Update Azure DevOps Oauth configuration instructions (#3036)

* Update Azure DevOps Oauth configuration instructions

* Update modules/administration-guide/partials/proc_setting-up-the-microsoft-azure-devops-services-oauth-app.adoc

Co-authored-by: Gaurav Trivedi <90042568+gtrivedi88@users.noreply.github.com>

* Update modules/administration-guide/partials/proc_setting-up-the-microsoft-azure-devops-services-oauth-app.adoc

Co-authored-by: Gaurav Trivedi <90042568+gtrivedi88@users.noreply.github.com>

* Update modules/administration-guide/partials/proc_applying-the-microsoft-azure-devops-services-oauth-app-secret.adoc

Co-authored-by: Gaurav Trivedi <90042568+gtrivedi88@users.noreply.github.com>

* Update modules/administration-guide/partials/proc_applying-the-microsoft-azure-devops-services-oauth-app-secret.adoc

Co-authored-by: Gaurav Trivedi <90042568+gtrivedi88@users.noreply.github.com>

* fixup! Update modules/administration-guide/partials/proc_applying-the-microsoft-azure-devops-services-oauth-app-secret.adoc

---------

Co-authored-by: Gaurav Trivedi <90042568+gtrivedi88@users.noreply.github.com>

Author: vinokurig

modules/administration-guide/pages/configuring-oauth-2-for-microsoft-azure-devops-services.adoc

@@ -13,13 +13,13 @@ To enable users to work with a remote Git repository that is hosted on Microsoft
 
 pass:[<!-- vale RedHat.Spelling = YES -->]
 
-. Set up the Microsoft Azure DevOps Services OAuth App (OAuth 2.0).
-. Apply the Microsoft Azure DevOps Services OAuth App Secret.
+. Set up an application in Microsoft Entra ID.
+. Apply the Microsoft Entra ID App Secret.
 
-[IMPORTANT]
-OAuth 2.0 isn't supported on Azure DevOps Server, see link:https://learn.microsoft.com/en-us/azure/devops/integrate/get-started/authentication/oauth?view=azure-devops[the documentation page].
-[IMPORTANT]
-Azure DevOps OAuth 2.0 is deprecated and no longer accepts new registrations, with full deprecation planned for 2026. See link:https://learn.microsoft.com/en-us/azure/devops/integrate/get-started/authentication/oauth?view=azure-devops[the documentation page].
+[NOTE]
+====
+Microsoft Entra ID replaces the deprecated Azure DevOps OAuth 2.0 application, which no longer accepts new registrations. If you have an existing Azure DevOps OAuth app, migrate to Microsoft Entra ID.
+====
 
 include::partial$proc_setting-up-the-microsoft-azure-devops-services-oauth-app.adoc[leveloffset=+1]
 

modules/administration-guide/partials/proc_applying-the-microsoft-azure-devops-services-oauth-app-secret.adoc

@@ -1,20 +1,21 @@
 :_content-type: PROCEDURE
-:description: Applying the Microsoft Azure DevOps Services OAuth App Secret
-:keywords: microsoft-azure-devops-services-oauth-app, apply, secret
-:navtitle: Applying the Microsoft Azure DevOps Services OAuth App Secret
+:description: Applying the Microsoft Entra ID OAuth App Secret
+:keywords: microsoft-azure-devops-entra-id-oauth-app, apply, secret
+:navtitle: Applying the Microsoft Entra ID OAuth App Secret
 // :page-aliases:
 
-[id="applying-the-microsoft-azure-devops-services-oauth-app-secret"]
-= Applying the Microsoft Azure DevOps Services OAuth App Secret
+[id="applying-the-microsoft-entra-id-oauth-app-secret"]
+= Applying the Microsoft Entra ID OAuth App Secret
 
-Prepare and apply the Microsoft Azure DevOps Services Secret.
+Prepare and apply the Secret that enables {prod-short} to authenticate with Microsoft Entra ID for Azure DevOps repository access.
 
 .Prerequisites
 
-* Setting up the Microsoft Azure DevOps Services OAuth App is completed.
+* You have set up the Microsoft Entra ID OAuth App.
 
