| title | Restrict administrators from inviting new users |
|---|---|
| titleSuffix | Azure DevOps Services |
| description | Learn how to manage the policy that allows Team and Project Administrators to invite new users to Azure DevOps Services. |
| ai-usage | ai-assisted |
| ms.assetid | |
| ms.topic | how-to |
| ms.subservice | azure-devops-security |
| ms.author | chcomley |
| author | chcomley |
| monikerRange | azure-devops |
| ms.date | 03/09/2026 |
[!INCLUDE version-eq-azure-devops]
By default, all administrators can invite new users to their Azure DevOps organization. When you disable this policy, Team and Project Administrators can't invite new users or add Microsoft Entra groups. However, Project Collection Administrators (PCAs) can still add new users and Microsoft Entra groups to the organization regardless of the policy status. Additionally, if a user is already a member of the organization, Project and Team Administrators can add that user to specific projects.
| Category | Requirements |
|---|---|
| Permissions | Member of the Project Collection Administrators group. Organization owners are automatically members of this group. |
| Microsoft Entra | Member in the destination Microsoft Entra ID. For more information, see Convert a Microsoft Entra guest into a member. |
-
Sign in to your organization (
https://dev.azure.com/{yourorganization}). -
Select
Organization settings.
-
Under Security, select Policies, and then move the toggle to off.
:::image type="content" source="media/user-policy-invite-new-users.png" alt-text="Screenshot showing the policy toggle to limit Team and Project Administrators from inviting new users.":::
Now, only Project Collection Administrators can invite new users to Azure DevOps.
Note
Project and Team Administrators can add users directly to their projects through the permissions blade. However, if they attempt to add users through the Add Users button located in Organization settings > Users, they can't see it. Adding a user directly through Project settings > Permissions doesn't automatically add the user to the Organization settings > Users list. The user must sign in to the system for the user to appear in the Users list.