Azure DevOps Connector
Connect Azure DevOps so the agent can search your code, create work items, and index your wiki as a knowledge source.
- Two connector types: ADO OAuth for live code and work items, Documentation connector for wiki knowledge
- OAuth supports User Account (Azure AD) and Managed Identity authentication
- A single connector covers your entire ADO organization — all projects and repos
- Wiki content is indexed for semantic search and auto-syncs every 24 hours
Two connector types
Azure DevOps has two connector types because they serve different purposes:
| Connector | What it does | Auth options |
|---|---|---|
| ADO OAuth | Live source code access, work items, pipelines, semantic code search | User Account (OAuth) or Managed Identity |
| Documentation connector | Indexes wiki pages and docs into a searchable knowledge base | Managed Identity or PAT |
You can use both together — the OAuth connector for live code investigations, and the documentation connector for wiki-based knowledge.
ADO OAuth connector
Auth types
| Method | How it works | Best for |
|---|---|---|
| User Account | Sign in with your Azure AD account. The agent accesses ADO through your permissions. Tokens refresh automatically. | Interactive setup — recommended for most users |
| Managed Identity | Use the agent's managed identity to authenticate. Supports Federated Identity Credentials (FIC) for cross-tenant. | Automated setup, service accounts, cross-tenant access |
ADO OAuth tokens expire after ~1 hour, but the agent refreshes them automatically before expiration using a 20-minute buffer. Each refresh generates a new refresh token, creating a self-sustaining renewal chain. Your connector stays connected through multi-hour investigations — no manual re-authentication required.
When you'll need to re-authenticate: if the refresh token expires (lifetime varies by Azure AD policy), if an admin revokes the app authorization, or if your connector was set up before version 26.2.247.0 (one re-auth enables auto-refresh going forward).
What the agent can do
Source code analysis:
- Search code across all repos in your organization using ADO Search API
- Read file contents by path and branch
- Correlate Azure resource errors with source code locations (with confidence scoring)
- Semantic code search — find code related to an incident using natural language
Work item management:
- Create work items (Task, Bug, Epic, Feature) with area path, iteration, priority, and severity
- Link work items to Azure resources for traceability
Repository mapping:
- Find and link ADO repos to Azure resources
- Identify IaC files (Bicep, Terraform, ARM templates) in linked repos
Create pull requests (preview):
Your agent can create pull requests in your ADO repos directly from chat. During an investigation, the agent identifies a fix and opens a PR — no tab switching required.
- Auto-detects Azure DevOps from the repository URL (
dev.azure.com/...or*.visualstudio.com/...) - Uses your existing OAuth, PAT, or managed identity credentials — no re-authentication
- Returns a clickable link to the created PR in the chat
- Requires Review or Autonomous run mode — blocked in ReadOnly mode
Example prompt: "Open a pull request in https://dev.azure.com/contoso/myproject/_git/myrepo from feature/fix to main titled 'Update retry logic'"
Documentation connector (Wiki knowledge)
Index your ADO wiki pages so the agent can search them during investigations. When the agent encounters an issue, it searches your indexed wiki for relevant troubleshooting guides, architecture docs, and runbooks.
How it works
- Crawls all pages from your specified ADO wiki URL (or a specific sub-section)
- Chunks and embeds document content into a vector search index
- Semantic search — during investigations, the agent finds relevant passages and cites the original wiki page
- Auto-syncs every 24 hours to pick up wiki updates
Supported content
- Wiki pages (ADO Wiki format)
- Git repository files — 15 supported formats:
.md,.txt,.rst,.adoc,.asciidoc,.wiki,.textile,.org,.htm,.html,.json,.yaml,.yml,.xml,.csv - Scoped indexing — point to a sub-page to index only a specific section of your wiki
Manage authentication (preview)
View, edit, or disconnect your Azure DevOps credentials without removing repositories. Go to Builder → Knowledge Sources and click the Repository Auth card.
Each connected ADO organization appears as a separate card showing:
| Action | What happens |
|---|---|
| View status | See the auth method (OAuth, PAT, or Managed Identity) and token expiration per organization |
| Edit | Switch auth methods or paste a new PAT — existing repositories stay connected |
| Disconnect | Remove credentials for an organization without deleting repositories — reconnect later to restore access |
This means you can rotate credentials or switch from PAT to Managed Identity without re-adding repositories.
Get started
| Resource | What you'll learn |
|---|---|
| Connect Source Code → | Step-by-step guide for connecting GitHub and ADO repositories |
| Set up ADO Connector → | Detailed ADO connector tutorial |
Related capabilities
| Capability | What it adds |
|---|---|
| Root Cause Analysis → | How source code context improves investigation accuracy |
| Memory → | How indexed knowledge integrates with the agent's persistent memory |
| Upload Knowledge → | Upload documents directly instead of connecting a wiki |