-* The following values, which were generated when setting up the Microsoft Azure DevOps Services OAuth App, are prepared:
-** *App ID*
+* The following values, which were generated when setting up the Microsoft Entra ID OAuth App, are prepared:
+** *Application (client) ID*
+** *Directory (tenant) ID*
 ** *Client Secret*
 
 * An active `{orch-cli}` session with administrative permissions to the destination {orch-name} cluster. See {orch-cli-link}.
@@ -37,12 +38,14 @@ metadata:
     che.eclipse.org/oauth-scm-server: azure-devops
 type: Opaque
 stringData:
-  id: __<Microsoft_Azure_DevOps_Services_OAuth_App_ID>__# <2>
-  secret: __<Microsoft_Azure_DevOps_Services_OAuth_Client_Secret>__# <3>
+  tenant-id: __<Microsoft_Entra_ID_Tenant_ID>__# <2>
+  id: __<Microsoft_Entra_ID_App_ID>__# <3>
+  secret: __<Microsoft_Entra_ID_Client_Secret>__# <4>
 ----
 <1> The {prod-short} namespace. The default is `{prod-namespace}`.
-<2> The Microsoft Azure DevOps Services OAuth *App ID*.
-<3> The Microsoft Azure DevOps Services OAuth *Client Secret*.
+<2> The Microsoft Entra ID *Directory (tenant) ID*.
+<3> The Microsoft Entra ID *Application (client) ID*.
+<4> The Microsoft Entra ID *Client Secret*.
 
 . Apply the Secret:
 +

modules/administration-guide/partials/proc_setting-up-the-microsoft-azure-devops-services-oauth-app.adoc

@@ -1,15 +1,15 @@
 :_content-type: PROCEDURE
-:description: Setting up the Microsoft Azure DevOps Services OAuth App
+:description: Setting up the Microsoft Entra ID OAuth App
 :keywords: azure, devops, oauth
-:navtitle: Setting up the Microsoft Azure DevOps Services OAuth App
+:navtitle: Setting up the Microsoft Entra ID OAuth App
 // :page-aliases:
 
 pass:[<!-- vale RedHat.TermsWarnings = NO -->]
 
-[id="setting-up-the-microsoft-azure-devops-services-oauth-app"]
-= Setting up the Microsoft Azure DevOps Services OAuth App
+[id="setting-up-the-microsoft-entra-id-oauth-app"]
+= Setting up the Microsoft Entra ID OAuth App
 
-Set up a Microsoft Azure DevOps Services OAuth App using OAuth 2.0.
+Set up a Microsoft Entra ID OAuth App to enable {prod-short} users to interact with Azure DevOps Git repositories without re-entering credentials.
 
 .Prerequisites
 
@@ -23,24 +23,11 @@ Set up a Microsoft Azure DevOps Services OAuth App using OAuth 2.0.
 
 .Procedure
 
-. Visit link:https://app.vsaex.visualstudio.com/app/register/[].
-
-. Enter the following values:
-
-.. *Company name*: `{prod-short}`
-.. *Application name*: `{prod-short}`
-.. *Application website*: `pass:c,a,q[{prod-url}]/`
-.. *Authorization callback URL*: `pass:c,a,q[{prod-url}]/api/oauth/callback`
-
-. In *Select Authorized scopes*, select *Code (read and write)*.
-
-. Click *Create application*.
-
-. Copy and save the *App ID* for use when applying the Microsoft Azure DevOps Services OAuth App Secret.
-
-. Click *Show* to display the *Client Secret*.
-
-. Copy and save the *Client Secret* for use when applying the Microsoft Azure DevOps Services OAuth App Secret.
+. Register an application in Microsoft Entra ID. See link:https://learn.microsoft.com/en-us/entra/identity-platform/quickstart-register-app[Register an application].
+. Add the *Authorization callback URL* `pass:c,a,q[{prod-url}]/api/oauth/callback` to your application. See link:https://learn.microsoft.com/en-us/entra/identity-platform/how-to-add-redirect-uri[Add a redirect URI].
+. Add a client secret to your application. See link:https://learn.microsoft.com/en-us/entra/identity-platform/how-to-add-credentials?tabs=client-secret[Add credentials].
+. Add the Azure DevOps `vso.code_write` permission to the client application. See link:https://learn.microsoft.com/en-us/entra/identity-platform/quickstart-configure-app-access-web-apis#add-permissions-to-access-your-web-api[Add permissions to access your web API].
+. Connect your Azure DevOps organization to Microsoft Entra ID. See link:https://learn.microsoft.com/en-us/azure/devops/organizations/accounts/connect-organization-to-azure-ad?view=azure-devops#connect-your-organization-to-microsoft-entra-id-1[Connect your organization to Microsoft Entra ID].
 
 pass:[<!-- vale RedHat.TermsWarnings = YES -->]