🚨 CRITICAL GUIDELINES

Windows File Path Requirements

MANDATORY: Always Use Backslashes on Windows for File Paths

When using Edit or Write tools on Windows, you MUST use backslashes (
) in file paths, NOT forward slashes (/ ).

Examples:

• ❌ WRONG: D:/repos/project/file.tsx

• ✅ CORRECT: D:\repos\project\file.tsx

This applies to:

• Edit tool file_path parameter

• Write tool file_path parameter

• All file operations on Windows systems

Documentation Guidelines

NEVER create new documentation files unless explicitly requested by the user.

• Priority: Update existing README.md files rather than creating new documentation

• Repository cleanliness: Keep repository root clean - only README.md unless user requests otherwise

• Style: Documentation should be concise, direct, and professional - avoid AI-generated tone

• User preference: Only create additional .md files when user specifically asks for documentation

Azure DevOps 2025 Latest Features (Sprints 254-262)

New Expression Functions (Sprint 248)

iif() - Ternary Conditional Operator

Syntax: iif(condition, valueIfTrue, valueIfFalse)

variables: environment: 'production'

Use iif for conditional values

instanceCount: ${{ iif(eq(variables.environment, 'production'), 10, 2) }} deploymentSlot: ${{ iif(eq(variables.environment, 'production'), 'production', 'staging') }}

steps:

• script: echo "Deploying ${{ variables.instanceCount }} instances to ${{ variables.deploymentSlot }}"

trim() - Remove Whitespace

parameters:

• name: branchName type: string default: ' feature/my-branch '

variables:

Remove leading/trailing whitespace

cleanBranch: ${{ trim(parameters.branchName) }}

Result: 'feature/my-branch' (no spaces)

New Predefined Variables (Sprint 253)

Build.StageRequestedBy

Who requested the stage execution:

stages:

• stage: Deploy jobs:

  • job: DeployJob steps:

    • script: | echo "Stage requested by: $(Build.StageRequestedBy)" echo "Stage requester ID: $(Build.StageRequestedById)" displayName: 'Log stage requester'

    Use for approval notifications

    • task: SendEmail@1 inputs: to: 'approvers@example.com' subject: 'Deployment requested by $(Build.StageRequestedBy)'

Stage Dependencies Visualization (Sprint 254)

View stage dependencies when stage is expanded in pipeline UI:

stages:

• stage: Build jobs:

  • job: BuildJob steps:
    • script: echo "Building..."

• stage: Test dependsOn: Build # Shown visually when expanded jobs:

  • job: TestJob steps:
    • script: echo "Testing..."

• stage: Deploy_USEast dependsOn: Test jobs:

  • job: DeployJob steps:
    • script: echo "Deploying to US East..."

• stage: Deploy_EUWest dependsOn: Test # Parallel with Deploy_USEast - visualized clearly jobs:

  • job: DeployJob steps:
    • script: echo "Deploying to EU West..."

Benefits:

• Visual dependency graph in UI

• Easier debugging of complex pipelines

• Clear multi-region deployment patterns

• Identify parallel vs sequential stages

New OS Images

Ubuntu-24.04 (General Availability)

pool: vmImage: 'ubuntu-24.04' # Latest LTS - Recommended

OR use ubuntu-latest (will map to 24.04 soon)

vmImage: 'ubuntu-latest'

steps:

• script: | lsb_release -a

  Ubuntu 24.04 LTS (Noble Numbat)

Key Information:

• Ubuntu 24.04 is now generally available

• ubuntu-latest will soon map to ubuntu-24.04 (currently ubuntu-22.04 )

• Ubuntu 20.04 fully removed April 30, 2025

Windows Server 2025 (Coming June 2025)

pool: vmImage: 'windows-2025' # GA: June 16, 2025

steps:

• pwsh: | Get-ComputerInfo | Select-Object WindowsProductName, WindowsVersion

Key Information:

• General availability: June 16, 2025

• windows-latest will map to windows-2025 starting September 2, 2025

• Windows Server 2019 extended support until December 31, 2025

macOS-15 Sequoia (Available)

pool: vmImage: 'macOS-15' # Sequoia

steps:

• script: | sw_vers

  macOS 15.x (Sequoia)

Key Information:

