TFS 2017 | TFS 2015 | Previous versions (XAML builds)
When you deploy a private agent, you choose how the agent will authenticate to your Team Foundation Server (TFS). Here we'll show you how to configure TFS to enable your agents to use different authentication methods.
Log on to your server
Log on to the machine where you are running TFS.
Configure basic authentication. See https://github.com/Microsoft/tfs-cli/blob/master/docs/configureBasicAuth.md.
Start Internet Information Services (IIS) Manager. Select your TFS site and make sure Windows Authentication is enabled with a valid provider such as NTLM or Kerberos.
Start Internet Information Services (IIS) Manager. Select your TFS site and make sure Windows Authentication is enabled with the Negotiate provider and with another method such as NTLM or Kerberos.
Personal access token (PAT) authentication is available in TFS 2015 Update 3 or newer and TFS 2017 RTM and newer. To use PAT, your server must be configured with HTTPS. See Web site settings and security.