There’s a new version and a new task for our release pipelines that use the Azure-hosted agents. These changes have been introduced recently to support the new MSAL authentication libraries for the LCS service connection used to upload and deploy the deployable packages.
The current service connections use Azure Active Directory (Azure AD) Authentication Library (ADAL), and support for ADAL will end in June 2022.
This means that if we don’t update the Asset Upload and Asset Deployment to their new versions (1.* and 2.* respectively) the release pipelines could stop working after 30th June 2022.
I’d like to thank Joris de Gruyter for the tip, otherwise I couldn’t have written this post 😛
New MSAL task
If you don’t add this task to your pipeline, you’ll get the error: [error]The specified module ‘MSAL.PS’ was not loaded because no valid module file was found in any module directory.
There’s also a new task to add the support for MSAL authentication. This task will install the MSAL PowerShell libraries in your Microsoft-hosted agent, and you need to add it before any other task authenticates. Like this:
The task has no parameters or options that need to be filled, just add it to your release pipeline, and you’re done.
If you’ve got a multi-stage release pipeline, you have to add this new task to each stage where there’s an authentication step. For example, if you have a first stage that uploads the DP to LCS, and then another one that deploys it and doesn’t have the task, it will fail. This is at least true in projects with additional agents, I need to try it with a single agent project.
New Asset Upload and Deploy versions
To support the new MSAL authentication, the dev tools team at Microsoft have published new versions of both tasks.
Asset Upload
If you change the version of the Asset Upload task from 0.* to 1.* you’ll see no changes. The fields in the task are the same, but it will use MSAL as the new authentication method.
But wait, just changing the version won’t be enough, you need to create a new service connection to LCS because the authentication endpoint has changed to https://login.microsoftonline.com/organizations. This endpoint will be the one used, from now on, in all versions, the old ones and the new.
Here you can see the old service connection endpoint:
And the new one:
Caution! If you’re using any of the LCS geos, like Europe, Norway, South Africa, etc. the endpoints need to reflect that as described in the table:
| Geography | Lifecycle Services portal | Lifecycle Services API endpoint | Environment URL |
|---|---|---|---|
| United States | https://lcs.dynamics.com/ | https://lcsapi.lcs.dynamics.com | https://NAME.operations.dynamics.com/ |
| Europe | https://eu.lcs.dynamics.com/ | https://lcsapi.eu.lcs.dynamics.com | https://NAME.operations.eu.dynamics.com/ |
| France | https://fr.lcs.dynamics.com/ | https://lcsapi.fr.lcs.dynamics.com | https://NAME.operations.fr.dynamics.com/ |
| Norway | https://no.lcs.dynamics.com/ | https://lcsapi.no.lcs.dynamics.com | https://NAME.operations.no.dynamics.com/ |
| South Africa | https://sa.lcs.dynamics.com/ | https://lcsapi.sa.lcs.dynamics.com | https://NAME.operations.sa.dynamics.com/ |
| Switzerland | https://ch.lcs.dynamics.com/ | https://lcsapi.ch.lcs.dynamics.com | https://NAME.operations.ch.dynamics.com/ |
| United Arab Emirates | https://uae.lcs.dynamics.com/ | https://lcsapi.uae.lcs.dynamics.com | https://NAME.operations.uae.dynamics.com/ |
Asset Deployment
In the Asset Deployment task we now see three versions: 0.* which was the original one, 1.* which is the one that enabled support for self-service environments, and 2.* which is the new task that supports MSAL authentication.
If you’ve already created the service connection in the previous step, just change it to use the new one.
And what about self-hosted agents (build VM)?
I’m not sure. But probably just installing the MSAL.PS PowerShell library in your build VM will be enough, if it’s not there already.
