Configure Managed DevOps Pools security settings

Important

Managed DevOps Pools is currently in PREVIEW. See the Supplemental Terms of Use for Microsoft Azure Previews for legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.

You can configure security setting for Managed DevOps Pools during pool creation by using the Security tab, and after pool creation by using the Security settings pane.

Configure organization access

Be default, Managed DevOps Pools are configured for a single organization, with access to the pool granted to all projects in the organization. You can optionally limit access to specific projects in the organization, and you can grant access to additional organizations if desired.

Use pool with a single organization

By default, Managed DevOps Pools is configured for use with a single Azure DevOps organization that you specify when you create the pool. When your pool is configured for a single organization, the organization name is displayed and configured in Pool settings

By default, Add pool to all projects is set to Yes, and access to the Managed DevOps Pool is granted to all projects in the organization. Choose No to specify a list of projects to limit which projects in your organization can use the pool.

Screenshot of configuring projects for a single organization.

Use pool in multiple organizations

Enable Use pool in multiple organizations to use your pool with multiple Azure DevOps organizations. For each organization, specify the projects that are permitted to use the pool, or leave blank to allow all projects. Configure the Parallelism for each organization by specifying what portions of the concurrency, as specified by Maximum agents for the pool, to allocate to each organization. The sum of the parallelism for all organizations must equal the maximum concurrency of the pool. For example, if Maximum agents is set to five, the sum of the parallelism for the specified organizations must be five. If Maximum agents is set to one, you can only use the pool with one organization.

In the following example, the pool is configured to be available for the FabrikamResearch and FabrikamTest projects in the fabrikam-tailspin organization, and to all projects in the fabrikam-blue organization.

Screenshot of configuring multiple organizations.

If you receive an error like The sum of parallelism for all organizations must equal the max concurrency., ensure that the Maximum agents count for the pool matches the sum of the Parallelism column.

Configure interactive mode

If your tests need an interactive login for UI testing, enable interactive login by enabling the EnableInteractiveMode setting.

Screenshot of configuring interactive mode.

Pool administration permissions

As part of the Managed DevOps Pool creation process, an organization level agent pool is created in Azure DevOps. The Pool administration permissions setting specifies which users are granted the administrator role of the newly created Azure DevOps pool.

Screenshot of configuring pool administration permissions.

  • Creator only - The user that created the Managed DevOps Pool is added as an administrator of the Azure DevOps agent pool, and Inheritance is set to Off in the agent pool security settings. Creator only is the default setting.
  • Inherit permissions from project - The user that created the Managed DevOps Pool is added as an administrator of the Azure DevOps agent pool, and Inheritance is set to On in the agent pool security settings.
  • Specific accounts - Specify the accounts to be added as administrators of the created agent pool in Azure DevOps. By default the Managed DevOps Pool creator is added to the list.

Note

Pool administration permissions is configured on the Security tab when the pool is created, and are not displayed in the Security settings after the pool is created. To view and manage the Azure DevOps agent pool permissions after the Managed DevOps Pool is created, see Create and manage agent pools - Security of agent pools.

See also