As Azure DevOps OAuth apps phase out by 2026, Microsoft is initiating outreach to app owners for migration to the Microsoft Identity platform. This newer system enables legacy REST API access while ensuring enhanced security measures. Microsoft emphasizes the removal of apps with expired secrets past 180 days and invites owners to rotate any necessary app secrets by April 30. Additionally, the introduction of overlapping secrets allows for seamless secret management, with a strong recommendation for developers to integrate secret rotation in their app coding practices, as all new secrets will now default to a 60-day lifespan.
As we prepare for the end-of-life for Azure DevOps OAuth apps in 2026, we'll begin outreach to engage existing app owners and support them through the migration process to use the Microsoft Identity platform instead for future app development with Azure DevOps.
We've collected a list of helpful resources from Microsoft Entra docs to support you in this migration effort.
Now with our new overlapping secrets feature, apps with long-lasting secrets have a downtime-free approach to regularly rotate their secrets and move away from unnecessarily long-living secrets.
We recommend all app owners build a secret rotation flow into their app code. Not only is this good app security practice, all new Azure DevOps OAuth app secrets will now default to a 60-day secret lifespan.
Collection
[
|
...
]