{"id":12717,"date":"2025-09-05T05:01:00","date_gmt":"2025-09-04T20:01:00","guid":{"rendered":"https:\/\/m365jp.net\/?p=12717"},"modified":"2025-09-05T05:02:04","modified_gmt":"2025-09-04T20:02:04","slug":"mc1123830-updated-microsoft-entra-action-required-c-update-conditional-access-policies-for-azure-devops-sign-ins","status":"publish","type":"post","link":"https:\/\/m365jp.net\/index.php\/2025-09-05-mc1123830-updated-microsoft-entra-action-required-c-update-conditional-access-policies-for-azure-devops-sign-ins","title":{"rendered":"MC1123830 | (Updated) Microsoft Entra: Action Required C Update Conditional Access Policies for Azure DevOps Sign-ins"},"content":{"rendered":"<div class=\"postie-post\">\n<div>\n<hr>\n<table id=\"section\">\n<tbody>\n<tr>\n<th width=\"95%\">MC1123830 | (Updated) Microsoft Entra: Action Required C Update Conditional Access Policies for Azure DevOps Sign-ins<\/th>\n<\/tr>\n<\/tbody>\n<\/table>\n<hr>\n<table id=\"data\">\n<tbody>\n<tr>\n<th>Classification<\/th>\n<td>planForChange<\/td>\n<\/tr>\n<tr>\n<th>Last Updated<\/th>\n<td>09\/04\/2025 19:48:11<\/td>\n<\/tr>\n<tr>\n<th>Start Time<\/th>\n<td>07\/28\/2025 23:49:43<\/td>\n<\/tr>\n<tr>\n<th>End Time<\/th>\n<td>10\/27\/2025 07:00:00<\/td>\n<\/tr>\n<tr>\n<th>Action Required By Date<\/th>\n<td>2025-09-04T07:00:00Z<\/td>\n<\/tr>\n<tr>\n<th>Message Content<\/th>\n<td>\n<p>Updated September 4, 2025: We have updated the timeline. Thank you for your patience.<\/p>\n<p><b>Introduction<\/b><\/p>\n<p>Microsoft Entra is updating how Conditional Access (CA) policies apply to Azure DevOps sign-ins. Azure DevOps will no longer rely on the Azure Resource Manager (ARM) resource during sign-in or token refresh flows. This change ensures that access controls   are applied directly to Azure DevOps. Organizations must update their Conditional Access policies to explicitly include Azure DevOps to maintain secure access.<\/p>\n<p><b>When this will happen<br \/>  <\/b><\/p>\n<p>This change will take effect starting <b>September 2, 2025<\/b>, and will be <b>  fully enforced by September 18, 2025 <\/b>(previously September 4), across all environments.<\/p>\n<p><b>How does this affect your organization?<\/b><\/p>\n<p>If your organization has Conditional Access policies targeting the Windows Azure Service Management API (App ID: 797f4846-ba00-4fd7-ba43-dac1f8f63013), those policies will no longer apply to Azure DevOps sign-ins. This may result in  <b>unprotected access<\/b> unless these policies are updated to include Azure DevOps (App ID: 499b84ac-1321-427f-aa17-267ca6975798).  <\/p>\n<ul>\n<li>Access controls such as MFA or compliant device requirements may not be enforced unless policies are updated.  <\/li>\n<li>If you already have a policy that targets all users and all cloud apps and does not explicitly exclude Azure DevOps, no action is required\u2015Azure DevOps sign-ins will continue to be protected.  <\/li>\n<li>This change does not introduce any new user-facing experience or UI changes.  <\/li>\n<li>Sign-in activity can be monitored using Microsoft Entra ID sign-in logs.<\/li>\n<li>Licensing requirement: Microsoft Entra ID P1 or P2 is required. There are no functional differences by license type. This is a feature change, not a new feature, so trial or preview options are not applicable.<\/li>\n<li>Unlicensed users may also be impacted.  <\/li>\n<li>Existing Conditional Access policies will be affected, specifically those targeting the Windows Azure Service Management API.  <\/li>\n<li>A small subset of tenants may see the app name as &#8220;Microsoft Visual Studio Team Services&#8221; instead of &#8220;Azure DevOps&#8221;\u2015the App ID remains the same.<\/li>\n<\/ul>\n<p>&nbsp;<b>What do you need to do to prepare?<\/b><\/p>\n<p>To ensure continued protection of Azure DevOps sign-ins, administrators should:  <\/p>\n<ul>\n<li><b>Review existing Conditional Access policies<\/b> &#8211; Identify any policies that target the Windows Azure Service Management API.  <\/li>\n<li><b>Update policies to include Azure DevOps:<\/b>\n<ul>\n<li>Go to the Entra admin center.  <\/li>\n<li>Navigate to <b>Entra ID &gt; Conditional Access &gt; Policies<\/b>.  <\/li>\n<li>Select the relevant policy.  <\/li>\n<li>Under <b>Target resources<\/b>, choose<b> Select resources<\/b> and add Azure DevOps (App ID: 499b84ac-1321-427f-aa17-267ca6975798).  <\/li>\n<li>Save the policy.<\/li>\n<\/ul>\n<\/li>\n<li><b>Use Entra ID group membership<\/b> to scope policies to specific users or groups.<\/li>\n<li><b>Monitor sign-in activity<\/b> using Entra ID sign-in logs.<\/li>\n<li><b>Review licensing requirements<\/b> &#8211; Conditional Access requires Microsoft Entra ID P1 or higher. Organizations without the required license may explore trial options.<\/li>\n<\/ul>\n<p>Learn more: <\/p>\n<ul>\n<li><a href=\"https:\/\/devblogs.microsoft.com\/devops\/removing-azure-resource-manager-reliance-on-azure-devops-sign-ins\/\" target=\"_blank\">Removing Azure Resource Manager reliance on Azure DevOps sign-ins | Azure DevOps Blog<\/a><\/li>\n<li><a href=\"https:\/\/learn.microsoft.com\/entra\/identity\/conditional-access\/overview\" target=\"_blank\">What is Conditional Access? | Conditional Access | Microsoft Entra ID | Microsoft Learn<\/a><\/li>\n<\/ul>\n<p><b>Compliance considerations<br \/>  <\/b><\/p>\n<p>No compliance considerations identified, review as appropriate for your organization.<\/p>\n<\/td>\n<\/tr>\n<tr>\n<th>Machine Translation<\/th>\n<td>\n<p>2025 \u5e74 9 \u6708 4 \u65e5\u66f4\u65b0: \u30bf\u30a4\u30e0\u30e9\u30a4\u30f3\u3092\u66f4\u65b0\u3057\u307e\u3057\u305f\u3002\u304a\u5f85\u3061\u3044\u305f\u3060\u304d\u3042\u308a\u304c\u3068\u3046\u3054\u3056\u3044\u307e\u3059\u3002<\/p>\n<p><b>B\u4ecb<\/b><\/p>\n<p>Microsoft Entra \u3067\u306f\u3001\u6761\u4ef6\u4ed8\u304d\u30a2\u30af\u30bb\u30b9 (CA) \u30dd\u30ea\u30b7`\u304c Azure DevOps \u30b5\u30a4\u30f3\u30a4\u30f3\u306bm\u7528\u3055\u308c\u308b\u65b9\u6cd5\u3092\u66f4\u65b0\u3057\u3066\u3044\u307e\u3059\u3002Azure DevOps \u306f\u3001\u30b5\u30a4\u30f3\u30a4\u30f3\u307e\u305f\u306f\u30c8`\u30af\u30f3\u66f4\u65b0\u30d5\u30ed`\u4e2d\u306b Azure Resource Manager (ARM) \u30ea\u30bd`\u30b9\u306b\u4f9d\u5b58\u3057\u306a\u304f\u306a\u308a\u307e\u3059\u3002\u3053\u306e\u6d93\u6454\u745c\u8f8d\u4e92\u602a\u6734 Azure DevOps \u306b\u76f4\u63a5m\u7528\u3055\u308c\u308b\u3088\u3046\u306b\u306a\u308a\u307e\u3059\u3002M\u306f\u3001\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u3067\u4fddo\u3055\u308c\u305f\u30a2\u30af\u30bb\u30b9\u3092S\u6301\u3059\u308b\u305f\u3081\u306b\u3001Azure DevOps \u3092\u660e\u793a\u7684\u306b\u542b\u3081\u308b\u3088\u3046\u306b\u6761\u4ef6\u4ed8\u304d\u30a2\u30af\u30bb\u30b9   \u30dd\u30ea\u30b7`\u3092\u66f4\u65b0\u3059\u308b\u5fc5\u8981\u304c\u3042\u308a\u307e\u3059\u3002<\/p>\n<p><b>\u3053\u308c\u304c\u3044\u3064\u8d77\u3053\u308b\u304b<\/b><\/p>\n<p>\u3053\u306e\u6d93 <b>2025 \u5e74 9 \u6708 2<\/b> \u65e5\u304b\u3089\u6709\u90e1\u6454\u80dc\u8f8d <b>2025 \u5e74 9 \u6708 18 \u65e5 <\/b>(\u4ee5\u524d\u306f 9 \u6708 4 \u65e5) \u307e\u3067\u306b\u3059\u3079\u3066\u306eh\u5883\u3067\u5b8c\u5168\u306bm\u7528\u3055\u308c\u307e\u3059\u3002<\/p>\n<p><b>\u3053\u308c\u306fM\u306b\u3069\u306e\u3088\u3046\u306a\u5f71\u3092\u4e0e\u3048\u307e\u3059\u304b?<\/b><\/p>\n<p>M\u306b Windows Azure Service Management API (\u30a2\u30d7\u30ea ID: 797f4846-ba00-4fd7-ba43-dac1f8f63013) \u3092\u8c61\u3068\u3059\u308b\u6761\u4ef6\u4ed8\u304d\u30a2\u30af\u30bb\u30b9 \u30dd\u30ea\u30b7`\u304c\u3042\u308b\u9f8a\u7a00\u957f\u6b37\u6901\u8fdd\u836a\u8f9a\u73d0`\u306f Azure DevOps \u30b5\u30a4\u30f3\u30a4\u30f3\u306bm\u7528\u3055\u308c\u306a\u304f\u306a\u308a\u307e\u3059\u3002\u3053\u308c\u306b\u3088\u308a\u3001\u3053\u308c\u3089\u306e\u30dd\u30ea\u30b7`\u304c Azure DevOps (\u30a2\u30d7\u30ea ID: 499b84ac-1321-427f-aa17-267ca6975798) \u3092\u542b\u3080\u3088\u3046\u306b\u66f4\u65b0\u3055\u308c\u306a\u3044\u9650\u308a\u3001  <b>\u4fddo\u3055\u308c\u3066\u3044\u306a\u3044\u30a2\u30af\u30bb\u30b9<\/b> \u304ck\u751f\u3059\u308b\u53ef\u80fd\u6027\u304c\u3042\u308a\u307e\u3059\u3002<\/p>\n<ul>\n<li>MFA \u3084\u30c7\u30d0\u30a4\u30b9\u8981\u4ef6\u306a\u3069\u306e\u30a2\u30af\u30bb\u30b9\u5236\u5fa1\u306f\u3001\u30dd\u30ea\u30b7`\u304c\u66f4\u65b0\u3055\u308c\u306a\u3044\u9650\u308am\u7528\u3055\u308c\u306a\u3044\u9f8a\u6089\u8f98\u84fc\u57c2<\/li>\n<li>\u3059\u3079\u3066\u306e\u30e6`\u30b6`\u3068\u3059\u3079\u3066\u306e\u30af\u30e9\u30a6\u30c9 \u30a2\u30d7\u30ea\u3092\u8c61\u3068\u3057\u3001Azure DevOps \u3092\u660e\u793a\u7684\u306b\u9664\u5916\u3057\u306a\u3044\u30dd\u30ea\u30b7`\u304c\u65e2\u306b\u3042\u308b\u9f8a\u6089\u7a00\u4f10\u7ec1\u87ad\u5ab3\u533e\u8f98\u84fc\u62a4 &#8211; Azure DevOps \u30b5\u30a4\u30f3\u30a4\u30f3\u306f\u5f15\u304dA\u304d\u4fddo\u3055\u308c\u307e\u3059\u3002<\/li>\n<li>\u3053\u306e\u6d93\u6454\u745c\u8f8d\u247f\u9647\u7b4f\u3045\u59d7`\u30b6`\u5411\u3051\u30a8\u30af\u30b9\u30da\u30ea\u30a8\u30f3\u30b9\u3084 