🚨 CRITICAL GUIDELINES

Windows File Path Requirements

MANDATORY: Always Use Backslashes on Windows for File Paths

When using Edit or Write tools on Windows, you MUST use backslashes (\) in file paths, NOT forward slashes (/).

Examples:

• ❌ WRONG: D:/repos/project/file.tsx
• ✅ CORRECT: D:\repos\project\file.tsx

This applies to:

• Edit tool file_path parameter
• Write tool file_path parameter
• All file operations on Windows systems

Documentation Guidelines

NEVER create new documentation files unless explicitly requested by the user.

• Priority: Update existing README.md files rather than creating new documentation
• Repository cleanliness: Keep repository root clean - only README.md unless user requests otherwise
• Style: Documentation should be concise, direct, and professional - avoid AI-generated tone
• User preference: Only create additional .md files when user specifically asks for documentation

---

Azure DevOps 2025 Latest Features (Sprints 254-262)

New Expression Functions (Sprint 248)

iif() - Ternary Conditional Operator

# Syntax: iif(condition, valueIfTrue, valueIfFalse)

variables:
  environment: 'production'
  # Use iif for conditional values
  instanceCount: ${{ iif(eq(variables.environment, 'production'), 10, 2) }}
  deploymentSlot: ${{ iif(eq(variables.environment, 'production'), 'production', 'staging') }}

steps:
- script: echo "Deploying ${{ variables.instanceCount }} instances to ${{ variables.deploymentSlot }}"

trim() - Remove Whitespace

parameters:
- name: branchName
  type: string
  default: ' feature/my-branch '

variables:
  # Remove leading/trailing whitespace
  cleanBranch: ${{ trim(parameters.branchName) }}
  # Result: 'feature/my-branch' (no spaces)

New Predefined Variables (Sprint 253)

Build.StageRequestedBy

Who requested the stage execution:

stages:
- stage: Deploy
  jobs:
  - job: DeployJob
    steps:
    - script: |
        echo "Stage requested by: $(Build.StageRequestedBy)"
        echo "Stage requester ID: $(Build.StageRequestedById)"
      displayName: 'Log stage requester'

    # Use for approval notifications
    - task: SendEmail@1
      inputs:
        to: 'approvers@example.com'
        subject: 'Deployment requested by $(Build.StageRequestedBy)'

Stage Dependencies Visualization (Sprint 254)

View stage dependencies when stage is expanded in pipeline UI:

stages:
- stage: Build
  jobs:
  - job: BuildJob
    steps:
    - script: echo "Building..."

- stage: Test
  dependsOn: Build  # Shown visually when expanded
  jobs:
  - job: TestJob
    steps:
    - script: echo "Testing..."

- stage: Deploy_USEast
  dependsOn: Test
  jobs:
  - job: DeployJob
    steps:
    - script: echo "Deploying to US East..."

- stage: Deploy_EUWest
  dependsOn: Test  # Parallel with Deploy_USEast - visualized clearly
  jobs:
  - job: DeployJob
    steps:
    - script: echo "Deploying to EU West..."

Benefits:

• Visual dependency graph in UI
• Easier debugging of complex pipelines
• Clear multi-region deployment patterns
• Identify parallel vs sequential stages

New OS Images

Ubuntu-24.04 (General Availability)

pool:
  vmImage: 'ubuntu-24.04'  # Latest LTS - Recommended
  # OR use ubuntu-latest (will map to 24.04 soon)
  # vmImage: 'ubuntu-latest'

steps:
- script: |
    lsb_release -a
    # Ubuntu 24.04 LTS (Noble Numbat)

Key Information:

• Ubuntu 24.04 is now generally available
• ubuntu-latest will soon map to ubuntu-24.04 (currently ubuntu-22.04)
• Ubuntu 20.04 fully removed April 30, 2025

Windows Server 2025 (Coming June 2025)

pool:
  vmImage: 'windows-2025'  # GA: June 16, 2025

steps:
- pwsh: |
    Get-ComputerInfo | Select-Object WindowsProductName, WindowsVersion

Key Information:

• General availability: June 16, 2025
• windows-latest will map to windows-2025 starting September 2, 2025
• Windows Server 2019 extended support until December 31, 2025

macOS-15 Sequoia (Available)

pool:
  vmImage: 'macOS-15'  # Sequoia

steps:
- script: |
    sw_vers
    # macOS 15.x (Sequoia)

Key Information:

• macOS 13 Ventura deprecation starts September 1, 2025
• macOS 13 retirement planned for December 4, 2025
• Apple Silicon (ARM64) support in preview

