Edgio CDN for Azure DevOps retirement completed

Steve Danielson · Steve Danielson · commit b6befd6dec87 · 2025-06-12T10:15:13.000-04:00
diff --git a/docs/managed-devops-pools/configure-networking.md b/docs/managed-devops-pools/configure-networking.md
@@ -1,7 +1,7 @@
 ---
 title: Configure networking
 description: Learn how to configure networking for Managed DevOps Pools.
-ms.date: 06/04/2025
+ms.date: 06/12/2025
 ---
 
 # Configure Managed DevOps Pools networking
@@ -149,7 +149,7 @@ If you have systems in place on your network (NSG, Firewall, etc.) that restrict
    * `rmprodbuilds.azureedge.net` - Used to download the Managed DevOps Pools worker binaries and startup scripts. (The agent portion of the worker binaries is downloaded from `rm-agent.prod.manageddevops.microsoft.com` (formerly downloaded from `agent.prod.manageddevops.microsoft.com`) which is covered by the previous required `*.prod.manageddevops.microsoft.com` entry.)
    * `*.queue.core.windows.net` - Worker queue for communicating with Managed DevOps Pools service.
 * Required Endpoints for connecting to Azure DevOps - without allowlisting these endpoints, machines may come online and even go to an "allocated" state, but will fail to communicate with ADO as either the VSTS task agent can't connect, or it can't start.
-   * `vstsagentpackage.azureedge.net` and `download.agent.dev.azure.com` - Azure DevOps agent CDN location, used to download Azure DevOps agent
+   * `download.agent.dev.azure.com` - Azure DevOps agent CDN location, used to download Azure DevOps agent
    * `dev.azure.com` - Required to handle communication with Azure DevOps
    *  Preparing Linux machines - these endpoints are required to spin up Ubuntu machines, but are not necessary if a pool is only using Windows. As part of setting up the Azure DevOps Task agent, a few required packages are added and an apt-get is run, which will fail without these being allowlisted.
       * `azure.archive.ubuntu.com` - Provisioning Linux machines - this is HTTP (port 80), not HTTPS (port 443)
diff --git a/docs/organizations/security/allow-list-ip-url.md b/docs/organizations/security/allow-list-ip-url.md
@@ -8,7 +8,7 @@ ms.reviewer: jominana
 ms.author: chcomley
 author: chcomley
 monikerRange: '<= azure-devops'
-ms.date: 04/02/2025
+ms.date: 06/12/2025
 ---
 
 # Allowed IP addresses and domain URLs
@@ -253,8 +253,7 @@ https://{organization_name}.vstmr.visualstudio.com
 https://{organization_name}.pkgs.visualstudio.com
 https://{organization_name}.vssps.visualstudio.com
 
-Azure DevOps uses the following URLs to provide the agent software for download for self-hosted agents.
-https://vstsagentpackage.azureedge.net
+Azure DevOps uses the following URL to provide the agent software for download for self-hosted agents.
 https://download.agent.dev.azure.com
 
 Azure DevOps uses content delivery network (CDN) to serve static content. The following URLs are part of that. 
@@ -300,7 +299,7 @@ We recommend you open port `443` to all traffic on the following IP addresses an
 |https://cdn.vsassets.io    | Hosts Azure DevOps Content Delivery Networks (CDNs) content        |
 |https://static2.sharepointonline.com    | Hosts some resources that Azure DevOps uses in "office fabric" UI kit for fonts, and so on        |
 |https://vsrm.dev.azure.com   | Hosts releases        |
-|https://vstsagentpackage.azureedge.net<br>https://download.agent.dev.azure.com      |  Required to set up self-hosted agent in machines within your network              |
+|https://download.agent.dev.azure.com      |  Required to set up self-hosted agent in machines within your network              |
 |https://amp.azure.net   | Needed for deploying to Azure app service           |
 |https://go.microsoft.com  | Accesses go links        |
 
