This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Azure DevOps Services
To control access to your team's critical resources and key business assets in Azure DevOps Services, use Microsoft services like Microsoft 365 or Microsoft Entra ID. Microsoft Entra ID works with your organization to control access and authenticate users.
Organize your directory members with Microsoft Entra groups and manage permissions in bulk for your organization. Add these groups to built-in groups like Project Collection Administrators or Contributors, or to custom groups like your project management team. Microsoft Entra group members inherit permissions from the Azure DevOps group, so you don't have to manage group members individually.
For more information on Microsoft Entra ID benefits and how to control organization access with Microsoft accounts or Microsoft Entra ID, see the provided links.
Note
Due to a functional limitation on Microsoft Graph, service principals don't appear in any list of Microsoft Entra group members on Azure DevOps. Permissions set on any Microsoft Entra groups still apply to any service principals in the group that were added to the organizations, even if they aren't displaying on the web UI.
| Category | Requirements |
|---|---|
| Permissions | - Member of the Project Collection Administrators group. Organization owners are automatically members of this group. - Microsoft Entra Administrator in the Azure portal. |
| Access levels | At least Basic access. |
Note
To enable the preview feature, Organization Permissions Settings Page v2, see Enable preview features.
Sign in to your organization (https://dev.azure.com/{yourorganization}).
Why am I asked to choose between my work or school account and my personal account?
Go to Organization settings.
Choose Permissions, and then select the group you want to add a member to.
Select Members, and then select Add.
You invite guests into Microsoft Entra ID and into your Microsoft Entra ID-backed organizations, without waiting for them to accept. This invitation allows you to add those guests to your organization, grant access to projects, assign extensions, and more.
Add users or groups, and then Save your changes.
Microsoft Entra ID changes might take up to 1 hour to be visible in Azure DevOps, but you can immediately reevaluate your permissions.
If you have Project Collection Administrator and Project Administrator access, you can modify the configuration of your organization or project. To enhance security for these built-in administrator groups, consider implementing just-in-time access using a Microsoft Entra Privileged Identity Management (PIM) group. This approach allows you to grant elevated permissions only when needed, reducing the risk associated with permanent access.
Note
When you configure just-in-time access using a Microsoft Entra Privileged Identity Management (PIM) group, ensure that any user with elevated access also retains standard access to the organization. This way, they can view the necessary pages and refresh their permissions as needed.
Note
Users have elevated access in Azure DevOps for up to 1 hour after their PIM group access gets deactivated.
Training
Learning path
Configure and govern entitlement with Microsoft Entra ID SC-5008 - Training
Use Microsoft Entra to manage access by using entitlements, access reviews, privileged access tools, and monitor access events. (SC-5008)
Certification
Microsoft Certified: Identity and Access Administrator Associate - Certifications
Demonstrate the features of Microsoft Entra ID to modernize identity solutions, implement hybrid solutions, and implement identity governance.
Events
May 19, 6 PM - May 23, 12 AM
Calling all developers, creators, and AI innovators to join us in Seattle @Microsoft Build May 19-22.
Register today
