Our Company uses Azure DevOps and the code is stored in Azure DevOps and synchronized with the developer clients via Git.
We now have the requirement that only company managed devices can synchronize the code and not just any device. We know the possibility of Conditional Access but the problem with that is, that the Developers /Testers should still be able to view Tickets in DevOps from private devices.
Is there an option to restrict the access to azure devops repos to devices/ip-adresses?
Our Company uses Azure DevOps and the code is stored in Azure DevOps and synchronized with the developer clients via Git.
We now have the requirement that only company managed devices can synchronize the code and not just any device. We know the possibility of Conditional Access but the problem with that is, that the Developers /Testers should still be able to view Tickets in DevOps from private devices.
Is there an option to restrict the access to azure devops repos to devices/ip-adresses?
Share Improve this question asked 2 days ago nick4538nick4538 12 Answers
Reset to default 0How about restricting Access by IP range?
- Go to anization settings → security → IP restrictions
- Add allowed corporate IP addresses
- Block all other external IP addresses
... or use restricted git authentication via PAT policies:
- Go to anization settings → security -> policies
- Under "Personal Access Tokens", disable PAT usage
- Under git Credential manager", require azure AD authentication
Problem is that PATs are easy to misuse, and I see PATs getting misused a LOT of times.
Is there an option to restrict the access to azure devops repos to devices/ip-adresses?
You can't directly restrict Azure DevOps repository access based on IP addresses/devices within the Azure DevOps platform itself.
You could use conditional access policies, which provides many policies to protect access to your Azure services. For example,
Block unknown or unsupported device platform: Users are blocked from accessing company resources when the device type is unknown or unsupported.
Block access by location: With the location condition in Conditional Access, you can control access to your cloud apps based on the network location of a user (Countries location or IP ranges location).
If it doesn't meet your needs, create your on-premises Azure DevOps Server and set up a firewall on the server machine, so that only some specified IP address can access the Azure DevOps server.