Change application access policies for your organization
Azure DevOps Services
Azure DevOps no longer supports Alternate Credentials authentication since the beginning of March 2, 2020. If you're still using Alternate Credentials, then they won't work anymore. You have to switch to a more secure authentication method, to mitigate this breaking change impacting your DevOps workflows. Learn more.
You can change your application access policies for your organization in Azure DevOps. Azure DevOps offers the capability for other apps to integrate with its services and resources in your organization. To access your organization without asking for user credentials multiple times, apps can use the following authentication methods:
OAuth to generate tokens for accessing REST APIs for Azure DevOps Services and Team Foundation Server. The Organizations and Profiles APIs support only OAuth.
Alternate credentials as a single set of credentials across all tools that don't have plug-in, extension, or native support. For example, you can use basic authentication to access REST APIs for Azure DevOps, but you must turn on alternate credentials.
Personal access tokens to generate tokens for:
- Accessing specific resources or activities, like builds or work items
- Clients like Xcode and NuGet that require usernames and passwords as basic credentials and don't support Microsoft account and Azure Active Directory features like multi-factor authentication
- Accessing REST APIs for Azure DevOps
By default, your organization allows access for all authentication methods. You can limit access, but you must specifically restrict access for each method. When you deny access to an authentication method, no app can use that method to access your organization. Any app that previously had access gets an authentication error and can't access your organization.
To remove access for personal access tokens, you must revoke them.
To continue, you need at least Basic access and organization Owner or Project Collection Administrator permissions. How do I find the organization Owner?
Change application access policies
Sign in to your organization (
Choose Organization settings.
In the Policies tab, review your application connection settings. Change these settings, based on your security policies.
Anonymous access is used to access both private and public repos. Learn more at Make your project public.