Starting July 28, 2025, Azure DevOps will no longer require Azure Resource Manager (ARM) (https://management.azure.com) when you sign in or refresh access tokens.

Previously, Azure DevOps needed ARM permissions during login, meaning admins had to exempt DevOps users from ARM-based Conditional Access (CA) policies—even if they wanted to restrict ARM access.

Now, Azure DevOps uses its own token system, so you can create dedicated CA policies just for DevOps without worrying about ARM restrictions.

Does This Affect You?

If you’ve set up a Conditional Access policy for any of these services:

• Azure Resource Manager (ARM)
• Azure Portal (including Microsoft Entra admin center)
• Azure Data Lake
• Application Insights API
• Log Analytics API

…then your policy no longer applies to Azure DevOps sign-ins. You’ll need a new DevOps-specific CA policy to keep the same level of control.

How to Set Up a Conditional Access Policy for Azure DevOps

As an admin, you can now create a policy that blocks or grants access to Azure DevOps based on:

• IP addresses
• User groups
• Device compliance
• Multi-factor authentication (MFA)

Steps to Create the Policy:

1. Go to the Azure Portal → Microsoft Entra Conditional Access.
2. Click Policies → + New Policy.
3. Name your policy and configure settings (e.g., require MFA).
4. Under Target resources, toggle "Select resources" and add:
• Microsoft Visual Studio Team Services (ID: 499b84ac-1321-427f-aa17-267ca6975798)
5. Save the policy.

Exceptions: Who Still Needs ARM Access?

Some Azure DevOps users still rely on ARM for:

• Billing admins (managing subscriptions & payments)
• Service Connection creators (setting up role assignments & managed identities)

If these users are in your org, consider excluding them from ARM-related CA policies.

DevSecOps combines development, security, and operations to build safer and faster cloud solutions. But with so many Azure tools and options, it can feel confusing at first.

This guide explains DevSecOps in plain terms, so you and your team can:

• Work more securely
• Automate processes easily
• Avoid common mistakes

We'll explain the essentials in a way that's easy to grasp, helping you get started with Azure without confusion.

Whether you're exploring DevSecOps for the first time or optimizing your current approach, this guide will help make your cloud work more productive and secure.

Need Help Managing Azure DevOps & Conditional Access? Let Ctelecoms Assist!

As a Microsoft Gold Partner, Ctelecoms specializes in helping Saudi businesses optimize their Azure cloud infrastructure, including:
✔ Implementing secure Conditional Access policies for Azure DevOps
✔ Migrating & managing Azure resources with best practices
✔ Ensuring compliance with Saudi regulatory requirements
✔ Providing 24/7 expert support for seamless cloud operations

With deep expertise in Microsoft Azure, and cloud security, Ctelecoms ensures your business stays flexible, secure, and future-ready.

Contact us today to streamline your Azure environment and enhance security!