Connecting Azure Devops activity logs to Defender for Cloud Apps

Copper Contributor

The relationship between Azure Devops(dev.azure.com) and Azure Active Directory and it's conditional access policy is interesting if you have the devops portal connected to AAD. 

 

CAP policy appears to apply to Azure DevOps if applied to the Azure Management Portal itself. 

 

I am looking for a way to get log activity from Azure DevOps to Defender for Cloud Apps for analytics of suspicious insider behaviors.   (mass downloads for example)

 

The normal connection methods don't quite seem to apply?

Any help would be great.

2 Replies

Hi @JesseDemaree 

 

Did you have any luck to get this done? I am trying to configure conditional access for devops but couldn't find anything.

From what I have seen any CAP you apply to the Azure Management Portal(app in CAP) applies to Azure Devops access. This is despite there being an application in the conditional access policy app selector menu for Azure Devops explicitly.

I am not sure WHY it does that but it complicates splitting the two services from an access model perspective. I have had to split role-based access configs for some folks to limit data-level access in the portal to reduce risk.