Skip to main content
Skip table of contents

Azure DevOps Authentication Changes: Global PAT and Azure Devops OAuth Deprecation

Overview

Azure is deprecating two authentication capabilities that will impact both our Classic integration and Developer Platform for Azure DevOps.

What's Changing

1. Global PAT Deprecation (Affects Azure Repos Classic Integration)

Microsoft Azure is phasing out global Personal Access Tokens, which the Classic repo integration relies on for authentication.

Key Date:

  • December 1st, 2026 – All existing global PATs will be fully decommissioned and stop working

2. Azure Devops OAuth Deprecation (Affects Developer Platform for Azure DevOps)

Microsoft is deprecating their proprietary Azure DevOps OAuth implementation in favor of Microsoft Entra ID OAuth (formerly Azure Active Directory). The Mend Developer Platform for Azure DevOps currently authenticates using the Azure DevOps OAuth flow, which is being retired.

Terminology note: To be precise, Microsoft is deprecating their own custom Azure DevOps OAuth 2.0 implementation and replacing it with the industry-standard Microsoft Entra ID OAuth 2.0. Both are technically OAuth 2.0, but Entra ID OAuth is the modern, enterprise-grade implementation going forward.

Timeline:

  • April 2025 – New Azure DevOps OAuth app registrations are no longer accepted by Microsoft

    • This does not affect Mend customers as the app already exists.

  • 2026 – Full deprecation of Azure DevOps OAuth; exact date TBD by Microsoft

Microsoft has not yet announced a specific end-of-life date beyond "2026." Mend.io will provide updates as Microsoft confirms the timeline.

Required Actions by Customer Type

Classic Integration Customers

Plan migration to Developer Platform before December 1st, 2026, when all global PATs will stop working. Take the following into account while planning the migration:

  • Mend.io is actively researching the OAuth → Entra migration impact

  • Mend.io will provide detailed guidance once our analysis is complete

  • Recommendation: Hold off migrating to the Developer Platform until Mend.io completes the OAuth → Entra migration research, otherwise another migration might be required in 2026.

Developer Platform Customers

Current Status:

  • No immediate action required

  • Your existing integration will continue to function until Microsoft deprecates Azure DevOps OAuth (sometime in 2026)

  • Mend.io is actively researching what the migration to Microsoft Entra ID OAuth will require - including whether customers will need to re-authenticate

  • Mend.io will publish detailed guidance once our analysis is complete

What to expect: Migrating from Azure DevOps OAuth to Entra ID OAuth will likely require customers to re-authorize the Mend application through a new OAuth flow. This is unavoidable, as Entra ID OAuth tokens are issued differently and cannot be silently swapped on the backend.

Notifications

Two channels will be utilized to notify Azure DevOps integration users about this breaking change:

  1. Mend.io’s Customer Success Managers and Account Managers will contact affected Classic integration customers.

  2. In-Product Notifications: Alerts will appear in checks, issues, and PRs directly in Azure DevOps.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close