@@ -351,7 +350,7 @@ For more information about hosted Windows, Linux, and macOS agents, see [Microso
 If you're running a firewall and your code is in Azure Repos, see [Self-hosted Linux agents FAQs](../../pipelines/agents/linux-agent.md#im-running-a-firewall-and-my-code-is-in-azure-repos-what-urls-does-the-agent-need-to-communicate-with), [Self-hosted macOS agents FAQs](../../pipelines/agents/osx-agent.md#im-running-a-firewall-and-my-code-is-in-azure-repos-what-urls-does-the-agent-need-to-communicate-with) or [Self-hosted Windows agents FAQs](../../pipelines/agents/windows-agent.md#im-running-a-firewall-and-my-code-is-in-azure-repos-what-urls-does-the-agent-need-to-communicate-with). This article has information about which domain URLs and IP addresses your private agent needs to communicate with.
 
 > [!IMPORTANT]
-> [Edgio CDN for Azure DevOps is being retired](https://devblogs.microsoft.com/devops/important-switching-cdn-providers/), which requires a new domain URL to be allow-listed in firewall rules for agent software download.
+> [Edgio CDN for Azure DevOps was retired](https://devblogs.microsoft.com/devops/important-switching-cdn-providers/), which required a new domain URL to be allow-listed in firewall rules for agent software download.
 > The new domain to allow-list for agent download is `https://*.dev.azure.com`. If your firewall rules don't allow wildcards, use `https://download.agent.dev.azure.com`.
 > 
 > The Azure DevOps team recommends to make this change by the following date:
diff --git a/docs/pipelines/agents/includes/v2/qa-firewall.md b/docs/pipelines/agents/includes/v2/qa-firewall.md
@@ -4,7 +4,7 @@ ms.service: azure-devops-pipelines
 ms.manager: mijacobs
 ms.author: sdanie
 author: steved0x
-ms.date: 04/02/2025
+ms.date: 06/12/2025
 ---
 
 ### I'm running a firewall and my code is in Azure Repos. What URLs does the agent need to communicate with?
@@ -30,7 +30,7 @@ If you're running an agent in a secure network behind a firewall, make sure the
 | `https://dev.azure.com`                              | For organizations using the `dev.azure.com` domain                                     |
 | `https://login.microsoftonline.com`                  | Microsoft Entra sign-in                                                         |
 | `https://management.core.windows.net`                | Azure Management APIs                                                                 |
-| `https://vstsagentpackage.azureedge.net`<br>`https://download.agent.dev.azure.com`             | Agent package                                                                          |
+| `https://download.agent.dev.azure.com`             | Agent package                                                                          |
 
 
 To ensure your organization works with any existing firewall or IP restrictions, ensure that `dev.azure.com` and `*dev.azure.com` are open and update your allow-listed IPs to include the following IP addresses, based on your IP version. If you're currently allow-listing the `13.107.6.183` and `13.107.9.183` IP addresses, leave them in place, as you don't need to remove them.
diff --git a/docs/pipelines/agents/includes/v2/web-proxy-bypass.md b/docs/pipelines/agents/includes/v2/web-proxy-bypass.md
@@ -4,7 +4,7 @@ ms.service: azure-devops-pipelines
 ms.manager: mijacobs
 ms.author: sdanie
 author: steved0x
-ms.date: 04/02/2025
+ms.date: 06/12/2025
 ---
 
