Manage conditional access to Team Services

Last Update: 5/9/2017

Team Services

Conditional access offers simple ways to help secure resources for Team Services accounts backed by an Azure Active Directory (AAD) tenant. Conditional access policies like multi-factor authentication can help protect against the risk of compromised credentials and help keep your organization's data safe. For example, in addition to requiring credentials, you can have a policy that only devices connected to a corporate network can gain access. More generally, there are a few requirements and actions you can take for devices in a device management system, which is security software used by IT departments to manage devices running various operating systems from various locations/networks.

You can require conditions such security group membership, location and network identity, specific OS, enabled device in a management system, and so on.

Depending on which conditions the user satsifies, you can require multi-factor authentication, require further checks, or block access.


Team Services only enforces conditional access policies when a user signs into services with their AAD credentials. Accessing Team Services using personal access tokens (PATs), alternate authentication, OAuth, and SSH keys circumvents conditional access policies.

See more information and resources.

Enable conditional access for Visual Studio Team Services

You need to use the azure portal to enable conditional access.

See detailed instructions and requirements.

azure portal turning on conditional access for Team Services