Security quick reference index
TFS 2017 | TFS 2015 | TFS 2013
Use this index to quickly access concepts and tasks related to securing Azure DevOps. If you're new to Azure DevOps, see What is Azure DevOps?
Get started
As individual contributors to Azure DevOps, learn about how permissions and access to features are managed, default permission assignments, how to view your permissions, and how to increase or trace your permissions.
- About permissions, access, & security groups
- Default permissions & access
- View permissions
- Troubleshoot permissions
- Request an increase in permission levels
- Add an alternate account to your Visual Studio subscription
For project collection and project administrators, learn more about security and how to add and manage user access, and secure projects and deployment.
- About security, authentication, & authorization
- About access levels
- Change access levels (on-premises)
- Add users to a project or team
Concepts
Tasks
The primary tasks for administrators to secure Azure DevOps are to assign access levels, set permissions, assign security roles, and set policies. Development leads and pipeline administrators should become familiar with setting permissions and policies on repositories, branches, and pipeline resources.
Access levels
Set project-level permissions
Authentication
- Choose authentication method
- Authenticate access with PATs
- Manage personal access tokens using API
- Use SSH key authentication
- Use OAuth 2.0 to authorize access to REST APIs
- Authorize a service, manage authorizations
- Revoke users' PATs (for admins)
- Set up Git credential manager
- Git authentication
- Authenticate extensions
Active Directory
Set collection and server instance permissions
Secure on-premises deployments
Set Boards/work tracking permissions
- Create tag definition
- Delete and restore work items
- Delete field from organization
- Delivery plans
- Move work items out of a project
- Manage area and iteration paths
- Modify work items under an area path
- Permanently delete work items
- Process permissions
- Queries and query folders
Set test permissions
Set repository and branch permissions
- Git repository permissions
- TFVC repository permissions
- Git branch permissions
- Administer shelved changes (TFVC)
- Administer workspaces (TFVC)
- Create a workspace (TFVC)
Set Git repository and branch policies
- Git repository settings and policies
- Git branch policies
- Git branch policy for an external service
- Use Azure Functions to create custom Git branch policies
Secure code
Set pipeline permissions and policies
Set feed permissions
Reference
- Permissions lookup guide
- Permissions & groups
- Security management tools
- Security namespaces & permissions
- Manage security groups with CLI
- Manage permissions with CLI