When attempting to add users to VSTS who exist in the connected Azure Active Directory, I am getting a message stating "You are inviting users from outside your directory". I have checked the setting page and it shows that VSTS is backed by the correct Azure Active Directory. Why would the users in AAD not come up as available users in VSTS? Thanks for your help.
Had to open a ticket with Microsoft to address this issue - even though VSTS was showing that it was linked to the correct AAD, we recently changed our domain for AAD and there are additional changes that MS has to make to ensure the linking is functional.
Related
yesterday i installed Azure Devops 2019 (2020) and everything was ok.
i created my first collection
then i granded permission to my friend as collection administrator in its group
then we checked this button and grant permission to others via panel
But today security button hide for both of us (today my security button disappeared and gone )
You can try deleting and redeploying the Azure DevOps server to see if there is still the question.
By the way, you can use the REST API to view the security of the collection. This REST API was not documented, and I found it using the developer console (F12 in most browsers).
GET https://{instance}/{collection}/_settings/security?__rt=fps&__ver=2
My Account(AAD) is Linked with 2 DevOps Organisation(personal organization & Business orgnaization)
I am unable to view Business orgnaization on DevOps Profile but able view personal organization.
I am able to access both via Url https://dev.azure.com/xxxCloud/.
I can't able to Connect DevOps Business Organisation with Visual Studio also.
Please try the following steps:
Please enter aka.ms/vssignout in browser and login to aka.ms/vsprofile again to see if the issue still exists.
If your organizations are in different AADs, please select the right directory in the dropdown list.
Please use other PCs to sign in and check if it works.
If you sign in this organization, can you see the projects in it? Please click specific projects in Web UI, or add project name in organization URL to get access to it.
Please ask your AAD admin to remove your MSA account from Azure Active directory and re-add you again to check if the issue still exists.
In hardening our ADO projects for security, we found that an org-level user named "Azure Boards" has been granted access to all area paths. We haven't yet found documentation on this user, so we're assuming that this is a built-in user that should not be altered. However, as part of hardening we do need to understand more about this user.
The question is: Where is the documentation for the org-level ADO user named Azure Boards (if any)?
Update per comment request:
I cannot find doc to describe this service account, I have raised a new feedback ticket in the GitHub and report it to Microsoft Doc teams, you can follow the ticket to get the latest news, I will continue to check the ticket and If have any achievements, I will inform you here.
Update1
This account Azure Boards gets created when you connect Azure Boards to GitHub. It works in the background to support the features that the GitHub connection supports.
Some Azure DevOps users need to become Basic users instead of VS Enterprise users, because these users got another role in our organisation.
I removed the VS Enterprise subscription from these users in the MS partner portal (partner.microsoft.com). But Azure DevOps still sees the previously assigned VSE subscription for the users. And I cannot change the access level to Basic because Azure DevOps somehow detects the VSE subscription on the user.
How can I change the access level for the affected users?
Thanks for the input.
Currently, Azure Devops only validates the subscription when the user is added. So remove the user from the organization and then re-add them after removing the subscription should fix it.
Update to this since Eddie's answer is out of date
As of this date, Azure DevOps will automatically change access level based on Visual Studio Subscription (assuming the user is tied to the same email address in AzDO that their VS sub is tied to). You DO NOT have to remove the user from Azure DevOps and add them back in to get Visual Studio Subscription changes to appear in AzDo.
Scenario I observed 02/03/2021
Existing AzDO user had access level of: Visual Studio Professional subscription. User had license upgraded to Visual Studio Enterprise subscription on 02/02/2021. User logged out and back in on 02/03/2021 and access level updated correctly.
I am currently trying to set up a build through Visual Studio App Center to connect to a VSTS repository.
I have a VSTS account through my works Active Directory and I am also a member of other organizations VSTS instances using the same email. When I connect to configure a build through VSTS, I am only given options to projects that I have access to in only my organization.
I have revoked my initial connection per this, but it is still showing only the projects within my organization when re-authorizing.
Is there a way to connect to projects that are a part of the other organizations I am affiliated with?
Revoke the connection first and then following the steps below:
Switch to VSTS Web Portal.
Click on Personal Settings and click "My profile".
Switch to the Directory which contains the VSTS account you want to connect.
Go back to VSAC and connect to the VSTS. You should see the switched Directory on the OAuth page: