Restrict public projects.

Why This Matters

Allowing public projects in your Azure DevOps organization exposes sensitive code, work items, and pipelines to anyone on the internet without authentication. This creates a significant attack surface where anonymous users can discover internal processes, vulnerabilities, or intellectual property. Administrators should restrict public projects to prevent unauthorized access and maintain strict control over their organization’s resources.

What Aether365 Checks

Aether365 verifies whether your Azure DevOps organization has the policy to restrict public projects enabled. This check appears in your Aether365 dashboard under the microsoft-365 checks category.