Project management and navigation glossary

Azure DevOps Services | Azure DevOps Server 2022 - Azure DevOps Server 2019

This glossary describes terms used when navigating in the web portal for Azure DevOps. See also the Agile glossary.


An interactive list of work items that corresponds to a team's project plan or roadmap for what the team plans to deliver. The product backlog supports prioritizing work, forecasting work by sprints, and quickly linking work to portfolio backlog items. You can define your backlog items and then manage their status using the board.

Teams can customize each backlog. For more information, see Create your backlog.

Analytics views

Analytics views provide a simplified way to specify the filter criteria for a Power BI report based on the Analytics service. The Analytics service is the reporting platform for Azure DevOps Services.

Area path

Area paths are used to group work items by team, product, or feature area. Iteration paths are used to group work into sprints, milestones, or other event-specific or time-related periods. You can use area paths to define a hierarchy of paths. To learn more, see About area and iteration paths.

Audit log

Audit logs contain many changes that occur throughout an Azure DevOps organization. Changes occur when a user or service identity within the organization edits the state of an artifact, including changes to permissions. For more information, see Access, export, and filter audit logs.


Authentication verifies a user's identify based on the credentials provided when they sign into an organization in Azure DevOps. These services/servers typically integrate with and rely upon the security features provided by services such as Active Directory or Microsoft Entra ID. For more information, see About security, authentication, and authorization.


Authorization is the operation that's performed to verify that the identity that's attempting to connect to a service or server instance has the necessary permissions to access a service, feature, function, object, or method. For more information, see About security, authentication, and authorization.


An interactive, electronic sign board that supports visualization of the flow of work from concept to completion and lean methods. Learn more: Board overview.


A collection is a container for a number of projects in Azure DevOps. A default collection is created when you sign up with Azure DevOps Services or install Team Foundation Server. Within Azure DevOps Services, a collection corresponds to an organization. For on-premises TFS deployments, you can add and manage collections to specify the logical and physical resources available to the projects within the collection.

Learn more: About projects and scaling your organization, Manage organizations or Manage project collections in Team Foundation Server.

Conditional access

Conditional access provides support for securing Azure DevOps resources backed by a Microsoft Entra tenant. For example, you can enable multifactor authentication to help protect against the risk of compromised credentials. For more information, see Manage conditional access to Azure DevOps.


Dashboards are user-configurable interactive signboards that provide real-time information. Dashboards are associated with a team and display configurable widgets to show information. To learn more, see Add and manage dashboards.


Extensions are simple add-ons that are used to customize and extend the DevOps experience of Azure DevOps. They're written with standard technologies—HTML, JavaScript, CSS—and can be developed using your preferred development tools. Hundreds of extensions are available from the Visual Studio Marketplace, Azure DevOps tab.


Tagging an object as a favorite is a method used to support quick navigation by yourself or other team members. You can tag work item queries and build definitions as personal and team favorites. Other objects you can tag as a favorite for yourself only include code branches, delivery plans, test plans, and teams or projects. To learn more, see Set personal or team favorites.


Tagging specific work items or pull requests to follow them is a method used to receive email updates about changes that are made to them. To learn more, see Follow a work item or pull request.

Git repository

A Git repository supports a distributed version control system for tracking changes, reviewing contributions to the code, and more. Each developer has a copy of the source repository on their dev machine. You can add multiple Git repositories to a project. Learn more: Git Repositories.


Git in Visual Studio and Azure DevOps Services is standard Git. You can use Visual Studio with third-party Git services, and you can also use third-party Git clients with Azure DevOps Services.


Permissions that aren't directly allowed or denied for a user, might be inherited. For more information, see Get started with permissions, access, and security groups.

Microsoft Authentication Library

The Microsoft Authentication Library (MSAL) enables application developers to acquire tokens from the Microsoft identity platform to authenticate users and access secured web APIs. It can be used to provide secure access to Microsoft Graph, other Microsoft APIs, third-party web APIs, or your own web API. MSAL supports many different application architectures and platforms including .NET, JavaScript, Java, Python, Android, and iOS. For more information, see the Overview of Microsoft Authentication Library.


Each family of Azure DevOps resources (work items, Git repositories, etc.) is secured using a different namespace. Each security namespace contains zero or more ACLs. Each ACL contains a token, an inherit flag, and a set of zero or more ACEs. Each ACE contains an identity descriptor, an allowed permissions bitmask, and a denied permissions bitmask.

For a list of Azure DevOps namespaces, see Security namespace and permission reference.


With notifications, you receive an email when changes occur to work items, code reviews, pull requests, source control files, and builds. For example, you can get notified whenever a bug that you opened is resolved, or when a work item is assigned to you. You receive notifications based on rules or subscriptions made by you, for your teams, or for the project. Learn more: About notifications.


OAuth 2.0 is an industry-standard protocol for authorization. OAuth 2.0 is supported for Azure DevOps Services to authenticate REST APIs. For more information, see Authorize access to REST APIs with OAuth 2.0.

Organization owner

The person who created the organization or was later assigned as the organization owner. The organization owner has access to all Azure DevOps features and functions, and can grant access to others to features and functions. To look up or change organization owner, see Change the organization owner.

Personal Access Token (PAT)

Personal access tokens (PATs) are alternate passwords that you can use to authenticate into Azure DevOps. To learn how to create and revoke PATs, see Authenticate access with personal access tokens.


