Azure-docs: Source control sync depends on person?

@omerzubair Thanks for the comment. We are actively investigating on the issue and will get back to you shortly with an update.

@omerzubair Once the user is removed from Azure AD, the PATs and FedAuth tokens are invalidated within an hour, since the refresh token is valid only for one hour. So I believe ideally sync stops after that period of time. And same should apply to Portal way of access as well.

Regarding connecting source control with Azure Ad App creds, I don't think it's currently supported. If interested, you may share it as feature request / suggestion for product improvement in UserVoice / feedback forum here.

@bobbytreed FYI. Please provide your thoughts or better insights (if any).

Hi @bobbytreed & @KrishnaG-MSFT ,

So if Managed Identity/Service principle is not avail to be assigned to a DevOps Repository (as Reader) then only method left is to use old method of :

1. Creating a service account on-prem
2. Assigning the service account as a reader access to DevOps project
3. Login browser as a service account
4. Generating Personal Access Token (PAT) for the service account.
5. Store the PAT in Azure KeyVault
6. Use that PAT in the Automation Account Runbook to get the latest ARM template from DevOps Repository.

The above method will increase reliance on the on-prem world.

Hi Guys,
added the suggestion as well.
https://feedback.azure.com/forums/246290-automation/suggestions/38653999-setup-devops-sourcecontrol-sync-as-a-azureadapp-se

@omerzubair Thanks for sharing the UserVoice suggestion link here. It would help others who are looking for an update on the same.

At this point it appears that there's no edits or updates needed for the referred Azure documentation in this azure-docs repo GitHub issue so closing this issue for now. If there are further questions regarding this matter or feedback on the documentation, please do let us know and we will gladly continue the discussion.