How to regenerate DevOps Personal Access Token (PAT)

  • Last update on July 6th, 2026

Configuration Manager uses an Azure DevOps Personal Access Token (PAT) to authenticate with the organization’s Azure DevOps resources. If the token expires or is revoked, sync and pipeline operations can fail. This article explains how to identify when the token requires attention and how to regenerate it from the app.


DevOps token expiration warning

If DevOps access is scheduled to be revoked within the next 2 months, an orange banner appears at the top of the app.

This banner is an early warning that allows the token to be renewed before pipelines or sync jobs start failing.


Regenerate the DevOps token

Regenerating the DevOps token in the Configuration Manager app requires permission to edit projects in Azure DevOps. Otherwise, the operation fails.

 

Follow these steps in the app:

  1. Locate the banner at the top of the screen. It appears when DevOps access will be revoked within 2 months.
  2. Click the “Settings” icon on the banner. This opens “Organization settings”.
  3. Click “Regenerate DevOps token”.
  4. Wait for the regeneration to complete successfully. The banner is then removed automatically.

No further action is required in the app after the banner disappears.

Organization settings > Regenerate DevOps token

Error shown in the app

If the DevOps token has already expired, a red banner appears in the app with the following error:

Siemon-Onboarding-E2E: DevOps token has been revoked. Regenerate it now.

What this means: the DevOps PAT used by the organization is no longer valid.

What to do:

  1. Go to “Organization settings” using the “Settings” icon in the red banner or, alternatively, open “Organization settings” from the profile dropdown menu.
  2. Click “Regenerate DevOps token”.
  3. Retry the operation that failed.

Error shown in Azure DevOps

If a pipeline fails while trying to access a private Azure Artifacts feed or another Azure DevOps resource, review the pipeline logs.

A common sign that the DevOps token has already expired is a 401 (Unauthorized) error, for example:

Unable to load the service index for source https://pkgs.dev.azure.com/.../nuget/v3/index.json.
Response status code does not indicate success: 401 (Unauthorized).

What this means: the DevOps PAT used by the organization is no longer valid.

What to do:

  1. Open the Configuration Manager app.
  2. Go to “Organization settings” using the banner “Settings” icon or, if the banner is no longer displayed, open “Organization settings” from the profile dropdown menu.
  3. Click “Regenerate DevOps token”.
  4. Run the failed Azure DevOps pipeline again after the token has been regenerated.

Further troubleshooting

If the token is regenerated but the banner remains, or if 401 (Unauthorized) errors continue to appear in Azure DevOps, contact Support.