⚠️ Deprecated and Retired Images

Fully Removed (2025):

• Ubuntu 20.04 - Removed April 30, 2025
• .NET 6 - Removed from Windows and Ubuntu images August 1, 2025

Extended Support:

• Windows Server 2019 - Extended until December 31, 2025
  • Deprecation starts: June 1, 2025
  • Brownout periods: June 3-24, 2025
  • Final removal: December 31, 2025

Upcoming Deprecations:

• macOS 13 Ventura - Deprecation: September 1, 2025, Retirement: December 4, 2025

Migration Recommendations:

# Ubuntu Migration
# OLD (Removed)
pool:
  vmImage: 'ubuntu-20.04'

# NEW (Recommended)
pool:
  vmImage: 'ubuntu-24.04'  # Best: explicit version
  # OR
  vmImage: 'ubuntu-latest'  # Will map to 24.04 soon

# Windows Migration
# OLD (Being deprecated)
pool:
  vmImage: 'windows-2019'

# NEW (Recommended)
pool:
  vmImage: 'windows-2022'  # Current stable
  # OR wait for
  vmImage: 'windows-2025'  # GA June 2025

GitHub Integration Improvements

Auto-linked Pull Requests

GitHub branches linked to work items automatically link PRs:

# When PR is created for branch linked to work item,
# PR automatically appears in work item's Development section

trigger:
  branches:
    include:
    - feature/*
    - users/*

# Work item auto-linking based on branch name pattern
# AB#12345 in commits auto-links to work item 12345

"Integrated in build" Links

GitHub repos show which build integrated the PR:

pr:
  branches:
    include:
    - main
    - develop

# After PR merged, work item shows:
# "Integrated in build: Pipeline Name #123"
# Direct link to build that deployed the change

Stage-Level Variables

stages:
- stage: Build
  variables:
    buildConfiguration: 'Release'
    platform: 'x64'
  jobs:
  - job: BuildJob
    steps:
    - script: echo "Building $(buildConfiguration) $(platform)"

- stage: Deploy
  variables:
    environment: 'production'
    region: 'eastus'
  jobs:
  - job: DeployJob
    steps:
    - script: |
        echo "Stage: $(System.StageName)"
        echo "Requested by: $(Build.StageRequestedBy)"
        echo "Deploying to $(environment) in $(region)"

Practical Examples

Multi-Region Deployment with New Features

parameters:
- name: deployToProd
  type: boolean
  default: false

variables:
  # Use iif for conditional values
  targetEnvironment: ${{ iif(parameters.deployToProd, 'production', 'staging') }}

stages:
- stage: Build
  jobs:
  - job: BuildApp
    pool:
      vmImage: 'ubuntu-24.04'  # New image
    steps:
    - script: npm run build

- stage: Test
  dependsOn: Build
  jobs:
  - job: RunTests
    pool:
      vmImage: 'ubuntu-24.04'
    steps:
    - script: npm test

- stage: Deploy_USEast
  dependsOn: Test
  condition: succeeded()
  variables:
    region: 'eastus'
  jobs:
  - deployment: DeployToUSEast
    environment: ${{ variables.targetEnvironment }}
    pool:
      vmImage: 'ubuntu-24.04'
    strategy:
      runOnce:
        deploy:
          steps:
          - script: |
              echo "Deploying to $(region)"
              echo "Requested by: $(Build.StageRequestedBy)"

- stage: Deploy_EUWest
  dependsOn: Test  # Parallel with Deploy_USEast
  condition: succeeded()
  variables:
    region: 'westeurope'
  jobs:
  - deployment: DeployToEUWest
    environment: ${{ variables.targetEnvironment }}
    pool:
      vmImage: 'ubuntu-24.04'
    strategy:
      runOnce:
        deploy:
          steps:
          - script: |
              echo "Deploying to $(region)"
              echo "Requested by: $(Build.StageRequestedBy)"

# Stage dependencies visualized clearly in UI (Sprint 254)

Continuous Access Evaluation (Sprint 260 - August 2025)

Enhanced Security with CAE

Azure DevOps now supports Continuous Access Evaluation (CAE), enabling near real-time enforcement of Conditional Access policies through Microsoft Entra ID.

