change-application-access-policies.md

title	titleSuffix	ms.custom	description	ms.prod	ms.technology	ms.assetid	ms.topic	ms.manager	ms.author	author	ms.date	monikerRange
Change application access policies for organizations	Azure DevOps Services	seodec18	Learn how to change application access policies for your organization, so you don't have to enter user credentials multiple times	devops	devops-accounts	2fdfbfe2-b9b2-4d61-ad3e-45f11953ef3e	conceptual	jillfra	chcomley	chcomley		azure-devops

Change application access policies for your organization

[!INCLUDE version-vsts-only]

You can change your application access policies for your organization in Azure DevOps. Azure DevOps offers the capability for other apps to integrate with its services and resources in your organization. To access your organization without asking for user credentials multiple times, apps can use the following authentication methods:

• OAuth to generate tokens for accessing REST APIs for Azure DevOps Services and Team Foundation Server. The Organizations and Profiles APIs support only OAuth.

• Alternate credentials as a single set of credentials across all tools that don't have plug-in, extension, or native support. For example, you can use basic authentication to access REST APIs for Azure DevOps, but you must turn on alternate credentials.

• SSH authentication to generate encryption keys when you use Linux, macOS, or Windows running Git for Windows and can't use Git credential managers or personal access tokens for HTTPS authentication.

• Personal access tokens to generate tokens for:

  • Accessing specific resources or activities, like builds or work items
  • Clients like Xcode and Nuget that require usernames and passwords as basic credentials and don't support Microsoft account and Azure Active Directory features like multi-factor authentication
  • Accessing REST APIs for Azure DevOps

By default, your organization allows access for all authentication methods. You can limit access, but you must specifically restrict access for each method. When you deny access to an authentication method, no app can use that method to access your organization. Any app that previously had access gets an authentication error and can't access your organization.

To remove access for personal access tokens, you must revoke them.

To continue, you'll need at least Basic access and organization owner permissions. How do I find the organization owner?

Change application access policies

1. Sign in to your organization (https://dev.azure.com/{yourorganization}).

2. Choose Organization settings.

   

3. In the Policy tab, review your application connection settings. Change these settings, based on your security policies.

   

   [!Note] Anonymous access is used to access both private and public repos. Learn more at Make your project public.

Related articles

• Need help?
• Assign access levels and extensions by group membership
• Manage conditional access