UI \u306e\u6d93\u6bea\u4e39\u6b37\u84fc\u62a4\u87c6<\/li>\n<li>\u30b5\u30a4\u30f3\u30a4\u30f3 \u30a2\u30af\u30c6\u30a3\u30d3\u30c6\u30a3\u306f\u3001Microsoft Entra ID \u30b5\u30a4\u30f3\u30a4\u30f3 \u30ed\u30b0\u3092\u4f7f\u7528\u3057\u3066O\u3067\u304d\u307e\u3059\u3002<\/li>\n<li>\u30e9\u30a4\u30bb\u30f3\u30b9\u8981\u4ef6: Microsoft Entra ID P1 \u307e\u305f\u306f P2 \u304c\u5fc5\u8981\u3067\u3059\u3002\u30e9\u30a4\u30bb\u30f3\u30b9\u306eN\u306b\u3088\u308bC\u80fd\u306e`\u3044\u306f\u3042\u308a\u307e\u305b\u3093\u3002\u3053\u308c\u306fC\u80fd\u306e\u6d93\u6266\u8f8d\u247fC\u80fd\u3067\u306f\u306a\u3044\u305f\u3081\u3001\u7528\u7248\u307e\u305f\u306f\u30d7\u30ec\u30d3\u30e5` \u30aa\u30d7\u30b7\u30e7\u30f3\u306fm\u7528\u3055\u308c\u307e\u305b\u3093\u3002<\/li>\n<li>\u30e9\u30a4\u30bb\u30f3\u30b9\u306e\u306a\u3044\u30e6`\u30b6`\u3082\u5f71\u3092\u53d7\u3051\u308b\u53ef\u80fd\u6027\u304c\u3042\u308a\u307e\u3059\u3002<\/li>\n<li>\u65e2\u5b58\u306e\u6761\u4ef6\u4ed8\u304d\u30a2\u30af\u30bb\u30b9 \u30dd\u30ea\u30b7` (\u7279\u306b Windows Azure \u30b5`\u30d3\u30b9\u7ba1\u7406 API \u3092\u8c61\u3068\u3059\u308b\u30dd\u30ea\u30b7`) \u304c\u5f71\u3092\u53d7\u3051\u307e\u3059\u3002<\/li>\n<li>\u30c6\u30ca\u30f3\u30c8\u306e\u5c0f\u3055\u306a\u30b5\u30d6\u30bb\u30c3\u30c8\u3067\u306f\u3001\u30a2\u30d7\u30ea\u540d\u304c &#8220;Azure DevOps&#8221; \u3067\u306f\u306a\u304f &#8220;Microsoft Visual Studio Team Services&#8221; \u3068\u3057\u3066\u8868\u793a\u3055\u308c\u308b\u9f8a\u6089\u8f98\u84fc\u5de5\u6293 ID \u306f\u540c\u3058\u307e\u307e\u3067\u3059\u3002<\/li>\n<\/ul>\n<p>&nbsp;<b>\u6d43\u5de5\u6bea\u6454\u867e\u97e6\u988f\u5de5\u6c21\u533e\u8f98\u84fc\u5de5?<\/b><\/p>\n<p>Azure DevOps <a href=\"mailto:\u30b5\u30a4\u30f3\u30a4\u30f3\u3092@A\u7684\u306b\u4fddo\u3059\u308b\u306b\u306f\u3001\u7ba1\u7406\u8005\u306f\u6b21\u306e\u3053\u3068\u3092\u884c\u3046\u5fc5\u8981\u304c\u3042\u308a\u307e\u3059\u3002\" >\u30b5\u30a4\u30f3\u30a4\u30f3\u3092@A\u7684\u306b\u4fddo\u3059\u308b\u306b\u306f\u3001\u7ba1\u7406\u8005\u306f\u6b21\u306e\u3053\u3068\u3092\u884c\u3046\u5fc5\u8981\u304c\u3042\u308a\u307e\u3059\u3002<\/a><\/p>\n<ul>\n<li><b>\u65e2\u5b58\u306e\u6761\u4ef6\u4ed8\u304d\u30a2\u30af\u30bb\u30b9 \u30dd\u30ea\u30b7`\u3092_J\u3059\u308b<\/b> &#8211; Windows Azure \u30b5`\u30d3\u30b9\u7ba1\u7406 API \u3092\u8c61\u3068\u3059\u308b\u30dd\u30ea\u30b7`\u3092\u7279\u5b9a\u3057\u307e\u3059\u3002<\/li>\n<li><b>Azure DevOps \u3092\u542b\u3081\u308b\u3088\u3046\u306b\u30dd\u30ea\u30b7`\u3092\u66f4\u65b0\u3057\u307e\u3059\u3002<\/b>\n<ul>\n<li>Entra \u7ba1\u7406\u30bb\u30f3\u30bf`\u306b\u79fb\u5a74\u7b4f\u84fc\u57c2<\/li>\n<li>[ <b>Entra ID] &gt; [\u6761\u4ef6\u4ed8\u304d\u30a2\u30af\u30bb\u30b9&gt; \u30dd\u30ea\u30b7`<\/b>] \u306b\u79fb\u5a74\u7b4f\u84fc\u57c2<\/li>\n<li>vB\u3059\u308b\u30dd\u30ea\u30b7`\u3092xk\u3057\u307e\u3059\u3002<\/li>\n<li><b>[\u30bf`\u30b2\u30c3\u30c8 \u30ea\u30bd`\u30b9]<\/b> \u3067\u3001[<b>\u30ea\u30bd`\u30b9\u306exk<\/b>] \u3092xk\u3057\u3001Azure DevOps (\u30a2\u30d7\u30ea ID: 499b84ac-1321-427f-aa17-267ca6975798) \u3092\u8ffd\u52a0\u3057\u307e\u3059\u3002<\/li>\n<li>\u30dd\u30ea\u30b7`\u3092\u4fdd\u5b58\u3057\u307e\u3059\u3002<\/li>\n<\/ul>\n<\/li>\n<li><b>Entra ID \u30b0\u30eb`\u30d7\u30e1\u30f3\u30d0`\u30b7\u30c3\u30d7\u3092\u4f7f\u7528\u3057\u3066<\/b> \u3001\u30dd\u30ea\u30b7`\u3092\u7279\u5b9a\u306e\u30e6`\u30b6`\u307e\u305f\u306f\u30b0\u30eb`\u30d7\u306b\u30b9\u30b3`\u30d7\u3057\u307e\u3059\u3002<\/li>\n<li>Entra ID \u30b5\u30a4\u30f3\u30a4\u30f3 <b>\u30ed\u30b0\u3092\u4f7f\u7528\u3057\u3066\u30b5\u30a4\u30f3\u30a4\u30f3 \u30a2\u30af\u30c6\u30a3\u30d3\u30c6\u30a3\u3092O<\/b>\u3057\u307e\u3059\u3002<\/li>\n<li><b>\u30e9\u30a4\u30bb\u30f3\u30b9\u8981\u4ef6\u3092_J\u3059\u308b<\/b> &#8211; \u6761\u4ef6\u4ed8\u304d\u30a2\u30af\u30bb\u30b9\u306b\u306f\u3001Microsoft Entra ID P1 \u4ee5\u964d\u304c\u5fc5\u8981\u3067\u3059\u3002\u5fc5\u8981\u306a\u30e9\u30a4\u30bb\u30f3\u30b9\u3092\u304a\u6301\u3061\u3067\u306a\u3044M\u306f\u3001\u7528\u30aa\u30d7\u30b7\u30e7\u30f3\u3092\u89c6\u3067\u304d\u307e\u3059\u3002<\/li>\n<\/ul>\n<p>\u60c5\u8785 <\/p>\n<ul>\n<li><a href=\"https:\/\/devblogs.microsoft.com\/devops\/removing-azure-resource-manager-reliance-on-azure-devops-sign-ins\/\" target=\"_blank\">Azure DevOps \u30b5\u30a4\u30f3\u30a4\u30f3\u3078\u306e Azure Resource Manager \u4f9d\u5b58\u306e\u524a\u9664 |Azure DevOps \u30d6\u30ed\u30b0<\/a><\/li>\n<li><a href=\"https:\/\/learn.microsoft.com\/entra\/identity\/conditional-access\/overview\" target=\"_blank\">\u6761\u4ef6\u4ed8\u304d\u30a2\u30af\u30bb\u30b9\u3068\u306f |\u6761\u4ef6\u4ed8\u304d\u30a2\u30af\u30bb\u30b9 |Microsoft Entra ID |Microsoft Learn<\/a><\/li>\n<\/ul>\n<p><b>\u30b3\u30f3\u30d7\u30e9\u30a4\u30a2\u30f3\u30b9\u306bv\u3059\u308b\u8003]\u4e8b<\/b><\/p>\n<p>\u30b3\u30f3\u30d7\u30e9\u30a4\u30a2\u30f3\u30b9\u306bv\u3059\u308b\u8003]\u4e8b\u304c\u7279\u5b9a\u3055\u308c\u3066\u3044\u306a\u3044\u9f8a\u6089\u7a00\u2494M\u306b\u3058\u3066_J\u3057\u307e\u3059\u3002<\/p>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>MC1123830 | (Updated) Microsoft Entra: Action Required C Update Conditional Access Policies for Azure DevOps S [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-12717","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/posts\/12717","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/comments?post=12717"}],"version-history":[{"count":0,"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/posts\/12717\/revisions"}],"wp:attachment":[{"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/media?parent=12717"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/categories?post=12717"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/tags?post=12717"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}