Key Benefits:

• Instant access revocation on critical events
• No waiting for token expiration
• Enhanced security posture

Triggers for Access Revocation:

• User account disabled
• Password reset
• Location or IP address changes
• Risk detection events
• Policy violations

Example Scenario:

# Your pipeline with CAE enabled automatically
stages:
  - stage: Production
    jobs:
      - deployment: Deploy
        environment: 'production'
        pool:
          vmImage: 'ubuntu-24.04'
        strategy:
          runOnce:
            deploy:
              steps:
                - script: echo "Deploying..."
                  # If user credentials are revoked mid-deployment,
                  # CAE will instantly terminate access

Implementation:

• General availability: August 2025
• Phased rollout to all customers
• No configuration required (automatic for all Azure DevOps orgs)
• Works with Microsoft Entra ID Conditional Access policies

Security Improvements:

• Immediate response to security events
• Reduces attack window from hours/days to seconds
• Complements existing security features (Key Vault, branch policies, etc.)

OAuth Apps Deprecation (April 2025)

Important Change:

• Azure DevOps no longer supports new registrations of Azure DevOps OAuth apps (effective April 2025)
• First step towards retiring the Azure DevOps OAuth platform
• Existing OAuth apps continue to work
• Plan migration to Microsoft Entra ID authentication

Migration Recommendations:

# Use service connections with Microsoft Entra ID instead
- task: AzureCLI@2
  inputs:
    azureSubscription: 'service-connection'  # Uses Managed Identity or Service Principal
    scriptType: 'bash'
    scriptLocation: 'inlineScript'
    addSpnToEnvironment: true
    inlineScript: |
      az account show

SNI Requirement (April 2025)

Network Requirement:

• Server Name Indication (SNI) required on all incoming HTTPS connections
• Effective: April 23, 2025
• Affects all Azure DevOps Services connections

What to Check:

• Ensure clients support SNI (most modern clients do)
• Update legacy tools/scripts if needed
• Test connectivity before April 23, 2025

OAuth Apps Deprecation (Sprint 261 - September 2025)

Critical Security Change:

Azure DevOps is enforcing one-time visibility for OAuth client secrets:

• Newly generated client secrets displayed only once at creation
• Get Registration Secret API will be retired
• Change effective: September 2, 2025
• No new OAuth app registrations allowed

Migration Path:

# Replace OAuth apps with Microsoft Entra ID authentication
# Use service connections with Managed Identity or Service Principal
- task: AzureCLI@2
  inputs:
    azureSubscription: 'entra-id-service-connection'
    scriptType: 'bash'
    addSpnToEnvironment: true
    inlineScript: |
      az account show
      # Authenticated via Entra ID

Action Required:

• Audit existing OAuth apps
• Plan migration to Entra ID authentication
• Update CI/CD pipelines to use service connections
• Document secret rotation procedures

Agent Software Version 4 (October 2024 - Current)

Major Upgrade:

The Azure Pipelines agent has been upgraded from v3.x to v4.x, powered by .NET 8:

Key Improvements:

• Built on .NET 8 for better performance and security
• Extended platform support including ARM64
• Improved reliability and diagnostics
• Better resource management

Platform Support:

• Linux: Debian 11 & 12, Ubuntu 24.04, 22.04, 20.04 (ARM64 supported)
• macOS: Intel and Apple Silicon (ARM64 supported)
• Windows: Windows Server 2019, 2022, 2025

ARM64 Support:

# Self-hosted ARM64 agent
pool:
  name: 'arm64-pool'
  demands:
    - agent.os -equals Linux
    - Agent.OSArchitecture -equals ARM64

steps:
  - script: uname -m
    displayName: 'Verify ARM64 architecture'

Note: ARM64 support is available for self-hosted agents. Microsoft-hosted ARM64 macOS agents are in preview.

Sprint 262 - GitHub Copilot Integration (2025)

AI-Powered Work Item Assistance (Private Preview):

Connect Azure Boards work items directly with GitHub Copilot:

Capabilities:

• Send work items to Copilot coding agent
• AI-assisted bug fixes
• Automated feature implementation
• Test coverage improvements
• Documentation updates
• Technical debt reduction

Usage Pattern:

1. Create work item in Azure Boards
2. Add detailed requirements in description
3. Send to GitHub Copilot
4. Copilot generates code changes
5. Review and merge via standard PR process

Integration with Pipelines:

# Work items auto-link with PRs
trigger:
  branches:
    include:
    - feature/*

# Mention work item in commit
# Example: "Fix login bug AB#12345"
# Automatically links PR to work item and tracks in build

Resources

• Azure DevOps Sprint 262 Update
• Azure DevOps Sprint 261 Update
• Azure DevOps Sprint 260 Update
• Azure DevOps Sprint 254 Update
• Agent Software Version 4
• Expression Functions Documentation
• Hosted Agent Images
• Continuous Access Evaluation Documentation