Auditing for Azure DevOps is now in Public Preview
We’re excited to announce that Auditing for Azure DevOps is now available for all organizations as a Public Preview! As Azure DevOps keeps growing and is adopted by enterprises, our customers have been demanding for the ability to monitor activities and changes throughout their organizations.
When an auditable event occurs, a log entry is recorded. These events may occur in any portion of Azure DevOps; some examples of auditable events include: Git repository creations, permission changes, resource deletions, code downloads, accessing the auditing feature, and much more.
The audit events include information such as who caused the event to be logged and their IP, what happened, and other useful details that can help you answer the who, what, when, and where questions.
We will be working over the next few months on enhancing auditing with new features. In the next quarter we’ll be working on a streaming feature which will allow you to send your logs to first and third party Security Incident and Event Management (SIEM) tools. The use of these tools along with auditing will give you more transparency into your workforce and allow for anomaly detection, trend visualization, and more!
The auditing feature can be found under the Organizations settings. For more information, see our documentation.
We’d love to hear your feedback as we continue to move towards making this feature generally available! You can share your thoughts directly with the product team using @AzureDevOps, Developer Community, or comment on this post.
I don’t see Git/code audit events in the logs today even though you mention them in this post and they are mentioned in the documentation. Are they not available yet?
Hi @Brian, Thanks for your question, we have added a few Git events that will become available with the Sprint 154 Update, please keep tunned as we continue adding more events.
This news is awesome. As an administrator for one of those ‘enterprise customers’ looking after 2000 users is not easy. But this improvement will help us alot… when it is available for on-prem too 😉
I would love to push this priority for DevOps Server to high position, but how could I (my company) ?
Looks like on-prem support is on the roadmap for 2019.1
Hey Christoph – We’re happy to hear that you’re exicted for this feature! Bringing this on-prem is still very much on our radar. I’m hopeful that we’ll have a better timeline for that later on this quarter. Until then, please feel free to try out auditing in an organization on the hosted product and let us know if you have any additional feedback!
Hi Christoph, thanks for reaching out, by sharing your opinion you are influencing the way me team prioritizes new features, please keep providing feedback. Streaming being a highly requested one is our immediate priority, on-prem Auditing is more of a longer term goal.
Hi,I cannot understand why such a basic feature is not available yet; the product is 13 years old and I still cannot find who deleted an iteration two days ago.So +1 for on-premises
Hey Daniel – Thanks for your feedback. We’re working hard to build out the set of auditing events that we log and building in a streaming capability over the next quarter. Bringing this on-prem is still very much on our radar. I’m hopeful that we’ll have a better timeline for that later on this quarter. Until then, please feel free to try out auditing in an organization on the hosted product and let us know if you have any additional feedback!
This is nice feature which i was looking for a while. Right now we can download the events to excel , is there any plan to implement trigger notifications to slack / email during changes in security area. Also, it would be nice if we can have filters for columns.
thanks is very helpful karbarwp-web-design
We have the same question, are there plans to include a service hook / trigger notifications – based on auditing events?
This would help us automate governance better. Thanks!
Hi! When will we see a native integration with Azure Sentinel for this? I really really want it. 🙂
Hi I don’t see any logs related to Azure Repos in the Auditing logs. In the above article and documentation you mentioned about code downloads. I really wanted to know if it is possible to get detailed information on who downloaded as zip and/or cloned the code from azure repos. Are they available?
We love that and we’ve already automated querying Azure DevOps audit logs and inserting them into Log Analytics Workspace. KQL is powerful. It’s not a problem now to have a full picture of what’s going on.