User named "Azure Boards" in Azure Devops org - azure-devops

In hardening our ADO projects for security, we found that an org-level user named "Azure Boards" has been granted access to all area paths. We haven't yet found documentation on this user, so we're assuming that this is a built-in user that should not be altered. However, as part of hardening we do need to understand more about this user.
The question is: Where is the documentation for the org-level ADO user named Azure Boards (if any)?
Update per comment request:

I cannot find doc to describe this service account, I have raised a new feedback ticket in the GitHub and report it to Microsoft Doc teams, you can follow the ticket to get the latest news, I will continue to check the ticket and If have any achievements, I will inform you here.
Update1
This account Azure Boards gets created when you connect Azure Boards to GitHub. It works in the background to support the features that the GitHub connection supports.

Related

Azure DevOps - Help/Service Desk management system

Can someone recommend Help/Service Desk management system which works good with Azure DevOps?
We already have Azure Devops for code management with ci cd and test suites.
I am also considering JIRA service desk management, however thinking a bit scpetical in the lines of having two similar eco systems.
In next few months, we forsee potential clients who makes use of our IT services and would like to support them using service desk management.
Thank you.
By reference to this doc: What features and services do I get with Azure DevOps?, Azure DevOps provide Boards service including Agile process, Basic Process, Scrum process and CMMI process, which is easily sharing information and track the status of work, tasks, issues, or code defects. See: Azure DevOps Labs for details.
In addition, if you use Slack, you can use the Azure Boards app for Slack to create work items and monitor work item activity in your Azure Boards project from your Slack channel. If you use Microsoft Teams, you can use the Azure Boards app for Microsoft Teams to create work items and monitor work item activity in your Azure Boards project from your Teams channel. And Jira, Zappier, Service Now and so on.
BTW, if you use other management system like TeamSupport Help Desk, you could use Microsoft Power Platform to create automated workflows.
After investigation, we found that currently Azure DevOps has no service desk feature, I found a suggestion ticket in Developer community. You can vote and follow this ticket. You can also create a new suggestion ticket here. The product group will review these tickets regularly, and consider take it as roadmap.
BTW, I found this thread: https://www.reddit.com/r/azuredevops/comments/cbkxwz/azure_devops_as_a_help_desk_ticket_system/, which provides several choices, you could check it.

New Service endpoint

I am following along the tutorial with SmartHotel360 and trying to set it up. In the README.md, it says 'In VSTS, navigate to Services by clicking on the gear icon...' and this is to create a new service endpoint. Where is this done? What is VSTS? Visual Studio Team Server? Do I first make a branch of the SmartHotel360 and open this in Visual Studio? What if I am using one email account to access the code where the tasks are assigned and another email to complete the courses? Does this make a difference?
I guess my question is, where is this VSTS? Is this where I view the SmartHotel360 code?
Azure DevOps Services was formerly named Visual Studio Team Services (VSTS) -- rebranded as Azure DevOps in 2018. So the tutorial you followed should be before 2018.
The github README.md about SmartHotel360(like this) are retired, archived, and no longer supported. For the latest sample references please visit: https://aka.ms/tailwindtraders & https://aka.ms/rpsls
To interact with Azure, you'll need to create a Service Endpoint in Azure DevOps. This endpoint includes the authentication information required to deploy to Azure. This document gives a guide to configure Service Endpoint in Azure DevOps, please refer to it.

