AzureDevOps Server 2020 with Azure Application Proxy

Copper Contributor

Hi,

 

we want to migrate to Azure DevOps Server 2020 and prepared the complete system. It is working perfect in the own company domain. But we have an additional requirement, that external developers and partners could also work in the company Azure DevOps Server environment. And it should use MultiFactorAuthentication (MFA)


We tested Azure Application Proxy, but we have different problems.
Pre-Authentication: 

  1. Azure Active Directory
    • Browser WebGui isn't showing the complete content, because iFrames are not working correct (perhaps different url's then, because Azure DevOps Server has his own internal base Url)
    • VisualStudio can't access the Url. Seems like a MFA problem. We have tested the helpside of Microsoft documentation, but the visualstudio option didn't help.
  2. Passthrough
    • WebGui has no MFA security and same problem with missing content.
    • VisualStudio can access the Url, but we dont have MFA anymore.

Have someone experience with AzureDevOpsServer (on-premise) and external access ?
We can't migrate to Azure DevOps easily, because Toolchain must be validated in a medical environment.

1 Reply

@HeikeHofmann To set up external access, you need to configure your network and firewall to allow incoming connections to the Azure DevOps Server, and then configure the Azure DevOps Server to accept connections from external clients. The exact steps to configure external access vary depending on the specific network and firewall configurations, but typically involve opening specific ports, creating firewall rules, and configuring a URL for external access.

It's important to keep in mind that setting up external access for an on-premise Azure DevOps Server can introduce security risks, so it's important to follow best practices for securing the server and data. This may include using SSL certificates, using secure authentication methods, and monitoring network traffic for suspicious activity.