Note
Access to this page requires authorization. You can try signing in or .
Access to this page requires authorization. You can try .
Restrict organization creation
Azure DevOps Services
By default, any user in a Microsoft Entra tenant can create new Azure DevOps organizations. You can enable the Restrict organization creation policy to control this behavior. When you turn on this policy, only users and groups on the allow list can create organizations. All other users, except for Azure DevOps administrators, are blocked unless explicitly added to the allow list.
Note
This policy only affects the creation of new organizations. It doesn't change access to existing organizations or affect their settings.
Prerequisites
| Category | Requirements |
|---|---|
| Permissions | Azure DevOps Administrator role in Microsoft Entra ID. |
Turn on the policy
To turn on the policy that restricts users from creating new organizations, follow these steps:
Sign in to your organization (
https://dev.azure.com/{Your_Organization}).Select 👁 Screenshot shows the gear icon.
Organization settings.👁 Screenshot showing highlighted Organization settings button.
Select Microsoft Entra ID, and then switch the toggle to turn on the policy, restricting organization creation.
👁 Screenshot shows highlighted toggle for Restrict organization creation.
Configure the allow list and error message
After you enable the policy, you can manage which users and groups are allowed to create organizations, and customize the error message that blocked users see.
Add users or groups to the allow list
Warning
We recommend using groups with your tenant policy allow list. If you use a named user, a reference to the named user's identity resides in the United States, Europe (EU), and Southeast Asia (Singapore).
When you enable the Restrict organization creation policy, users or groups on the allow list can create organizations. All other users, except for Azure DevOps administrators, are blocked unless they're on this list.
To add a user or group to the allow list:
- Go to Organization settings > Microsoft Entra ID.
- Under Allow list, select Add Microsoft Entra user or group.
- Search for and select the user or group, and then save your changes.
For more information, see Add organization users and manage access.
Customize the error message
You can change the error message that users see when they're blocked from creating an organization.
Go to Organization settings > Microsoft Entra ID.
Select Edit display message.
Enter your customized message, and then select Save.
The following image shows an example of a customized error message.
👁 Screenshot shows customized error message.
Related content
Feedback
Was this page helpful?