堆栈内存溢出
  简体   繁体   English

如何限制组织中的特定用户从我们的办公室 IP 之外访问 Azure DevOps

[英]How can I restrict particular users in my organization to access Azure DevOps from outside of our office IP

 原文  2019-02-19 12:27:06       visual-studio/ azure-devops/ azure-active-directory

问题描述

We have almost 16 users in our Azure DevOps Organisation.我们的 Azure DevOps 组织中有近 16 位用户。 I am having the admin privilege for the azure account.我拥有 azure 帐户的管理员权限。 I saw a few blogs regarding Active Directory Enabling method and all.我看到了一些关于Active Directory 启用方法的博客。 But it was not clear.但当时还不清楚。

How can we manage this restriction in Azure DevOps.我们如何在 Azure DevOps 中管理此限制。

NB:-Our users are accessing Azure DevOps through their outlook account.For ex:-sample.orgnization@outlook.com注意:-我们的用户通过他们的 Outlook 帐户访问 Azure DevOps。例如:-sample.orgnization@outlook.com

2 个解决方案

解决方案1
 2  2019-02-19 12:44:05

Depending on your setup, there are a couple of options:根据您的设置,有几个选项:

Azure DevOps configured as MSA backed with AAD guests in Azure DevOps Azure DevOps 配置为 MSA,并在 Azure DevOps 中使用 AAD 来宾

When your Azure DevOps account is configured to be backed by Microsoft Accounts (formerly Live IDs, or Outlook.com or Hotmail.com), it can add Azure Active Directory users as guests into the account.当你的 Azure DevOps 帐户配置为由 Mi​​crosoft 帐户(以前称为 Live ID、Outlook.com 或 Hotmail.com)支持时,它可以将 Azure Active Directory 用户作为来宾添加到帐户中。 This feature was added last autumn.这个功能是去年秋天添加的。

In this configuration, you can invite AAd and MSA users directly from Azure DevOps and the MSA users don't get any access to the Azure account.在此配置中,您可以直接从 Azure DevOps 邀请 AAd 和 MSA 用户,并且 MSA 用户无法访问 Azure 帐户。

Azure DevOps configured as AAD backed with MSA guests in Azure Active Directory配置为 AAD 的 Azure DevOps 由 Azure Active Directory 中的 MSA 来宾支持

When your Azure DevOps account is configured to be backed by Azure Active Directory, it can only add users who are known in Azure Active Directory.当你的 Azure DevOps 帐户配置为由 Azure Active Directory 支持时,它只能添加 Azure Active Directory 中已知的用户。 However, you can invite Microsoft Accounts into your AAD as guests.但是,您可以邀请 Microsoft 帐户作为来宾加入您的 AAD。 You can even invite users from other AADs as federated guests.您甚至可以邀请来自其他 AAD 的用户作为联合来宾。

In this configuration you can only invite users who are known by AAD into you Azure DevOps account.在此配置中,您只能邀请 AAD 已知的用户加入您的 Azure DevOps 帐户。 If they're not in AAD, you'll have to invite them into AAD first.如果他们不在 AAD,您必须先邀请他们加入 AAD。

Switching交换

You can switch the account between the different association modes.您可以在不同的关联模式之间切换帐户。 To migrate existing users from one type to another (AAD->MSA, MSA->AAD) you currently need to open a support request to get all of the users mapped over .要将现有用户从一种类型迁移到另一种类型(AAD->MSA、MSA->AAD),您当前需要打开支持请求以获取映射到. In this scenario you get an excel export from your account and you provide a mapping between the old and the new uesr account.在这种情况下,您会从您的帐户中获得 excel 导出,并提供新旧 uesr 帐户之间的映射。 Support will mapthem for you.支持将为您映射它们。

Manual process手工流程

You can also take a manual approach.您也可以采用手动方法。 This model isn't well documented.这个模型没有很好的记录。 And when manually mappign you'll have to re-apply the security permissions manually as well.当手动 mappign 时,您还必须手动重新应用安全权限。 As such, thsi approach isn't recommended.因此,不推荐这种方法。

Once in AAD一次在 AAD

Once your users are all in Azure Active directory, you can set policies on their access patterns, restrict IP addresses, require 2FA tokens and such.一旦您的用户都在 Azure Active Directory 中,您就可以针对他们的访问模式设置策略、限制 IP 地址、需要 2FA 令牌等。 The value is questionable for external users as it won't work for all guest types.该值对于外部用户是有问题的,因为它不适用于所有访客类型。 It will be valuable for your own users.它将对您自己的用户很有价值。 You can enforce policy on users in your AAD.可以在AAD对用户执行政策。 It's recommended to work with your federation partners to ensure that they're also using the right policies for their own users.建议与您的联盟合作伙伴合作,以确保他们也为自己的用户使用正确的策略。

解决方案2
 1 已采纳  

I think this will help you, I also faced the same problem which I mentioned, this article explained in details very clearly that how we can apply 'Conditional Access Policies' to avoid unauthorized access on Azure repositories(Code).我认为这会对您有所帮助,我也遇到了我提到的相同问题, 本文非常清楚地解释了我们如何应用“条件访问策略”来避免对 Azure 存储库(代码)进行未经授权的访问。 after apply the policies on Azure portal, We need to enable the option on dev.portal Enable Conditional Access for Azure DevOps , Hope this will helps you.在 Azure 门户上应用策略后,我们需要启用 dev.portal 上的选项Enable Conditional Access for Azure DevOps ,希望这对您有所帮助。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 How can I restrict my Azure Web App API access to only my Xamarin.Forms app? - How can I restrict my Azure Web App API access to only my Xamarin.Forms app? 如何在 Azure DevOps Git Repo 中包含来自 Microsoft Dynamics 365 项目的 X++ 代码? - How can I include X++ code from my Microsoft Dynamics 365 project in my Azure DevOps Git Repo? Azure Devops - MSTest - 如果我的单元测试失败,我如何使构建失败,但在集成测试失败时继续(带有警告/通知) - Azure Devops - MSTest - How can I fail a build if my unit tests fail, but continue (with warning/notification) when integration test fail 如何为我的 Azure SQL DB 创建 Azure DevOps 存储库? - How do I create an Azure DevOps Repos for my Azure SQL DB? 如何将我的Azure DevOps NPM Artifact提要用作libman.json中的提供者? - How do I use my Azure DevOps NPM Artifact feed as a provider in my libman.json? 如何从我的xamarin移动应用程序访问Azure数据库数据? - How do I access my azure database data from my xamarin mobile app? 我可以将自动化测试用例与 Azure DevOps 中不同集合中的测试用例工作项相关联吗? - Can I associate an automated test case to a Testcase workitem from a different Collection in Azure DevOps? 如何安装扩展程序以便所有用户都可以访问它? - How can I install an extension so that all users can access it? 我怎么能用.NET学习我的客户端IP? - how can i learn my client ip with .NET? 如何获得3G调制解调器的IP地址? - How can i get IP Address of my 3G modem?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM