Need to restrict access to Azure DevOps Git Repository from outside the company intranet

Right now at this phase of project we are doing some POCs and kept our code in Azure DevOps Repository from where we trigger our CI/CD build and release pipelines. But the problem is the code from the Azure Repository can be downloaded anywhere (even on one’s own personal laptop) by the person who has access to Azure DevOps. We want that one should not be able to work with Azure DevOps Repository or Azure DevOps Git Repository from outside the company intranet. For that we need some solutions. We have been thinking on some options like 1) Having our codebase in GitHub Enterprise which will be installed and configured in an Azure VM. OR 2) Put IP address restrictions such that IP addresses which fall outside company intranet can’t access Azure DevOps at all.

Could anyone validate which option we should go for or suggest any better option if available. The option should also be cost effective. Will GHE be a better long term solution?

2 Likes

You can use azure AD conditional access to limit the IP ranges from which azure devops may be accessed. You could also self-host azure devops server on-premises. And of course GHE.

I would say 1 would be the most cost effective solution, it does require azure ad p1 licenses to use conditional access.