Is it possibile to use Azure DevOps Server on premises with Azure Active Directory?

Question

After reading this documentation https://learn.microsoft.com/en-us/azure/devops/organizations/security/about-permissions?view=azure-devops-2020&tabs=preview-page#active-directory-and-azure-active-directory-security-groups it seems that Azure DevOps Server on premises can be used only with Active Directory but not with Azure Active Directory. Is it correct? Is there a way to use Azure DevOps Server with Azure Active Directory?

Answer 1

• You are right, as on-premises Azure DevOps Server, is built on a SQL
  Server back end which can work with on-prem AD .
• Azure ad authentication for on prem directly is not feasible as it is cloud based and involves azure based sql .

Note: On-premise SQL Server only supports Windows Authentication and SQL Server Authentication. Windows authentication depends on Kerberos (or NTLM), which needs an Active Directory domain to authenticate the user in. Azure Active Directory does not handle Kerberos tokens.

• But we can opt to migrate devops server to azure devops services to work with AAD .Migration is when one wants to completely move to cloud and it involves complex process as database/hardware is involved.
• If one wants to continue on premise server to use existing on-premises identities with Azure DevOps, you can integrate directories with Azure AD by using Azure AD Connect which connects an organization’s on-prem Active Directory instance and cloud-based azure active directory.It involves On prem users to be mapped to AAD tenant.

Please refer this Document.

Other References:

1. PTA
2. Migrate - Azure DevOps | Microsoft Docs