Securing Azure DevOps Environment for On-Premises Network Access

D

Conditional Access is a capability of Azure Active Directory. With Conditional Access, you can implement automated access control decisions for accessing your cloud apps that are based on conditions.

Conditional Access policies are enforced after the first-factor authentication has been completed.

To ensure that the Azure DevOps environment can only be accessed from devices connected to the company's on-premises network, you need to implement network-level security controls. One way to do this is by configuring conditional access in Azure Active Directory. Therefore, the correct answer is D.

Conditional access allows you to control access to your cloud apps based on specific conditions, such as the location of the user or device. You can create a policy that requires users to be on a company's on-premises network before they can access Azure DevOps. To configure conditional access in Azure Active Directory, you can follow these steps:

1. Log in to the Azure portal (https://portal.azure.com/) with your Azure Active Directory credentials.
2. Navigate to the Azure Active Directory blade.
3. Click on Conditional Access under Security.
4. Click on New policy to create a new policy.
5. Configure the policy to require that users must be on the company's on-premises network to access Azure DevOps.
6. Save the policy.

After you configure the conditional access policy, users will need to be on the company's on-premises network to access Azure DevOps. If a user attempts to access Azure DevOps from outside the network, they will be denied access.

Assigning devices to a security group (answer A) or creating a GPO (answer B) are not sufficient solutions to restrict access to Azure DevOps from devices on the company's on-premises network. These solutions can only control access at the device level and do not provide network-level security controls. Configuring Security in Project Settings from Azure DevOps (answer C) is also not a solution as it only deals with permissions and access to the projects within Azure DevOps and not with network-level security.