Merge pull request #9097 from MicrosoftDocs/main

Auto Publish – main to live - 2026-04-03 13:00 UTC

Author: learn-build-service-prod[bot]

docs/boards/backlogs/manage-bugs.md

@@ -3,12 +3,12 @@ ms.service: azure-devops-boards
 ms.author: chcomley
 author: chcomley
 ms.topic: include
-ms.date: 07/29/2025
+ms.date: 04/02/2026
 ---
 
 ::: moniker range="<=azure-devops"
 
 > [!NOTE]  
-> Bug work item types aren't available with the Basic process. The Basic process tracks bugs as Issues and is available when you create a new project from Azure DevOps Services or Azure DevOps Server 2020 or later versions.
+> The Basic process doesn't include a Bug work item type. Instead, it tracks bugs as Issues.
 
 ::: moniker-end

docs/boards/includes/basic-process-bug-note.md

@@ -1,23 +1,23 @@
 ---
-title: Building Azure DevOps integrations with Microsoft Entra OAuth apps
-description: Use Microsoft Entra authentication to integrate with Azure DevOps Services.
-ms.assetid: 19285121-1805-4421-B7C4-63784C9A7CFA
+title: Build Azure DevOps integrations with Microsoft Entra OAuth apps
+description: "Microsoft Entra OAuth apps: Discover how to build secure Azure DevOps integrations using delegated authentication and enhance your development process."
 ms.subservice: azure-devops-security
-ms.custom: pat-reduction
+ms.custom: pat-reduction, UpdateFrequency3
 ms.topic: overview
 monikerRange: 'azure-devops'
 ms.author: chcomley
+ms.reviewer: chcomley
 author: chcomley
-ms.date: 01/08/2025
+ms.date: 04/02/2026
 ---
 
 # Build Azure DevOps integrations with Microsoft Entra OAuth apps
 
 [!INCLUDE [version-eq-azure-devops](../../../includes/version-eq-azure-devops.md)]
 
-The Microsoft identity platform offers many ways to authenticate users via [the OAuth 2.0 protocol](/entra/identity-platform/v2-protocols). In these docs, we use OAuth tokens to colloquially refer to [on-behalf-of user flows](/entra/identity-platform/v2-oauth2-on-behalf-of-flow), also known as [delegated flows](/entra/identity-platform/delegated-access-primer), for apps that request tokens to perform actions for their users. 
+The Microsoft identity platform offers many ways to authenticate users via [the OAuth 2.0 protocol](/entra/identity-platform/v2-protocols). In this article, *OAuth tokens* refers to [on-behalf-of user flows](/entra/identity-platform/v2-oauth2-on-behalf-of-flow), also known as [delegated flows](/entra/identity-platform/delegated-access-primer), where apps request tokens to perform actions for their users. 
 
-This differs from apps that perform actions on-behalf-of themselves. For that, you would use [service principals and managed identities](service-principal-managed-identity.md).
+This approach differs from apps that perform actions on-behalf-of themselves. For that approach, use [service principals and managed identities](service-principal-managed-identity.md).
 
 ## Resources for developers
 
@@ -34,13 +34,13 @@ This differs from apps that perform actions on-behalf-of themselves. For that, y
 * [Add an enterprise application](/entra/identity/enterprise-apps/add-application-portal)
 * [Explore the consent experience for applications in Microsoft Entra ID](/entra/identity-platform/application-consent-experience)
 
-## Tips for building & migrating
+## Tips for building and migrating
 
-* Microsoft Entra apps don't natively support Microsoft account (MSA) users for the Azure DevOps resource. If you're building an app that must cater to MSA users or support both Microsoft Entra and MSA users, [Azure DevOps OAuth apps](azure-devops-oauth.md) remain your best option. We're currently working on native support for MSA users through Microsoft Entra OAuth.
+* Microsoft Entra apps don't natively support Microsoft account (MSA) users for the Azure DevOps resource. If you're building an app that must cater to MSA users or support both Microsoft Entra and MSA users, [Azure DevOps OAuth apps](azure-devops-oauth.md) remain your best option. Microsoft is currently working on native support for MSA users through Microsoft Entra OAuth.
 * Azure DevOps' resource identifier: `499b84ac-1321-427f-aa17-267ca6975798`
 * Azure DevOps' resource URI: `https://app.vssps.visualstudio.com`
 * Use the `.default` scope when requesting a token with all scopes that the app is permissioned for.
-* In a previous Azure DevOps OAuth app, you might have use Azure DevOps user identifiers that don't exist in Microsoft Entra. When migrating to Microsoft Entra, use the [ReadIdentities API](/rest/api/azure/devops/ims/identities/read-identities) to resolve and match the different identities used by each identity provider.
+* In a previous Azure DevOps OAuth app, you might have used Azure DevOps user identifiers that don't exist in Microsoft Entra. When migrating to Microsoft Entra, use the [ReadIdentities API](/rest/api/azure/devops/ims/identities/read-identities) to resolve and match the different identities used by each identity provider.
 
