Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Azure DevOps Services
By default, any user in a Microsoft Entra tenant can create new Azure DevOps organizations. You can enable the Restrict organization creation policy to control this behavior. When you turn on this policy, only users and groups on the allowlist can create organizations. All other users, including Azure DevOps administrators, are blocked unless explicitly added to the allowlist.
Note
This policy only affects the creation of new organizations. It doesn't change access to existing organizations or affect their settings.
Prerequisites
| Category | Requirements |
|---|---|
| Permissions | Azure DevOps Administrator role in Microsoft Entra ID. |
Turn on the policy
To turn on the policy that restricts users from creating new organizations, follow these steps:
Sign in to your organization (
https://dev.azure.com/{Your_Organization}).Select
Organization settings.
Select Microsoft Entra ID, and then switch the toggle to turn on the policy, restricting organization creation.
Configure the allowlist and error message
After you enable the policy, you can manage which users and groups are allowed to create organizations, and customize the error message that blocked users see.
Add users or groups to the allowlist
Warning
We recommend using groups with your tenant policy allowlist. If you use a named user, a reference to the named user's identity resides in the United States, Europe (EU), and Southeast Asia (Singapore).
Users or groups on the allowlist can create organizations when you enable the Restrict organization creation policy. All other users, including Azure DevOps administrators, are blocked unless they're on this list.
To add a user or group to the allowlist:
- Go to Organization settings > Microsoft Entra ID.
- Under Allow list, select Add Microsoft Entra user or group.
- Search for and select the user or group, and then save your changes.
For more information, see Add organization users and manage access.
Customize the error message
You can change the error message that users see when they're blocked from creating an organization.
Go to Organization settings > Microsoft Entra ID.
Select Edit display message.
Enter your customized message, and then select Save.
The following image shows an example of a customized error message.
