HERE'S WHY
Connecting Azure Repos (DevOps) to Drata allows for the automated tests and evidence collection to prove to auditors that your company follows its software development lifecycle procedures.
BEFORE DIVING IN
Be signed into Microsoft 365 already or you will be prompted to do so upon connection from Drata. You must also have an Azure DevOps Admin account with Read access to the organization and projects.
Take note:
Azure-created Service Accounts may show up in Drata with this integration, if Microsoft 365 is your Identity Provider.
There are a few service accounts that are generated by Microsoft Repos to support specific operations. These user accounts are added at the organization or collection level.
"Agent Pool Service", which is responsible for performing Azure DevOps read/write operations and updating work items when GitHub objects are updated.
"PipelinesSDK" which is similar to the build service identities but supports locking down permissions separately.This identity is granted read-only permissions to pipeline resources and the one-time ability to approve policy requests.
HERE'S HOW
Follow these instructions to connect Azure Repos (DevOps) to Drata:
1. Select "Connections" on the side navigational menu.
2. Select the 'Available connections' tab and then search for 'Azure Repos (DevOps)' to select the connect button for the Azure Repos (DevOps) integration.
The slide-out panel will provide step-by-step instructions (see below).
MANAGED VERSION CONTROL ACCOUNTS
Upon initial connection, Drata will sync your Azure DevOps Repos users onto the Managed Accounts page. There can be delays from the Microsoft API in syncing all users, so please wait a few minutes before verifying all user accounts have synced. In addition, please ensure you have toggled the setting for "Third-party application access via OAuth" to ON under Organization Settings -> Policies.