 ## Related content
 

docs/integrate/get-started/authentication/entra-oauth.md

@@ -1,89 +1,90 @@
 ---
 title: Assign an owner to an orphaned organization
 titleSuffix: Azure DevOps Services
-description: Learn how to assign a new owner to an organization when the current owner's inactive.
+description: Assign an owner to an orphaned organization in Azure DevOps. Learn step-by-step how to restore access and resolve inactive administrator issues. Start now.
 ms.subservice: azure-devops-organizations
-ms.assetid: b81adafa-adac-4e80-baa6-140fb58fbeff
 ms.topic: how-to
 ms.author: chcomley
+ms.reviewer: chcomley
 author: chcomley
 ai-usage: ai-assisted
-ms.date: 03/02/2026
+ms.date: 04/02/2026
 monikerRange: 'azure-devops'
-ms.custom: copilot-scenario-highlight
+ms.custom: copilot-scenario-highlight, UpdateFrequency3
 ---
 
 # Assign an owner to an orphaned organization
 
 [!INCLUDE [version-eq-azure-devops](../../includes/version-eq-azure-devops.md)]
 
-When the organization owner and all project collection administrators are inactive, the organization is considered orphaned. An orphaned organization doesn't have an administrator, so there's no way to transfer administrator rights to another user.
-
-[!INCLUDE [ai-assistance-mcp-server-tip](../../includes/ai-assistance-mcp-server-tip.md)]
-
-
-But, organizations connected to Microsoft Entra ID can transfer ownership to an active user.
+An organization becomes *orphaned* when the organization owner and all Project Collection Administrators are inactive. Because no active administrator exists, you can't transfer ownership through the normal process. However, if the organization is connected to Microsoft Entra ID, an Azure DevOps Administrator in Microsoft Entra ID can claim ownership and assign it to an active user.
 
 > [!NOTE]
-> If your organization isn't considered orphaned and you want to change the owner, see [Change organization owner](change-organization-ownership.md).
+> If your organization isn't orphaned and you want to change the owner, see [Change organization owner](change-organization-ownership.md).
+
+[!INCLUDE [ai-assistance-mcp-server-tip](../../includes/ai-assistance-mcp-server-tip.md)]
 
 ## Prerequisites
 
 | Category | Requirements |
 |--------------|-------------|
 |**Permissions**|[Azure DevOps Administrator in Microsoft Entra ID](../security/look-up-azure-devops-administrator.md). If using [Privileged Identity Management](/azure/active-directory/privileged-identity-management/pim-configure?msclkid=303229fdc6c111ecaf0f666b2dd9cd6f), the Azure DevOps Administrator should be of type [Active](/azure/active-directory/privileged-identity-management/pim-how-to-add-role-to-user?msclkid=5cdc55f5c6c011eca737e344cbe17b42).|
 
-> [!NOTE]
-> Claim ownership of organizations only when the current owner and all members of the Project Collection Administrators group are inactive in the backing Microsoft Entra ID. Azure DevOps and Microsoft Entra ID define inactive user accounts the same way. For more information, see [What are inactive user accounts?](/azure/active-directory/reports-monitoring/howto-manage-inactive-user-accounts).
+> [!IMPORTANT]
+> Only claim ownership when the current owner *and* all members of the Project Collection Administrators group are inactive in Microsoft Entra ID. For the definition of inactive, see [What are inactive user accounts?](/azure/active-directory/reports-monitoring/howto-manage-inactive-user-accounts).
 
 ### Find your Azure DevOps Administrator
 
-The Azure DevOps Administrator can [change the Azure DevOps owner](change-organization-ownership.md) to claim ownership of the target Azure DevOps organization. 
+If you don't know who has the Azure DevOps Administrator role in your Microsoft Entra tenant, see [Look up the Azure DevOps Administrator](../security/look-up-azure-devops-administrator.md).
 
