-1

I have a batch job on a (windows 10) machine that runs every night. A part of the job is to do a "tf get /login:[PAT]". This works for a couple of days after which it fails with "you are not authorized to access". Basically what happens is, after some days the PAT alone doesn't work anymore and the "password prompt" window gets displayed. As nobody is monitoring this job, nobody enters anything and the window times out after some time and tf access is denied.

If, after the failure, i run this job manually and enter the correct credentials into the login window (and also authorize the access on my phone, because the underlying account is protected by 2fa), everything starts working again, for a couple of days.

What do i need to do in order to make this run w/o the need for a manual intervention?

Thomas Woelfer
  • 533
  • 5
  • 21

1 Answers1

0

I don't think we can make it automate permanently if you have set auth policies, generally it will ask to reauthenticate every few days based on your policy settings.

For the PAT, it also has an expiration, even though we can define the expiration date a bit longer (Can be set to a maximum of one year).

Andy Li-MSFT
  • 28,712
  • 2
  • 33
  • 55
  • So how does the build server do it? We are running a local build server where i have never have to login manually. It get's the sources every day from vsonline. Any ideas? – Thomas Woelfer Mar 11 '22 at 08:59
  • I have not set any policy, so i guess what i see are the defaults. Where do i change those? (It would be helpful just to be able to extend this from 7 to 30 days). I have found this ( https://learn.microsoft.com/en-us/azure/active-directory/conditional-access/howto-conditional-access-session-lifetime) - but this doesn't seem to apply here: in my azure portal the whole thing is disabled; i cannot "add" a new policy and the page says i have none. – Thomas Woelfer Mar 15 '22 at 10:41