Azure DevOps Graph connector (preview)

The Azure DevOps Graph connector allows your organization to index work items in its instance of the Azure DevOps service. After you configure the connector and index content from Azure DevOps, end users can search for those items in Microsoft Search.


Read the Setup for your Graph connector article to understand the general Graph connectors setup instructions.

This article is for anyone who configures, runs, and monitors an Azure DevOps Graph connector. It supplements the general setup process, and shows instructions that apply only for the Azure DevOps Graph connector.


The Azure DevOps connector supports only the Azure DevOps cloud service. Azure DevOps Server 2019, TFS 2018, TFS 2017, TFS 2015, and TFS 2013 are not supported by this connector.

Step 1: Add a Graph connector in the Microsoft 365 admin center

Follow the general setup instructions.

Step 2: Name the connection

Follow the general setup instructions.

Step 3: Configure the connection settings

To connect to your Azure DevOps instance, you need your Azure DevOps organization name, its App ID, and client secret for OAuth authentication.

Register an app

Register an app in Azure DevOps so that the Microsoft Search app can access the instance. To learn more, see Azure DevOps documentation on how to register an app.

The following table provides guidance on how to fill out the app registration form:

Mandatory Fields Description Recommended Value
Company Name The name of your company. Use an appropriate value
Application name A unique value that identifies the application that you're authorizing. Microsoft Search
Application website The URL of the application that will request access to your Azure DevOps instance during connector setup. (Required).
Authorization callback URL A required callback URL that the authorization server redirects to.
Authorized scopes The scope of access for the application Select the following scopes: Identity (read), Work Items (read), Variable Groups (read), Project and team (read), Graph (read), Analytics (read)


The authorized scopes that you select for the app should match the scopes exactly as listed above. If you omit one of the authorized scopes in the list, or add another scope, the authorization will fail.

On registering the app with the details above, you'll get the App ID and Client Secret that will be used to configure the connector.


To revoke access to any app registered in Azure DevOps, go to User settings at the right top of your Azure DevOps instance. Select Profile and then select Authorizations in the Security section of the side pane. Hover over an authorized OAuth app to see the Revoke button at the corner of the app details.

Connection settings

After registering the Microsoft Search app with Azure DevOps, you can complete the connection settings step. Enter your organization name, App ID, and Client secret.

Connection Application Settings.

Configure data: select projects and fields

You can choose for the connection to index either the entire organization or specific projects.

If you choose to index the entire organization, items in all projects in the organization will get indexed. New projects and items will be indexed during the next crawl after they're created.

If you choose individual projects, only work items in those projects will be indexed.

Configure data.

Next, select which fields you want the connection to index and preview data in these fields before proceeding.

Choose properties.

Step 4: Manage search permissions

The Azure DevOps connector supports search permissions visible to Only people with access to this data source or Everyone. If you choose Only people with access to this data source, indexed data will appear in the search results for users who have access to them based on permissions to users or groups at the Organization, Project or Area path level in Azure DevOps. If you choose Everyone, indexed data will appear in the search results for all users.

Step 5: Assign property labels

Follow the general setup instructions.

Step 6: Manage schema

Follow the general setup instructions.

Step 7: Choose refresh settings

The Azure DevOps connector supports refresh schedules for both full and incremental crawls. The recommended schedule is one hour for an incremental crawl and one day for a full crawl.

Step 8: Review connection

Follow the general setup instructions.


Default Result type

  • The Azure DevOps connector automatically registers a result type once the connector is published. The result type uses a dynamically generated result layout based on the fields selected in step 3.
  • You can manage the result type by navigating to Result types in the Microsoft 365 admin center. The default result type will be named as "ConnectionIdDefault". For example, if your connection id is AzureDevOps, your result layout will be named: "AzureDevOpsDefault"
  • Also, you can choose to create your own result type if needed.


The following is a common error observed while configuring the connector, and its possible reason.

Configuration step Error message Possible reason(s)
The account associated with the connector doesn't have permission to access the item. The registered app does not have any of the required OAuth scopes. (Note - A new OAuth scope requirement 'Analytics:read' was introduced on 8/31/2021)