 > [!NOTE]
-> Any changes to role membership might take up to an hour to propagate to Azure DevOps.  
+> Changes to role membership might take up to an hour to propagate to Azure DevOps.  
 
 ## When your Azure DevOps Administrator is a member of the target organization
 
-When your Azure DevOps Administrator in Microsoft Entra ID *is* a member of the target Azure DevOps organization, do the following steps.
+Complete the following steps when the Azure DevOps Administrator *is* a member of the target organization.
 
-1. As the Azure DevOps Administrator, sign in to your organization (```https://dev.azure.com/{yourorganization}```).
+1. Sign in to your organization (`https://dev.azure.com/{yourorganization}`) by using the Azure DevOps Administrator account.
 
-2. Select **Organization settings** > **Overview**.
+1. Select **Organization settings** > **Overview**.
 
-3. In the warning message, select **Change owner**.
+1. In the warning message, select **Change owner**.
 
     ![Screenshot of warning, PCA and Owner inactive in Microsoft Entra ID.](media/change-organization-ownership/warning-message-change-owner.png)
 
-4. Select a user from the dropdown menu, or search for a user by entering the user's name, provide a short justification, and then select **Change**.
+1. Select a user from the dropdown menu or search by name.
+
+1. Enter a short justification, and then select **Change**.
 
     ![Screenshot of button highlighted by red box, Change owner.](media/change-organization-ownership/change-organization-owner.png)
 
-A notification of the ownership transfer with your provided justification gets sent to all Azure DevOps Administrators in your Microsoft Entra ID.
+   The ownership transfer notification with your justification is sent to all Azure DevOps Administrators in your Microsoft Entra tenant.
 
 ## When your Azure DevOps Administrator isn't a member of the target organization
 
-When your Azure DevOps Administrator in Microsoft Entra ID *isn't* a member of the target Azure DevOps organization, do the following steps:
+Complete the following steps when the Azure DevOps Administrator *isn't* a member of the target organization.
 
-1. Sign in to your organization (```https://dev.azure.com/{yourorganization}```) using the credentials granted to the Azure DevOps Administrator role in Microsoft Entra ID.
+1. Sign in to your organization (`https://dev.azure.com/{yourorganization}`) by using the Azure DevOps Administrator account.
 
-    An error page appears where you can claim ownership.
+    An error page appears because the account isn't a member of the organization.
 
     ![Screenshot of 401 message: Microsoft Entra Administrator not member of organization.](media/change-organization-ownership/error-message-administrator-not-member-of-organization.png)
 
-2. Select **Claim Ownership**, provide a short justification, and then select **Claim Ownership** once again. 
-   
-    A notification of the ownership transfer with your provided justification gets sent to all Azure DevOps Administrators in your Microsoft Entra ID.
+1. Select **Claim Ownership**.
+
+1. Enter a short justification, and then select **Claim Ownership** again.
 
    ![Screenshot showing empty box, where you enter justification and claim ownership of the organization.](media/change-organization-ownership/claim-ownership.png)
 
-   You're redirected to the organization overview page. To transfer ownership to another user, see [Change organization owner](change-organization-ownership.md).
+   A notification of the ownership transfer with your justification is sent to all Azure DevOps Administrators in your Microsoft Entra tenant. You're redirected to the organization overview page.
+
+1. To transfer ownership to another user, see [Change organization owner](change-organization-ownership.md).
 
 <a id="use-ai-assistance"></a>
 
 ## Use AI to resolve orphaned organizations
 
-If you have the [Azure DevOps MCP Server](../../mcp-server/mcp-server-overview.md) configured, you can use AI assistants to investigate orphaned organizations and gather ownership details using natural language prompts. The MCP Server provides your AI assistant with secure access to your Azure DevOps data, allowing you to check organization ownership, list administrators, and verify Microsoft Entra connections without navigating through the web interface.
+If you have the [Azure DevOps MCP Server](../../mcp-server/mcp-server-overview.md) configured, you can use AI assistants to investigate orphaned organizations and gather ownership details using natural language prompts. The MCP Server provides your AI assistant with secure access to your Azure DevOps data, so you can check organization ownership, list administrators, and verify Microsoft Entra connections without navigating through the web interface.
 
 ### Example prompts for resolving orphaned organizations