Restricting Azure DevOps Environment Access to On-Premises Network

D

Conditional Access is a capability of Azure Active Directory. With Conditional Access, you can implement automated access control decisions for accessing your cloud apps that are based on conditions.

Conditional Access policies are enforced after the first-factor authentication has been completed.

The correct answer is D. In Azure Active Directory, configure conditional access.

Explanation: Azure DevOps is a cloud-based service that provides tools for software development and deployment. To secure the Azure DevOps environment, it is essential to restrict access only to authorized users/devices. Azure DevOps provides multiple security features to ensure data privacy, security, and compliance.

To restrict access to the Azure DevOps environment to only devices connected to the on-premises network, we need to configure conditional access in Azure Active Directory. Conditional Access is a policy-based evaluation engine that provides context-aware, intelligent access controls to applications and resources in Azure Active Directory.

Conditional Access enables IT administrators to restrict access to applications based on various criteria, such as location, device type, and user role. We can create a Conditional Access policy that only allows access to Azure DevOps from devices connected to the on-premises network. To do this, follow these steps:

1. Sign in to the Azure portal with your administrator credentials.
2. Navigate to the Azure Active Directory service.
3. Click on the "Conditional Access" blade from the left-hand menu.
4. Click on the "New policy" button.
5. In the "Assignments" tab, select "Users and groups" to specify the users who the policy applies to.
6. In the "Cloud apps or actions" tab, select "Microsoft Azure DevOps."
7. In the "Conditions" tab, select "Locations."
8. Add a new location by selecting the "Include" option and selecting the IP ranges of your on-premises network.
9. In the "Access controls" tab, select "Grant" and choose "Block access."
10. Save the policy by clicking on the "Create" button.

This configuration ensures that only devices connected to the on-premises network can access the Azure DevOps environment. Users who try to access Azure DevOps from other devices will be blocked by the Conditional Access policy.

Option A, assigning the Stakeholder access level to all users, does not provide any security features and only determines the level of access a user has within the Azure DevOps environment.

Option B, configuring risky sign-ins in Azure Active Directory, allows administrators to detect and mitigate potential security risks associated with user sign-ins. This feature is not relevant to restricting access to the Azure DevOps environment from specific devices.

Option C, configuring security in Project Settings in Azure DevOps, enables administrators to configure security settings for specific projects within Azure DevOps, but it does not provide any features to restrict access to the entire Azure DevOps environment from specific devices.