• macOS 13 Ventura deprecation starts September 1, 2025

• macOS 13 retirement planned for December 4, 2025

• Apple Silicon (ARM64) support in preview

⚠️ Deprecated and Retired Images

Fully Removed (2025):

• Ubuntu 20.04 - Removed April 30, 2025

• .NET 6 - Removed from Windows and Ubuntu images August 1, 2025

Extended Support:

• Windows Server 2019 - Extended until December 31, 2025

• Deprecation starts: June 1, 2025

• Brownout periods: June 3-24, 2025

• Final removal: December 31, 2025

Upcoming Deprecations:

• macOS 13 Ventura - Deprecation: September 1, 2025, Retirement: December 4, 2025

Migration Recommendations:

Ubuntu Migration

OLD (Removed)

pool: vmImage: 'ubuntu-20.04'

NEW (Recommended)

pool: vmImage: 'ubuntu-24.04' # Best: explicit version

OR

vmImage: 'ubuntu-latest' # Will map to 24.04 soon

Windows Migration

OLD (Being deprecated)

pool: vmImage: 'windows-2019'

NEW (Recommended)

pool: vmImage: 'windows-2022' # Current stable

OR wait for

vmImage: 'windows-2025' # GA June 2025

GitHub Integration Improvements

Auto-linked Pull Requests

GitHub branches linked to work items automatically link PRs:

When PR is created for branch linked to work item,

PR automatically appears in work item's Development section

trigger: branches: include: - feature/* - users/*

Work item auto-linking based on branch name pattern

AB#12345 in commits auto-links to work item 12345

"Integrated in build" Links

GitHub repos show which build integrated the PR:

pr: branches: include: - main - develop

After PR merged, work item shows:

"Integrated in build: Pipeline Name #123"

Direct link to build that deployed the change

Stage-Level Variables

stages:

• stage: Build variables: buildConfiguration: 'Release' platform: 'x64' jobs:

  • job: BuildJob steps:
    • script: echo "Building $(buildConfiguration) $(platform)"

• stage: Deploy variables: environment: 'production' region: 'eastus' jobs:

  • job: DeployJob steps:
    • script: | echo "Stage: $(System.StageName)" echo "Requested by: $(Build.StageRequestedBy)" echo "Deploying to $(environment) in $(region)"

Practical Examples

Multi-Region Deployment with New Features

parameters:

• name: deployToProd type: boolean default: false

variables:

Use iif for conditional values

targetEnvironment: ${{ iif(parameters.deployToProd, 'production', 'staging') }}

stages:

• stage: Build jobs:

  • job: BuildApp pool: vmImage: 'ubuntu-24.04' # New image steps:
    • script: npm run build

• stage: Test dependsOn: Build jobs:

  • job: RunTests pool: vmImage: 'ubuntu-24.04' steps:
    • script: npm test

• stage: Deploy_USEast dependsOn: Test condition: succeeded() variables: region: 'eastus' jobs:

  • deployment: DeployToUSEast environment: ${{ variables.targetEnvironment }} pool: vmImage: 'ubuntu-24.04' strategy: runOnce: deploy: steps: - script: | echo "Deploying to $(region)" echo "Requested by: $(Build.StageRequestedBy)"

• stage: Deploy_EUWest dependsOn: Test # Parallel with Deploy_USEast condition: succeeded() variables: region: 'westeurope' jobs:

  • deployment: DeployToEUWest environment: ${{ variables.targetEnvironment }} pool: vmImage: 'ubuntu-24.04' strategy: runOnce: deploy: steps: - script: | echo "Deploying to $(region)" echo "Requested by: $(Build.StageRequestedBy)"

Stage dependencies visualized clearly in UI (Sprint 254)

Continuous Access Evaluation (Sprint 260 - August 2025)

Enhanced Security with CAE

Azure DevOps now supports Continuous Access Evaluation (CAE), enabling near real-time enforcement of Conditional Access policies through Microsoft Entra ID.

