How to adjust or exempt rule "Azure DevOps repositories should require minimum two-reviewer approval for code pushes"

Question

Hi,

We've recently turned on advanced security in our repo's on Azure DevOps and linked it to Defender for Cloud. We're now getting a recommendation on "Azure DevOps repositories should require minimum two-reviewer approval for code pushes" which we would like to exempt or modify to require a minimum of one-reviewer approval.
I'm not seeing an option to exempt this rule and can't find in in Policies.

Is there anyone who can help me with this?

Thank you!

Answer 1

Hello @Pieter Jan Coeckelbergh,

Thank you for posting your query on Microsoft Q&A.

Undershoot that you are trying to exempt the recommendation from Defender.

You can modify the exemption for any recommendation in Defender by following the guidelines in this article: https://learn.microsoft.com/en-us/azure/defender-for-cloud/exempt-resource

Additionally, as you may already know, you can modify the branch policies. Here are the steps for setting up a branch policy:

• Go to Repos > Branches.
• Select Branch policies.
• Under Policies, select Minimum number of reviewers.
• Set Minimum number of reviewers to 1 and save the changes

Microsoft’s best practices recommend multiple reviewers to ensure code quality and reduce vulnerabilities, as lowering the requirement to a single reviewer can introduce security gaps.

As per industry standards like SOC2, ISO, etc.. suggest multi-level reviews for production code integrity. Ignoring Microsoft's recommendation might impact your Defender for Cloud security score. To mitigate this, document the suitability of a one-reviewer policy and consider compensating controls like code scanning or periodic audits to support security and compliance.

I hope this information is helpful. Please feel free to reach out if you have any further questions. If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".