A common challenge for developers is the management of secrets, credentials, certificates, and keys used to secure communication between services. Managed identities eliminate the need for developers to manage these credentials. And to avoid creating dedicated service account for authentication in Azure DevOps or LCS is not a good partice since it is difficult to update and maintain the password change and block login when a service account is compromised. And if you read the https://learn.microsoft.com/en-us/microsoft-365/troubleshoot/sign-In/determine-account-is-compromised article for service account that are used to authenticate in Azure DevOps for example support and also if a partner want to support the scenario you have the issue that you can face and is very common nowadays. double multi-factor authentication. see chapter below And you have to execute the account which is a risk.

Possible double multi-factor authentication

With Azure AD B2B, you can enforce multi-factor authentication at the resource organization (the inviting organization). The reasons for this approach are detailed in Conditional Access for B2B collaboration users. If a partner already has multi-factor authentication set up and enforced, their users might have to perform the authentication once in their home organization and then again in yours.

found on


hope more people that are looking for a higher level of security and functionality of the Microsoft Dynamics 365 Finance and Operations stack, Azure DevOps and Life Cycle Service in all the Geo's

Thanks in advance for putting this on the roadmap

Category: Development