Key Benefits:

• Instant access revocation on critical events

• No waiting for token expiration

• Enhanced security posture

Triggers for Access Revocation:

• User account disabled

• Password reset

• Location or IP address changes

• Risk detection events

• Policy violations

Example Scenario:

Your pipeline with CAE enabled automatically

stages:

• stage: Production jobs:
  • deployment: Deploy environment: 'production' pool: vmImage: 'ubuntu-24.04' strategy: runOnce: deploy: steps: - script: echo "Deploying..." # If user credentials are revoked mid-deployment, # CAE will instantly terminate access

Implementation:

• General availability: August 2025

• Phased rollout to all customers

• No configuration required (automatic for all Azure DevOps orgs)

• Works with Microsoft Entra ID Conditional Access policies

Security Improvements:

• Immediate response to security events

• Reduces attack window from hours/days to seconds

• Complements existing security features (Key Vault, branch policies, etc.)

OAuth Apps Deprecation (April 2025)

Important Change:

• Azure DevOps no longer supports new registrations of Azure DevOps OAuth apps (effective April 2025)

• First step towards retiring the Azure DevOps OAuth platform

• Existing OAuth apps continue to work

• Plan migration to Microsoft Entra ID authentication

Migration Recommendations:

Use service connections with Microsoft Entra ID instead

• task: AzureCLI@2 inputs: azureSubscription: 'service-connection' # Uses Managed Identity or Service Principal scriptType: 'bash' scriptLocation: 'inlineScript' addSpnToEnvironment: true inlineScript: | az account show

SNI Requirement (April 2025)

Network Requirement:

• Server Name Indication (SNI) required on all incoming HTTPS connections

• Effective: April 23, 2025

• Affects all Azure DevOps Services connections

What to Check:

• Ensure clients support SNI (most modern clients do)

• Update legacy tools/scripts if needed

• Test connectivity before April 23, 2025

OAuth Apps Deprecation (Sprint 261 - September 2025)

Critical Security Change:

Azure DevOps is enforcing one-time visibility for OAuth client secrets:

• Newly generated client secrets displayed only once at creation

• Get Registration Secret API will be retired

• Change effective: September 2, 2025

• No new OAuth app registrations allowed

Migration Path:

Replace OAuth apps with Microsoft Entra ID authentication

Use service connections with Managed Identity or Service Principal

• task: AzureCLI@2 inputs: azureSubscription: 'entra-id-service-connection' scriptType: 'bash' addSpnToEnvironment: true inlineScript: | az account show # Authenticated via Entra ID

Action Required:

• Audit existing OAuth apps

• Plan migration to Entra ID authentication

• Update CI/CD pipelines to use service connections

• Document secret rotation procedures

Agent Software Version 4 (October 2024 - Current)

Major Upgrade:

The Azure Pipelines agent has been upgraded from v3.x to v4.x, powered by .NET 8:

Key Improvements:

• Built on .NET 8 for better performance and security

• Extended platform support including ARM64

• Improved reliability and diagnostics

• Better resource management

Platform Support:

• Linux: Debian 11 & 12, Ubuntu 24.04, 22.04, 20.04 (ARM64 supported)

• macOS: Intel and Apple Silicon (ARM64 supported)

• Windows: Windows Server 2019, 2022, 2025

ARM64 Support:

Self-hosted ARM64 agent

pool: name: 'arm64-pool' demands: - agent.os -equals Linux - Agent.OSArchitecture -equals ARM64

steps:

• script: uname -m displayName: 'Verify ARM64 architecture'

Note: ARM64 support is available for self-hosted agents. Microsoft-hosted ARM64 macOS agents are in preview.

Sprint 262 - GitHub Copilot Integration (2025)

AI-Powered Work Item Assistance (Private Preview):

Connect Azure Boards work items directly with GitHub Copilot:

Capabilities:

• Send work items to Copilot coding agent

• AI-assisted bug fixes

• Automated feature implementation

• Test coverage improvements

• Documentation updates

• Technical debt reduction

Usage Pattern:

• Create work item in Azure Boards

• Add detailed requirements in description

• Send to GitHub Copilot

• Copilot generates code changes

• Review and merge via standard PR process

Integration with Pipelines:

Work items auto-link with PRs

trigger: branches: include: - feature/*

Mention work item in commit

Example: "Fix login bug AB#12345"

Automatically links PR to work item and tracks in build

Resources

• Azure DevOps Sprint 262 Update

• Azure DevOps Sprint 261 Update

• Azure DevOps Sprint 260 Update

• Azure DevOps Sprint 254 Update

• Agent Software Version 4

• Expression Functions Documentation

• Hosted Agent Images

• Continuous Access Evaluation Documentation