Ever had the need to restrict some users to just specific projects in Azure DevOps? Today I'm gonna show you how to do that.
Intro
Today we talk about a new feature that has been released recently in Azure DevOps and that allows you to limit the user visibility and collaboration to specific projects. I'm talking about the Limit user visibility and collaboration to specific projects Preview Feature
Video
As usual, if you are a visual learner, or simply prefer to watch and listen instead of reading, here you have the video with the whole explanation and demo, which to be fair is much more complete than this post.
Link to the video: https://youtu.be/yftHyHW32fM
If you rather prefer reading, well... let's just continue :)
The Problem
By default, users added to an organization can view all organization metadata and settings.
This includes viewing the list of users in the organization, list of projects, billing details, usage data, and anything that's accessible through the organization settings.
This includes viewing the list of users in the organization, list of projects, billing details, usage data, and anything that's accessible through the organization settings.
This is because people pickers provide support for searching all users and groups added to Azure AD, not just those users and groups added to your project
And until now there was no effective way to change this behavior. As I said, until now :)
The Solution
To restrict users from this information, you can enable the "Limit user visibility and collaboration to specific projects" preview feature for your organization.
Once enabled, the Project-Scoped Users group, which is an organization-level security group, will be added to your Azure DevOps organization. It can be found by navigating to the Organization Settings -> Permissions
When you add Users and groups to this new group, they will see a banner stating that the administrator has limited their visibility.
After that, they will have two limitations.
When accessing the Organization Settings, most of the items will be hidden.
And about the people selection, the people-picker search will be limited to only the AAD Users that have been added to the project the user is scoped to.
And this applies also to the tagging of users in Work Items and Comments.
Conclusions
Comment down below and let me know if this new feature solves any issue you had in the past with user management.
Also, checkout this video, where I talk about how to properly secure and Azure DevOps Organization.
Like, share and follow me 🚀 for more content:
📽 YouTube
☕ Buy me a coffee
💖 Patreon
🌐 CoderDave.io Website
👕 Merch
👦🏻 Facebook page
🐱💻 GitHub
👲🏻 Twitter
👴🏻 LinkedIn
🔉 Podcast
Top comments (1)
Hi Davide,
thanks for this article ! Do you know wether this preview feature is available on the DevOps server version - since I receive an access denied even though being local admin on the server and collection admin within devops...
Thank you.