Merge pull request #89187 from curtand/devops0919

PRMerger13 · web-flow · commit 6c57a7f91d0f · 2019-09-19T16:29:49.000-07:00
[Azure AD roles] re-revert DevOps admin
diff --git a/articles/active-directory/users-groups-roles/directory-assign-admin-roles.md b/articles/active-directory/users-groups-roles/directory-assign-admin-roles.md
@@ -10,7 +10,7 @@ ms.service: active-directory
 ms.workload: identity
 ms.subservice: users-groups-roles
 ms.topic: article
-ms.date: 09/05/2019
+ms.date: 09/20/2019
 ms.author: curtand
 ms.reviewer: vincesm
 ms.custom: it-pro
@@ -76,6 +76,12 @@ The Authentication administrator role is currently in public preview. This previ
 * Administrators in other services outside of Azure AD like Exchange Online, Office Security and Compliance Center, and human resources systems.
 * Non-administrators like executives, legal counsel, and human resources employees who may have access to sensitive or private information.
 
+### [Azure DevOps Administrator](#azure-devops-administrator-permissions)
+
+Users with this role can manage the Azure DevOps policy to restrict new Azure DevOps organization creation to a set of configurable users or groups. Users in this role can manage this policy through any Azure DevOps organization that is backed the company’s Azure AD organization.
+
+All enterprise Azure DevOps policies can be managed by users in this role.
+
 ### [Azure Information Protection Administrator](#azure-information-protection-administrator-permissions)
 
 Users with this role have all permissions in the Azure Information Protection service. This role allows configuring labels for the Azure Information Protection policy, managing protection templates, and activating protection. This role does not grant any permissions in Identity Protection Center, Privileged Identity Management, Monitor Office 365 Service Health, or Office 365 Security & Compliance Center.
@@ -489,6 +495,19 @@ Allowed to view, set and reset authentication method information for any non-adm
 | microsoft.office365.supportTickets/allEntities/allTasks | Create and manage Office 365 support tickets. |
 | microsoft.directory/users/password/update | Update passwords for all users in the Office 365 organization. See online documentation for more detail. |
 
+### Azure DevOps Administrator permissions
+
+Can manage Azure DevOps organization policy and settings.
+
+> [!NOTE]
+> This role has additional permissions outside of Azure Active Directory. For more information, see [role description](#azure-devops-administrator) above.
+>
+>
+
+| **Actions** | **Description** |
+| --- | --- |
+| microsoft.azure.devOps/allEntities/allTasks | Read and configure Azure DevOps. |
+
 ### Azure Information Protection Administrator permissions
 
 Can manage all aspects of the Azure Information Protection service.
