By default, all administrators can invite new users to their Azure DevOps organization. Disabling this policy prevents Team and Project Administrators from inviting new users. However, Project Collection Administrators (PCAs) can still add new users to the organization regardless of the policy status. Additionally, if a user is already a member of the organization, Project and Team Administrators can add that user to specific projects.
Sign in to your organization (https://dev.azure.com/{yourorganization}).
Select Organization settings.
Under Security, select Policies, and then move the toggle to off.
Now, only Project Collection Administrators can invite new users to Azure DevOps.
Note
Project and Team Administrators can directly add users to their projects through the permissions blade. However, if they attempt to add users through the Add Users button located in the Organization settings > Users section, it's not visible to them.
Adding a user directly through Project settings > Permissions doesn't result in the user appearing automatically in the Organization settings > Users list. For the user to be reflected in the Users list, they must sign in to the system.
In this module, you'll practice how to meet specific business policies by creating relevant policies to disable GIFs, enable the lobby for all external users and disable desktop sharing remote control.
Learn the answers to frequently asked questions (FAQs), like the permissions that are required to manage users and user access, manage Visual Studio subscriptions, and more.