diff --git a/CHANGELOG.md b/CHANGELOG.md
index b1dcca54100..39ce8f76e62 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -68,7 +68,7 @@ Here is an overview of all new **experimental** features:
 - **General**: Implement Credentials Cache for AWS Roles to reduce AWS API calls ([#5297](https://github.com/kedacore/keda/issues/5297))
 - **General**: Support TriggerAuthentication properties from ConfigMap ([#4830](https://github.com/kedacore/keda/issues/4830))
 - **General**: Use client-side round-robin load balancing for grpc calls ([#5224](https://github.com/kedacore/keda/issues/5224))
-- **Azure pipeline Scaler**: Add support for workload identity authentication ([#4853](https://github.com/kedacore/keda/issues/4853))
+- **Azure pipeline Scaler**: Add support for workload identity authentication ([#5013](https://github.com/kedacore/keda/issues/5013))
 - **GCP pubsub scaler**: Support distribution-valued metrics and metrics from topics ([#5070](https://github.com/kedacore/keda/issues/5070))
 - **GCP stackdriver scaler**: Support valueIfNull parameter ([#5345](https://github.com/kedacore/keda/pull/5345))
 - **Hashicorp Vault**: Add support to get secret that needs write operation (e.g. pki) ([#5067](https://github.com/kedacore/keda/issues/5067))
diff --git a/pkg/scalers/azure_pipelines_scaler.go b/pkg/scalers/azure_pipelines_scaler.go
index 9e18685e02d..441e69ec1fc 100644
--- a/pkg/scalers/azure_pipelines_scaler.go
+++ b/pkg/scalers/azure_pipelines_scaler.go
@@ -6,6 +6,7 @@ import (
 	"fmt"
 	"io"
 	"net/http"
+	"net/url"
 	"strconv"
 	"strings"
 	"time"
@@ -306,7 +307,7 @@ func parseAzurePipelinesMetadata(ctx context.Context, logger logr.Logger, config
 }
 
 func getPoolIDFromName(ctx context.Context, logger logr.Logger, poolName string, metadata *azurePipelinesMetadata, podIdentity kedav1alpha1.AuthPodIdentity, httpClient *http.Client) (int, error) {
-	urlString := fmt.Sprintf("%s/_apis/distributedtask/pools?poolName=%s", metadata.organizationURL, poolName)
+	urlString := fmt.Sprintf("%s/_apis/distributedtask/pools?poolName=%s", metadata.organizationURL, url.QueryEscape(poolName))
 	body, err := getAzurePipelineRequest(ctx, logger, urlString, metadata, podIdentity, httpClient)
 
 	if err != nil {
@@ -348,7 +349,7 @@ func validatePoolID(ctx context.Context, logger logr.Logger, poolID string, meta
 	return result.ID, nil
 }
 
-func getToken(ctx context.Context, metadata *azurePipelinesMetadata, podIdentity kedav1alpha1.AuthPodIdentity, scope string) (string, error) {
+func getToken(ctx context.Context, metadata *azurePipelinesMetadata, scope string) (string, error) {
 	token, err := metadata.authContext.cred.GetToken(ctx, policy.TokenRequestOptions{
 		Scopes: []string{
 			scope,
@@ -375,7 +376,7 @@ func getAzurePipelineRequest(ctx context.Context, logger logr.Logger, urlString
 	case kedav1alpha1.PodIdentityProviderAzureWorkload:
 		//ADO Resource token
 		logger.V(1).Info("making request to ADO REST API using managed identity")
-		aadToken, err := getToken(ctx, metadata, podIdentity, devopsResource)
+		aadToken, err := getToken(ctx, metadata, devopsResource)
 		if err != nil {
 			return []byte{}, fmt.Errorf("cannot create workload identity credentials: %w", err)
 		}