DEV Community

Cover image for Azure DevOps: Limit User Visibility and Collaboration to Specific Projects
Davide 'CoderDave' Benvegnù
Davide 'CoderDave' Benvegnù

Posted on

Azure DevOps: Limit User Visibility and Collaboration to Specific Projects

Ever had the need to restrict some users to just specific projects in Azure DevOps? Today I'm gonna show you how to do that.

Intro

Today we talk about a new feature that has been released recently in Azure DevOps and that allows you to limit the user visibility and collaboration to specific projects. I'm talking about the Limit user visibility and collaboration to specific projects Preview Feature

Video

As usual, if you are a visual learner, or simply prefer to watch and listen instead of reading, here you have the video with the whole explanation and demo, which to be fair is much more complete than this post.

Link to the video: https://youtu.be/yftHyHW32fM

If you rather prefer reading, well... let's just continue :)

The Problem

By default, users added to an organization can view all organization metadata and settings.

Org Settings

This includes viewing the list of users in the organization, list of projects, billing details, usage data, and anything that's accessible through the organization settings.

Users Selection

This includes viewing the list of users in the organization, list of projects, billing details, usage data, and anything that's accessible through the organization settings.

This is because people pickers provide support for searching all users and groups added to Azure AD, not just those users and groups added to your project

And until now there was no effective way to change this behavior. As I said, until now :)

The Solution

To restrict users from this information, you can enable the "Limit user visibility and collaboration to specific projects" preview feature for your organization.

Feature Enabled

Once enabled, the Project-Scoped Users group, which is an organization-level security group, will be added to your Azure DevOps organization. It can be found by navigating to the Organization Settings -> Permissions

When you add Users and groups to this new group, they will see a banner stating that the administrator has limited their visibility.

Banner

After that, they will have two limitations.

Limited Org Settings

When accessing the Organization Settings, most of the items will be hidden.

And about the people selection, the people-picker search will be limited to only the AAD Users that have been added to the project the user is scoped to.

Limited User Selection

And this applies also to the tagging of users in Work Items and Comments.

Conclusions

Comment down below and let me know if this new feature solves any issue you had in the past with user management.

Also, checkout this video, where I talk about how to properly secure and Azure DevOps Organization.

Like, share and follow me 🚀 for more content:

📽 YouTube
Buy me a coffee
💖 Patreon
🌐 CoderDave.io Website
👕 Merch
👦🏻 Facebook page
🐱‍💻 GitHub
👲🏻 Twitter
👴🏻 LinkedIn
🔉 Podcast

Buy Me A Coffee

Top comments (1)

Collapse
 
chrispos profile image
Christian

Hi Davide,
thanks for this article ! Do you know wether this preview feature is available on the DevOps server version - since I receive an access denied even though being local admin on the server and collection admin within devops...

Thank you.

Image description