Security glossary

VSTS | TFS 2018 | TFS 2017 | TFS 2015 | TFS 2013

The Microsoft Security glossary is a short dictionary of terms used in authenticating users and managing permissions on the Visual Studio Team Services (VSTS) and Team Foundation Server platforms.

Access level

Access levels correspond to a licensing level to provide access to certain features. Access to these features is managed by membership to an access level. To learn more, see About access levels.

Authentication

Authentication verifies a user's identify based on the credentials provided when they sign into a VSTS account or TFS. These services/servers typically integrate with and rely upon the security features provided by additional services such as Active Directory or Azure Active Directory. To learn more, see About security and identity.

Authorization

Authorization refers to the operations performed to verify that the identity which is attempting to connect to a service or server instance has the necessary permissions to access a service, feature, function, object, or method. To learn more, see About security and identity.

Basic member

A user account that has been granted membership to a VSTS account or TFS instance with Basic access. To learn more, see About access levels.

Conditional access

Conditional access provides support for securing VSTS resources backed by an Azure Active Directory (Azure AD) tenant. For example, you can enable multi-factor authentication to help protect against the risk of compromised credentials. To learn more, see Manage conditional access to VSTS.

Inheritance

Permissions that aren't directly allowed or denied for a user, may be inherited. To learn more, see About permissions and groups.

Permission

The assignment made to a user or group to use a feature or function. Permissions are assigned to default security groups. To learn more, see About permissions and groups.

Security group

A method by which you can organize users and other domain objects to simplify administration of permissions and access. VSTS and TFS support a number of default security groups as well as the ability to create custom groups. To learn more, see About permissions and groups.

Security role

A security model that limits actions based on membership within a role. To learn more, see About security roles.

Service account

An account used to monitor or manage select services, such as build or test services.

Secure Sockets Layer (SSL)

SSL is a protocol used to strengthen the security of cloud-hosted and on-premises applications by configuring it to use Hypertext Transfer Protocol Secure (HTTPS) with Secure Sockets Layer (SSL).

SSL is always used to protect VSTS data. To learn more, see Data Protection Overview.

For on-premises TFS deployments, SSL is optional. To learn more, see Setting up HTTPS with Secure Sockets Layer (SSL) for Team Foundation Server.

Stakeholder

A user account that has been granted membership to a VSTS account or TFS instance with Stakeholder access. With Stakeholder access, you can add and modify work items, check project status, approve releases, and view dashboards. To learn more, see Get started as a Stakeholder.

Team group

A security group that is defined when a team is created and automatically populated with members as they are added to the team.

Tenant

An Azure Active Directory used to manage access or billing. To learn more, see Change Azure AD tenant

Valid users

Valid users are users that are recognized by VSTS or TFS as being able to connect to the account or a team project. When you add accounts of users directly to a built-in group or through a Windows, Active Directory, or Azure Active Directory group, they are automatically added to one of the valid user groups. To learn more, see About permissions and groups.