What are the pre-requisite for creating Azure DevOps organization

I have been struggling to find a guidance or best practice documentation for new Azure Tenant who want to start the Azure DevOps Service journey.
The Azure DevOps documentation is created in a piece meal approach and there is no proper documentation about such guidance and it is maddening to scan through several Azure DevOps product/feature to figure out the content I wanted.
From the documentation, I understand that one needs to create Azure Organization and project structure etc. and then users within the AAD (Company's MAC tenant) can be added to Organization or at project level to collaborate.
But if I am a new Organization or Entity that has just acquired a Azure Commercial Cloud subscription then what are the guidelines to setup my Azure DevOps organization?
E.g. Do I have to be a Global Admin of my Azure Commercial
Subscription to first start the Azure DevOps Organization? Or can I be
a Admin for Dev/Test Subscription and then start the Azure DevOps
Organization? Can I use my Dev/test subscription to create Azure
DevOps organization? What are some limitation or restruction with regard to my Azure Subscription in terms of ability to create Azure DevOps organization? What roles are advised to initiate the Organization creation process?
Where is the guidance documentation or best practice documentation around it so we can put a proper governance structure on Azure DevOps - organization/project and users etc.
Here are some high level prerequisite for setting up Azure DevOps Service:
You must have a tenant in Azure Commercial or Public Cloud. You can still deploy and build on other cloud or on-premise. You need public cloud to host your DevOps Org and project configuration and optionally to host the git based code repo.
You need a Subscription in Azure Public cloud tenant
You will need a user with Account Admin, Service Admin or Subscription Admin level privileges to create first DevOPs Organization
After creating the DevOps Organization, Users (scrum master, Managers, developers and testers ) can be invited to these organization from DevOps Organization settings
Users who have Visual Studio (VS) Enterprise licenses will see most of the features in the Azure DevOps Service Organization. So having a Visual Studio Enterprise or professional license subscription is useful and these users are counted as free for Azure DevOps service user pool. These VS license already come with benefit attached and part of those benefit is the access to Azure DevOps service.
It will be greatly beneficial for Admin team (devOps Org management team) to try to understand how Azure DevOps Service Access levels and permission works and how they are mapped to different Visual Studio licenses and how to configure these access for different role of users. You can find useful information in this regard on AzureDocs.
You do not need to have Visual Studio license (it is optional) to use Azure DevOps Service. By default Azure DevOps service is free for small team of 5 developers with limited access to features. So small organization can immediately start using it within their Enterprise Account or Pay-as-you-go subscription. You can add users to your Azure DevOps Service organization irrespective of if they have VS licenses and you can pay for their subscription on a monthly basis.
Also, I will highly recommend training course from Microsoft Learn website on Azure DevOps Service to get excellent understanding of prerequisite and features of Azure DevOps Service. Just search for DevOps keyword and you will find number of courses with different modules that will provide step by step instructions on setting up your first Azure DevOps Service Organization to integrating with GitHub and building pipeline, static code analysis etc.

Change VSEnterprise subscription access level to Basic after removing VSE subscription from user

Some Azure DevOps users need to become Basic users instead of VS Enterprise users, because these users got another role in our organisation.
I removed the VS Enterprise subscription from these users in the MS partner portal (partner.microsoft.com). But Azure DevOps still sees the previously assigned VSE subscription for the users. And I cannot change the access level to Basic because Azure DevOps somehow detects the VSE subscription on the user.
How can I change the access level for the affected users?
Thanks for the input.
Currently, Azure Devops only validates the subscription when the user is added. So remove the user from the organization and then re-add them after removing the subscription should fix it.
Update to this since Eddie's answer is out of date
As of this date, Azure DevOps will automatically change access level based on Visual Studio Subscription (assuming the user is tied to the same email address in AzDO that their VS sub is tied to). You DO NOT have to remove the user from Azure DevOps and add them back in to get Visual Studio Subscription changes to appear in AzDo.
Scenario I observed 02/03/2021
Existing AzDO user had access level of: Visual Studio Professional subscription. User had license upgraded to Visual Studio Enterprise subscription on 02/02/2021. User logged out and back in on 02/03/2021 and access level updated correctly.

Visual Studio Team Services "Link" button is disabled

I am following instructions to link my account to TFS: https://learn.microsoft.com/en-us/bot-framework/azure/azure-bot-service-continuous-integration
It says to go to Team Services accounts, then to choose the account, and click on "Link" but that button is disabled for me. I tried a different account (different credentials, etc.) and I always see the Link button disabled.
Is it a permission issue? What can I do about it?
Image of disabled Link button
If you are not the team services owner, you won't have permission to link azure subscription.
For more possible reasons you can refer:
Q: Why can't I link my Team Services account?
A: This might happen
because:
You're not the Team Services account owner.
You're not at least Co-administrator on the Azure subscription that
you want to link.
If you don't see any Team Services accounts, your account might
already linked to another Azure subscription.
If your Team Services account uses Azure Active Directory (Azure AD)
to authenticate users, you might have a different directory selected
in the Azure portal than the directory that's connected to your Team
Services account.
To select the directory that your Team Services account uses, open the
Azure portal's Subscriptions list:
More details in https://www.visualstudio.com/en-us/docs/setup-admin/team-services/set-up-billing-for-your-account-vs#qa.