Protect your projects, code, and data in the cloud

    Visual Studio Team Services (Team Services) is Microsoft’s cloud-hosted set of tools for planning, developing, and managing software projects. Based on the capabilities of Team Foundation Server (TFS) with additional cloud services, Team Services manages your source code, work items, builds, tests, and much more. Team Services uses Microsoft Azure’s Platform as a Service (PaaS) infrastructure and many of Azure’s services, including Azure SQL databases, to deliver a reliable, globally available service for your development projects.

    With Team Services, developing in the cloud doesn’t mean putting your projects at risk. Team Services can use Azure Active Directory (AAD) to securely authenticate users and control access to your team’s critical resources. You can manage permissions for your Team Services account by adding AAD groups to your Team Services, and set access levels to determine the features account members can use.

    Secure identity

    Team Services uses Azure Active Directory (AAD) or Microsoft accounts for identity management and to authenticate users. AAD simplifies authentication by providing identity as a service while giving you control to manage user identities and credentials and ensure that only authorized users access the resources they need.

    AAD performs authentication, authorization, and access control, and supports industry-standard protocols. AAD supports multi-factor authentication and single sign-on across cloud services. With Azure MFA, you can require users to verify their sign-ins via mobile app, phone call, or text message. You can use built-in groups in Team Services, and set up your own groups to control access to team projects and collections. You can grant or restrict access with DevOps permissions, work item tracking permissions, and team admin roles and permissions.

    Arrow | Navigate to controlling access to Team Services with AADLearn more about controlling access to Team Services with AAD.

    Secure infrastructure

    Team Services is hosted in Azure datacenters and uses Azure's Platform as a Service offering for much of its infrastructure. PaaS automatically provides regular updates for known security vulnerabilities. Using AAD allows your IT department to manage its end-user access policy, including password complexity, password refreshes and expiration if the user leaves your organization.

    Team Services uses many of the core Azure services, including Compute, Storage, Networking, SQL Database, Identity and Access Management Services, and Service Bus. Azure has a distributed denial of service (DDoS) defense system that helps prevent attacks against our service. It uses standard detection and mitigation techniques such as SYN cookies, rate limiting, and connection limits. The system is designed to withstand attacks not only from the outside but also from within Azure. When Team Services hosts virtual machines in Azure using its Infrastructure as a Service (IaaS) offering—such as for the Hosted Build service—those images include the latest security patches available from Windows Update.

    Arrow | Navigate to Team Services and TFS security featuresLearn more about the Team Services and TFS security features.

    Threat management

    To ensure that activities within the service are legitimate, and to detect breaches or attempted breaches, Team Services leverages Azure's infrastructure and security mechanisms. Team Services live-site management processes focus on service health and customer experience, and minimize the time required to detect, respond to, and mitigate impacting issues. Microsoft conducts regular security-focused penetration testing of Team Services, using the same techniques and mechanisms as real malicious attackers, to identify real-world vulnerabilities, configurations errors, or other security gaps.

    Physical security

    Team Services is deployed on Microsoft Azure in Microsoft datacenters, which are protected by layers of defense-in-depth security that include perimeter fencing, video cameras, security personnel, secure entrances, and real-time communications networks, continuing through every area of the facility to each physical server unit.

    Arrow | Navigate to virtual datacenter tourLearn more about Microsoft’s global datacenters, take a virtual datacenter tour.

    Secure apps and data

    Team Services encrypts data in transit between the user and the service, as well as all connections to Azure Storage and SQL databases, to preserve data integrity. Team Services enables Transparent Data Encryption (TDE) on the SQL databases it uses to protect against the threat of malicious activity by performing real-time encryption of the database, associated backups, and transaction log files at rest.

    Microsoft Team Services uses Azure Storage as the primary repository for service metadata and customer data. Depending on the type of data and the storage and retrieval needs, we use Azure Blob (binary large objects) storage and Azure SQL data storage. Data is encrypted with HTTPS/SSL and TDE. Activities are logged, and real-time alerts detect intrusion. Access to customer data is restricted to level of least privilege. Administrators can manage access to resources by granting or restricting permissions on user identities or groups. Data redundancy and point-in-time backups protect against data loss.

    Arrow | Navigate to how Visual Studio Team Services protects your dataLearn more about how Visual Studio Team Services protects your data.