Azure DevOps Organization

Overview

There’re a number of elements to setting up an ADO organization. Below shows a flowchart with all the key tasks required to setup ADO:

Process to follow

The next section goes through in more detail the steps from above and also provides links to the Microsoft Documentation to help with the setup:

Review Business Organizational Structure

First it’s key to understand your business and organizational structure to then use this to drive the ADO setup. This will feed into and inform the next steps. Look the business units, number of applications per business unit and number of developers per business unit. This helps to making decisions around number of organizations and projects that Azure DevOps will need to support.

Do I need One or Multiple Organizations?

One organization works for most scenarios and is a good starting point where multiple projects and teams can be added to an organization, which can drive productivity and adoption initially. Going with a multiple organizations model is generally driven by the need for teams and projects to work in isolation and/or require a different security model across different of a company.

Create Organization

What is an Organization?

• It’s the primary entry point (e.g. https://dev.azure.com/{yourorganization}) into Azure DevOps where projects and supporting products are hosted.

Initial Configuration

• Remember an Owner for the organization is required.
• URL for logging into the new organization is https://dev.azure.com/{yourorganization}.
• Set Region where the organization is hosted.
• Connect your organization to Azure Active Directory
• Restrict Organization create to AAD Tenant

Permissions and Access

Review Security Permission Groups

Learn how to add users to your organization and manage user access through direct assignment.

Create Custom Security Permission Groups

• Create ADO Organization Administrator Group
• Create ADO Pipeline Group
• Create ADO Security Administrator Group
• Create ADO Boards Administrator Group

Create / Assign AAD Groups to Custom Security Permission Groups

Setup Billing for the Organization

If you need more than the free tier of resources in your organization, you can set up billing. When you set up billing you can also buy other features offered by Microsoft or other companies.

The free tier offers:

• First five users free (Basic license)
• Azure Pipelines:
  • One Microsoft-hosted CI/CD (one concurrent job, up to 30 hours per month)
  • One self-hosted CI/CD concurrent job
• Azure Boards: Work item tracking and Kanban boards
• Azure Repos: Unlimited private Git repos
• Azure Artifacts: Two GiB free per organization

If move than the above is required, billing will need to be setup for your organization.

Review Security Policies

Learn how to manage your organization’s security policies that determine how applications can access services and resources in your organization. You can access most of these policies in Organization Settings.

Setup Auditing and Monitoring

• Enable Log Audit Events
• Create Audit Stream to Event Grid / Azure Monitor or Splunk

Boards

Under the Organization Settings for Boards. The processes that are available for projects can be added, updated, deleted and/or disabled in this section. The initial processes that are available are:

• Basic (default)
• Agile
• Scrum
• CMMI

The default process for all new projects can also be set in this section. New Fields, Groups and Pages can be created for the different work item types in the processes. This is key for customizing for your organization.

Pipelines

Under the Organization Settings for Pipelines. There’re a number of options that need to be setup from an organizational perspective. Below are a couple of settings that can be set:

• Creation of classic build and release pipelines can be disabled.
• Marketplace tasks could be disabled.

This is a key area where Agent Pools need to be setup and managed for the organization. The 2 types of Agents Pools that need to be understood are:

• Microsoft Hosted Agent Pools
  • Can be used for Public deployments
• Self-Hosted Agent Pools
  • Needs to be used when deployments are private and for example go to resources that are private in a Virtual Network.

Repositories

Repositories the default branch name for repositories can for changed. This will affect all new repositories that get created. Currently this is defaulted to main

Preview Features

As new features are introduced, you can turn them on or off. That way, you can try them out, provide feedback, and work with the ones that meet your requirements. Some preview features provide access to entire new functionality. Others, such as the New Wiki experience, reflect a change to the user interface, but little or no change in functionality.