Skip to content

Commit ce8b47a

Browse files
snicklezzzsnicklezzz
committed
added note to clarify resource provider scope for DevOps policy exemptions
1 parent 4215c5d commit ce8b47a

1 file changed

Lines changed: 7 additions & 0 deletions

File tree

articles/defender-for-cloud/quickstart-onboard-devops.md

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -37,6 +37,13 @@ To complete this quickstart, you need:
3737
> [!NOTE]
3838
> **Security Reader** role can be applied on the Resource Group/Azure DevOps connector scope to avoid setting highly privileged permissions on a Subscription level for read access of DevOps security posture assessments.
3939
40+
> [!NOTE]
41+
> The Azure DevOps connector is created under the `Microsoft.Security/securityConnectors` resource type.
42+
>
43+
> Defender for DevOps also uses additional resources under the `Microsoft.Security` resource provider (for example, security assessments).
44+
>
45+
> For governance scenarios that use tenant-level policy exemptions, scope exemptions to `Microsoft.Security/*` to ensure full Defender for DevOps functionality.
46+
4047
## Connect your Azure DevOps organization
4148

4249
> [!NOTE]

0 commit comments

Comments
 (0)