Release NotesMay 20, 2026· 5 min read

Agile Analytics 6.7.0 — Per-seat awareness, signed extension auth, and reliability hardening

v6.7.0 brings the in-product side of the per-seat pricing model we rolled out on the website in May: a soft seat-usage banner appears in the hub when an org is over the limit for its tier, with the existing license remaining fully active. Behind the scenes, every license and telemetry call now travels with a JWT signed by the extension's own certificate (Microsoft's recommended auth model), and a stack of resilience fixes since 6.6.1 — chunk-error recovery on stale tabs, tighter input handling at every license endpoint, and a three-layer migration safety net. Founding / Annual / Monthly customers keep their existing plans byte-for-byte; nothing about your subscription changes.

#release notes#6.7.0#per-seat#pricing#team#business#premium#jwt#auth#security#reliability#azure devops

v6.7.0 is the in-product half of the per-seat pricing transition we announced on the website in mid-May. The biggest change you'll see is a new seat-usage banner that surfaces when an org's distinct active users in the last 30 days exceed its tier limit. The banner is informational — the license stays active, the views keep working — but it gives admins a clear signal that the org is on the wrong tier for its team size. Behind the banner sit two larger, less-visible upgrades: a signed-token authentication model for license and telemetry calls (Microsoft's documented best practice for ADO extensions), and a stack of reliability fixes since 6.6.1. Existing settings are preserved byte-for-byte and no reactivation is required.

What's new

  • Seat-usage banner. Open the hub on an org that has more than its tier's seat allowance active in the last 30 days, and a soft-warning banner appears in Configuration → License. It shows used vs. limit and links to the pricing page. The license is unaffected — every view continues to work, no feature is gated. This is the in-product mirror of the new Team / Business / Premium tiers on the pricing page.
  • Signed-extension authentication. License validation, trial-start, and telemetry calls now carry an Authorization header containing a JWT issued by SDK.getAppToken() — the standard Microsoft-documented signature scheme for ADO extension auth. Customers see no behavior change; the server still trusts the existing per-request fields, with the JWT adding tamper-evidence on top. Pre-6.7.0 clients keep working unchanged.
  • Chunk-error self-recovery. If you have a tab open in the hub during a website deploy, occasional dynamic-import 404s can leave a view in a broken state. 6.7.0 installs a one-time reload handler on ChunkLoadError so the tab self-heals without you noticing.
  • Tighter input handling at license endpoints. /api/licenses/validate, /api/trial/start, and /api/create-checkout-session now coerce non-string body fields at the boundary, so the few crawler / probe requests that send weird payloads return clean 400s instead of opaque 500s.
  • Migration safety net. Three-layer guard around schema migrations following the May 19 incident: pre-flight check, transactional apply, and a post-apply health probe. Customers should never notice this — it's an internal reliability investment.

About the seat-usage banner

Three things worth knowing about how the banner counts seats and what it does (and does not) trigger.

  • "Active in the last 30 days" means distinct ADO user IDs that have opened a view, fired any telemetry event, or completed a license action in that window. Inactive users on the team are not counted. There is no double-counting across views — opening Cycle Time three times in one day is one seat.
  • Tier limits are: Team — 2 seats, Business — 6 seats, Premium — unlimited. Existing Founding, Annual, and Monthly subscribers are grandfathered: the banner does not appear regardless of seat count, and renewals preserve the legacy treatment.
  • The banner is the only behavior change. The license remains active, no view is locked, and no telemetry event is suppressed. It is intentionally a soft signal — if your team has grown past the tier, the next step is to upgrade at your convenience, not a deadline.

About signed-extension authentication

Microsoft's official guidance for ADO extension authentication is to use SDK.getAppToken() to mint a JWT signed by the extension's own certificate, and to verify that JWT on the backend before trusting the request. 6.7.0 implements both sides. The server-side check runs in advisory mode for the rollout — every request is verified and the result logged, but no request is rejected on a verification failure. This protects the legacy 6.6.x cohort still in the Marketplace auto-update queue, who don't yet send the header. Hardening to enforcement mode is a future release.

What this means for your existing settings

Every 6.7.0 change is additive. If you've been running the extension across 6.6.x, here's exactly what the upgrade will and will not change.

  • Workflow Mapping, Item Types, WIP rules, Sprint Alerts, Notifications, SLEs, Access Control, AI, Privacy, and License are all left exactly as you have them. The seat-usage banner is a new piece of UI in the License panel — it does not overwrite anything.
  • Founding, Annual, and Monthly subscribers keep those plans on renewal. There is no migration to a per-seat tier and no banner. The legacy tier flag is enforced server-side, so manual plan tagging (e.g., Qualisflow-style overrides) survives every renewal.
  • If a Configuration setting was customized — added a state, picked a custom item type, configured an alert — that edit is preserved byte-for-byte across this upgrade.
  • All views from 6.6.1 — Process Behavior, Cycle Time Heat Map, Vacanti zones, percentile bands — continue to render exactly as they did. Nothing about the analytical surface changes.

Updating

The extension auto-updates from the Marketplace, so existing customers don't need to do anything. Existing trial and licensed orgs upgrade in place; no reactivation required. The first time you open the hub after the upgrade, the in-product changelog popup will show the v6.7.0 highlights once and then dismiss permanently. New installs can grab v6.7.0 from the Marketplace listing at https://marketplace.visualstudio.com/items?itemName=Baytek.agile-analytics.

Compare your Azure DevOps reporting options before you commit

See how built-in ADO reporting, Power BI, and Marketplace extensions stack up — then start the 30-day trial to evaluate the extension path inside your own organisation.

Compare ToolsStart Free Trial

More in Release Notes

Continue through the category hub to see adjacent problem-aware articles and buying paths.

Open category →

Ready to evaluate plan fit?

Review the org-level pricing, trial flow, and license activation path for your Azure DevOps organisation.

View pricing →

Related reading

Agile Analytics 6.16 — Trial-reminder signup is now automatic

v6.16 removes a step from the trial-reminder signup flow. The prompt previously asked you to retype the email Azure DevOps already knows about you and click Send; v6.16 subscribes that address for you and shows a 60-second visible Undo banner instead. v6.16.1 also removes a duplicate feedback card from the dashboard so there's one clear path to reach us.

Agile Analytics 6.15.6 — Ask Henry, right in the top bar

v6.15.6 is a small UX release that makes it easier to reach us from inside the extension. A persistent 👋 Ask Henry button now lives in the dashboard top bar, and the Help & Support page got reorganised from four cards into three clearly distinct paths: Ask Henry, Book a Call, Rate Us. Same CTA is now on the homepage and pricing page of the website too.