{"id":3037,"date":"2025-12-12T14:15:06","date_gmt":"2025-12-12T14:15:06","guid":{"rendered":"https:\/\/rssfeedtelegrambot.bnaya.co.il\/index.php\/2025\/12\/12\/retirement-of-global-personal-access-tokens-in-azure-devops\/"},"modified":"2025-12-12T14:15:06","modified_gmt":"2025-12-12T14:15:06","slug":"retirement-of-global-personal-access-tokens-in-azure-devops","status":"publish","type":"post","link":"https:\/\/rssfeedtelegrambot.bnaya.co.il\/index.php\/2025\/12\/12\/retirement-of-global-personal-access-tokens-in-azure-devops\/","title":{"rendered":"Retirement of Global Personal Access Tokens in Azure DevOps"},"content":{"rendered":"

In the new year, we\u2019ll be retiring the Global Personal Access Token (PAT) type<\/strong> in Azure DevOps.<\/p>\n

Global PATs allow users to authenticate across all accessible organizations. While this can feel convenient, a single credential with broad reach creates a concentrated security risk \u2014 especially as a user\u2019s access footprint grows. This level of privilege becomes an attractive target for bad actors, making global tokens unsuitable for today\u2019s security\u2011conscious environments.<\/p>\n

\"global<\/a><\/p>\n

Setting clear boundaries around high\u2011impact credentials is one of the most effective ways to prevent large\u2011scale breaches. As part of Microsoft\u2019s broader security strategy, we are moving away from global, full\u2011scoped PATs and enforcing organizational\u2011level policies that limit token power. We strongly recommend transitioning to short\u2011lived, Microsoft Entra\u2013backed authentication<\/strong>, which offers modern protections such as improved token governance, stronger identity controls, and reduced risk of credential exposure.<\/p>\n

These changes reflect real\u2011world learnings that we have already applied to improve the security posture across Microsoft and many Azure DevOps customers.<\/p>\n

Key Dates<\/h3>\n