Group of two men and two women in vivid discussion

Microsoft Visual Studio Team Services

Visual Studio Team Services supports your security, privacy and compliance needs.

Protect your projects, code, and data in the cloud

Visual Studio Team Services (Team Services) is Microsoft’s cloud-hosted set of tools for planning, developing, and managing software projects. Based on the capabilities of Team Foundation Server (TFS) with additional cloud services, Team Services manages your source code, work items, builds, tests, and much more. Behind the scenes, Team Services uses the Microsoft Azure Platform as a Service (PaaS) infrastructure and many Azure services, including Azure SQL databases, to deliver a reliable, globally available service for your development projects.

With Team Services, developing in the cloud doesn’t mean putting your projects at risk. Team Services can use Azure Active Directory to securely authenticate users and control access to your team’s critical resources. You can manage permissions for your Team Services account by adding Azure Active Directory groups to your Team Services, and set access levels to determine the features that your team members can use.

Team Services uses Azure Active Directory or Microsoft accounts for identity management and to authenticate users. Azure AD simplifies authentication by providing identity as a service while giving you control to manage user identities and credentials and ensure that only authorized users access the resources they need.

Azure AD performs authentication, authorization, and access control, and supports industry-standard protocols. It supports multi-factor authentication and single sign-on across cloud services. With Azure Multi-Factor Authentication, you can require users to verify their sign-in via mobile app, phone call, or text message. You can use built-in groups in Team Services, and set up your own groups to control access to team projects and collections. You can grant or restrict access with DevOps permissions, work item tracking permissions, and team admin roles and permissions.

Learn more about controlling access to Team Services with Azure AD

Team Services encrypts data in transit between the user and the service, as well as all connections to Azure Storage and SQL databases, to preserve data integrity. Team Services enables Transparent Data Encryption (TDE) on the SQL databases it uses to protect against the threat of malicious activity by performing real-time encryption of the database, associated backups, and transaction log files at rest.

Team Services uses Azure Storage as the primary repository for service metadata and customer data. It uses Azure Blob (binary large objects) storage and Azure SQL data storage, depending on the type of data and the storage and retrieval needs. Data is encrypted with HTTPS/SSL and TDE. Activities are logged, and real-time alerts detect intrusion. Access to customer data is restricted to level of least privilege. Administrators can manage access to resources by granting or restricting permissions on user identities or groups. Data redundancy and point-in-time backups protect against data loss.

Learn more about how Team Services protects your data

Team Services is hosted in Azure datacenters and uses the Azure PaaS offering for much of its infrastructure. PaaS automatically provides regular updates for known security vulnerabilities. By using Azure AD, your IT department can manage its end-user access policy, including password complexity, refreshes, and expiration, when users leave your organization.

Team Services uses many of the core Azure services, including Compute, Storage, Networking, SQL Database, Identity and Access Management Services, and Service Bus. Azure has a distributed denial-of-service (DDoS) defense system that helps prevent attacks against our service. It uses standard detection and mitigation techniques such as SYN cookies, rate limiting, and connection limits. The system is designed to withstand attacks not only from the outside but also from within Azure. When Team Services hosts virtual machines in Azure using its Infrastructure as a Service (IaaS) offering—such as for hosted pipelines in the Build and Release service—those images include the latest security patches available from Windows Update.

Learn more about Team Services and TFS security features

Threat management

To ensure that activities within the service are legitimate, and to detect breaches or attempted breaches, Team Services uses the Azure infrastructure and security mechanisms. Team Services live site management processes focus on service health and customer experience, and minimize the time required to detect, respond to, and mitigate disruptive issues. Microsoft conducts regular security-focused penetration testing of Team Services, using the same techniques and mechanisms as real malicious attackers, to identify real-world vulnerabilities, configurations errors, or other security gaps.

Physical security

Team Services is deployed on Azure in Microsoft datacenters, which are protected by layers of defense-in-depth security that include perimeter fencing, video cameras, security personnel, secure entrances, and real-time communications networks, continuing through every area of the facility to each physical server unit.

Take a virtual datacenter tour