 ### How do I configure the agent to bypass a web proxy and connect to Azure Pipelines?
@@ -30,7 +30,6 @@ https://dev.azure.com
 https://*.dev.azure.com
 https://login.microsoftonline.com
 https://management.core.windows.net
-https://vstsagentpackage.azureedge.net
 https://download.agent.dev.azure.com
 https://vssps.dev.azure.com
 ```
diff --git a/docs/pipelines/agents/includes/v3/qa-firewall.md b/docs/pipelines/agents/includes/v3/qa-firewall.md
@@ -4,7 +4,7 @@ ms.service: azure-devops-pipelines
 ms.manager: mijacobs
 ms.author: sdanie
 author: steved0x
-ms.date: 04/02/2025
+ms.date: 06/12/2025
 ---
 
 ### I'm running a firewall and my code is in Azure Repos. What URLs does the agent need to communicate with?
@@ -30,10 +30,10 @@ If you're running an agent in a secure network behind a firewall, make sure the
 | `https://dev.azure.com`                              | For organizations using the `dev.azure.com` domain                                     |
 | `https://login.microsoftonline.com`                  | Microsoft Entra sign-in                                                         |
 | `https://management.core.windows.net`                | Azure Management APIs                                                                 |
-| `https://vstsagentpackage.azureedge.net`<br>`https://download.agent.dev.azure.com`             | Agent package                                                                          |
+| `https://download.agent.dev.azure.com`             | Agent package                                                                          |
 
 > [!IMPORTANT]
-> [Edgio CDN for Azure DevOps is being retired](https://devblogs.microsoft.com/devops/important-switching-cdn-providers/), which requires a new domain URL to be allow-listed in firewall rules for agent software download.
+> [Edgio CDN for Azure DevOps was retired](https://devblogs.microsoft.com/devops/important-switching-cdn-providers/), which requires a new domain URL to be allow-listed in firewall rules for agent software download.
 > The new domain to allow-list for agent download is `https://*.dev.azure.com`. If your firewall rules don't allow wildcards, use `https://download.agent.dev.azure.com`.
 > 
 > The Azure DevOps team recommends to make this change by the following date:
diff --git a/docs/pipelines/agents/includes/v3/web-proxy-bypass.md b/docs/pipelines/agents/includes/v3/web-proxy-bypass.md
@@ -4,7 +4,7 @@ ms.service: azure-devops-pipelines
 ms.manager: mijacobs
 ms.author: sdanie
 author: steved0x
-ms.date: 04/02/2025
+ms.date: 06/12/2025
 ---
 
 ### How do I configure the agent to bypass a web proxy and connect to Azure Pipelines?
@@ -30,7 +30,6 @@ https://dev.azure.com
 https://*.dev.azure.com
 https://login.microsoftonline.com
 https://management.core.windows.net
-https://vstsagentpackage.azureedge.net
 https://download.agent.dev.azure.com
 https://vssps.dev.azure.com
 ```
diff --git a/docs/pipelines/agents/scale-set-agents.md b/docs/pipelines/agents/scale-set-agents.md
@@ -6,7 +6,7 @@ ms.custom: devx-track-azurecli, arm2024
 ms.manager: mijacobs
 ms.author: sdanie
 author: steved0x
-ms.date: 04/02/2025
+ms.date: 06/12/2025
 monikerRange: azure-devops
 ---
 
@@ -543,7 +543,7 @@ This issue occurs because agent extension scripts attempt to create the user `Az
 
 #### Agent extension installation fails on scale set instances due to network security and firewall configurations
 
-The extension needs to be able to download the build agent files from `https://vstsagentpackage.azureedge.net/agent` and `https://download.agent.dev.azure.com`, and the build agent needs to be able to register with Azure DevOps Services. Make sure that this URL and Azure DevOps Services-related IPs and URLs are open on the instance. For IPs and URLs that need to be unblocked on your firewall, see [Allowed IP addresses and domain URLs](/azure/devops/organizations/security/allow-list-ip-url).
+The extension needs to be able to download the build agent files from `https://download.agent.dev.azure.com`, and the build agent needs to be able to register with Azure DevOps Services. Make sure that this URL and Azure DevOps Services-related IPs and URLs are open on the instance. For IPs and URLs that need to be unblocked on your firewall, see [Allowed IP addresses and domain URLs](/azure/devops/organizations/security/allow-list-ip-url).
 
 #### Why does my scale set agent configuration script call Add-MpPreference and configure Windows Defender on the agent?
 