The assignment made to a user or group to use a feature or function. Permissions are assigned to default security groups. For more information, see Get started with permissions, access, and security groups.

Permission state

The state assigned to a feature or function to a user's or group's permission. Users have permission to access a feature if their permission is set to Allow, Inherited Allow, or System Allow. They don't have permission when the state is set to Deny, Inherited deny, System deny, or Not set. For more information, see Get started with permissions, access, and security groups.


Pipelines are artifacts that you define to run concurrent builds or deploy concurrent releases. Two types of pipelines are supported, private, and hosted. To learn more, see CI/CD concurrent jobs.

Pipeline concept end-to-end

Plans (also known as delivery plans)

A plan is a configurable view that displays work from multiple teams and projects laid out within a calendar based on each team's iterations. Each row in the view represents the work from a team's product or portfolio backlog. Each card corresponds to a work item, such as user story, feature, or epic. To learn more, see Review team delivery plans.


A process defines the building blocks of a work-tracking system. To customize a process, you first create an inherited process from one of the default system processes, Agile, Scrum, or CMMI. All projects that use the process see the changes you make. To learn more, see About process customization and inherited processes.


A project, which was previously known as a team project, provides a repository for source code. A project provides a place where a group of people can plan, track progress, and collaborate on building software solutions. A project is defined for an Azure DevOps Services organization or within a TFS project collection. You can use it to focus on those objects defined within the project. To learn more, see About projects and scaling your organization.

Public projects

A project created within an Azure DevOps Services organization that is visible to the whole world. Everyone in the world can discover them and perform limited operations. You can use the Azure DevOps CLI to discover a list of projects. Administrators can control who gets to fully contribute. Administrators can switch a project from private to public, and vice-versa, as described in Change the project visibility.


Queries are used to find and list work items. Queries support managed searches, which are used to triage work, versus ad-hoc searches, which are used to find a specific work item. Flat-list queries also support status and trend charts. To learn more, see About managed queries.


A source control folder or container you configure to help you track file changes in. You can have any number of repositories on your computer, each stored in their own folder. Each repository is independent, so changes saved in one repository don't affect the contents of another. Learn more: Create a new Git repo.

Role-based permissions

A security model that limits actions based on membership within a role and permissions assigned to that role. For more information, see Role-based permissions.

Security group

A method by which you can organize users and other domain objects to simplify administration of permissions and access. Azure DevOps supports many default security groups and the ability to create custom groups. For more information, see Get started with permissions, access, and security groups.

Service account

An account used to monitor or manage select services, such as build or test services.

Service principal

A service principal is the local representation, or application instance, of a global application object in a single tenant or directory. When an application is given permission to access resources in a tenant (upon registration or consent), a service principal object is created. For more information, see Application and service principal objects in Microsoft Entra ID and service principal and managed identity support in Azure DevOps.

Sprints (also known as iterations)

A sprint is a time period of usually two to three weeks that's used to group work items to be completed during that time period. Sprints are used in Scrum methods to support sprint planning, sprint burndown, and other Scrum processes. Sprints are defined via iteration paths. To learn more, see About area and iteration paths (aka sprints).

Sprint backlog

An interactive list of work items assigned to the same sprint or iteration path for a team. The sprint backlog supports teams that use Scrum methodologies. Learn more: Sprint planning.


A user account granted membership to an organization in an Azure DevOps instance with Stakeholder access. With Stakeholder access, you can add and modify work items, check project status, manage pipelines, and view and manage dashboards. For more information, see Get started as a Stakeholder.


A taskboard is an interactive board of work items that you can use to review and update tasks defined for the sprint backlog. The taskboard supports teams that use Scrum methodologies. To learn more, see Update and monitor your taskboard.


A team corresponds to a selected set of project members. With teams, organizations can subcategorize work to better focus on all the work they track within a project. Each team gets access to a suite of Agile tools. Teams can use these tools to work autonomously and collaborate with other teams across the enterprise. Each team can configure and customize each tool to meet their work requirements. To learn more, see About teams and Agile tools.

Team group

A security group that is defined when a team is created and automatically populated with members as they're added to the team.


A Microsoft Entra ID used to manage access or billing. For more information, see Change Microsoft Entra tenant.

Team Foundation Version Control (TFVC)

A centralized version control system. With TFVC, devs have only one version of each file on their dev machines. Branches are path-based and created on the server. Historical data is maintained only on the server. Learn more: Use Team Foundation Version Control.

Valid users

Valid users are users that Azure DevOps recognizes as being able to connect to the account or a project. When you add accounts of users directly to a built-in group or through a Windows, Active Directory, or Microsoft Entra group, they're automatically added to one of the valid user groups. For more information, see Get started with permissions, access, and security groups.


Widgets display information and charts on dashboards. Many of them can be configured. Many widgets display information available from one or more data stores or charts created by the system. To learn more, see Widget catalog.

Work items

A work item represents an object stored in the work item data store. Each work item is based on a work item type—such as a user story, feature, bug, task, or issue— and is assigned an identifier which is unique across all projects in an organization or project collection. The work item types available to you are based on the process used when your project was created. Each work item supports capturing information, adding attachments, linking to other work items, and more. Learn more: About work items.

Work item types (WITs)

A WIT specifies the fields, workflow, and form used to track an item of work. Each WIT is associated with more than 30 system fields and several more type-specific fields. You use work items to plan and track the work required to develop your project. For an overview of predefined WITs provided with the default processes, see About processes and process templates.