokens (PATs) are popular for Azure DevOps authentication due to their ease of creation and use. However, poor PAT management and storage can lead to unauthorized access to your Azure DevOps organizations. Long-lived or over-scoped PATs increase the risk of damage from a leaked PAT.
Microsoft Entra tokens offer a secure alternative, lasting only one hour before requiring a refresh. The authentication protocols for generating Entra tokens are more robust and secure. Security measures like conditional access policies protect against token theft and replay attacks. We encourage users to explore using Microsoft Entra tokens instead of PATs. We share popular PAT use cases and ways to replace PATs with Entra tokens in this workflow.
You can also use the Azure CLI to get Microsoft Entra ID access tokens for users to call Azure DevOps REST APIs. Since Entra access tokens only last for one hour, they're ideal for quick one-off operations, like API calls that don't need a persistent token.
Sign in to the Azure CLI using the az login
command and follow the on-screen instructions.
Set the correct subscription for the signed-in user with these bash commands. Make sure the Azure subscription ID is associated with the tenant connected to the Azure DevOps organization you're trying to access. If you don't know your subscription ID, you can find it in the Azure portal.
az account set -s <subscription-id>
Generate a Microsoft Entra ID access token with the az account get-access-token
command using the Azure DevOps resource ID: 499b84ac-1321-427f-aa17-267ca6975798
.
az account get-access-token \
--resource 499b84ac-1321-427f-aa17-267ca6975798 \
--query "accessToken" \
-o tsv
For more information, see the Databricks docs.
Service principals can also use ad-hoc Microsoft Entra ID access tokens for ad-hoc operations. For more information, see Service principals and managed identities/Get a Microsoft Entra ID token with the Azure CLI.
You can also use Microsoft Entra tokens to perform Git operations. If you regularly push to git repositories, use the Git Credential Manager to easily request and manage your Microsoft Entra OAuth token credentials, as long as oauth
is set as the default credential.azReposCredentialType
.
Events
Mar 17, 11 PM - Mar 21, 11 PM
Join the meetup series to build scalable AI solutions based on real-world use cases with fellow developers and experts.
Register nowTraining
Learning path
Configure and govern entitlement with Microsoft Entra ID SC-5008 - Training
Use Microsoft Entra to manage access by using entitlements, access reviews, privileged access tools, and monitor access events. (SC-5008)
Certification
Microsoft Certified: Identity and Access Administrator Associate - Certifications
Demonstrate the features of Microsoft Entra ID to modernize identity solutions, implement hybrid solutions, and implement identity governance.