What's in this chapter?
When you first start looking at security, groups, and permissions in Team Foundation Server, you might find it very daunting. This is a large system with many different features. A large part of the customer base also demands fine-grained controls in order to meet compliance goals. Combined, these two features make managing security a sometimes tricky task.
However, by understanding some basic principles and avoiding some of the traps, Team Foundation Server security can be corralled to achieve your security objectives. This chapter examines those principles and provides the information you'll need to avoid common pitfalls.
The Visual Studio Online service provides the same core Team Foundation Server capabilities as does its on-premises counterpart. Where it diverges is in the security realm. As you will see later in this chapter, Team Foundation Server can work with Domain and Workgroup user accounts. The problem encountered with a cloud-based service is that there is no common Domain or Workgroup that can be called upon to provide authentication. To resolve this, Microsoft built the service's security model around the Microsoft account system (formerly Windows Live ID). This means that anyone that wishes to ...