Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
This guide discusses how to use Microsoft tools to export or delete personal data collected during an authenticated (signed-in) session of Azure DevOps Services (formerly known as Visual Studio Team Services).
For GDPR terminology definitions, see General Data Protection Regulation. For information about Microsoft's role as a data processor, see Microsoft as data processor.
For general DSR process information, see Data Subject Requests and the GDPR and CCPA. For general information about GDPR, see the GDPR section of the Service Trust portal.
Additional privacy information
The Microsoft Privacy Statement, Online Services Terms (OST), and Microsoft's GDPR Commitments articles describe our data processing practices.
Personal data we collect
Microsoft collects data from users to operate and improve Azure DevOps Services. Azure DevOps Services collects two categories of data – customer data and system-generated logs. Customer data includes user-identifiable transactional and interactional data that Azure DevOps Services needs to operate the service. System-generated logs include service usage data that is aggregated for each product area and feature.
Delete Azure DevOps data
Azure DevOps, as a system for managing changes, must comply with strict rules for data integrity, traceability, and auditing. These obligations influence Microsoft's responsibilities for data deletion and retention under GDPR, and for this reason, Microsoft does not fulfill individual requests for anonymization or deletion. The only method to eliminate personal data from Azure DevOps is by completely deleting the organization. Terminating the Microsoft Entra ID or Microsoft Account (MSA) identity account doesn't alter or delete any artifacts or records associated with the individual identity within the Azure DevOps organization, for example, your pull requests or work items. When you delete an Azure DevOps organization, all associated personal data is removed and system-generated logs are anonymized after the compulsory 30-day soft-delete timeframe.
Export Azure DevOps data
Controllers can export customer data and system-generated logs collected from their data subjects by one of two methods, depending upon the identity provider (MSA or Microsoft Entra ID) used to sign in to the Azure DevOps service.
Users that authenticate by using an account that is backed by an Azure tenant, for example, Microsoft Entra account or MSA account associated with an Azure subscription, can follow the instructions in Azure Data Subject Requests for the GDPR.
Users that authenticate by using an MSA identity can use this Privacy Request site to view activity data tied to their MSA identity across multiple Microsoft services. In this scenario, the user is a controller for their own personal data.
Export or delete issues
For Microsoft Entra identities, if you run into issues while exporting or deleting data from the Azure portal, go to the Azure portal Help + Support blade and submit a new ticket under Subscription Management > Privacy and compliance requests for Subscriptions > Privacy Blade and GDPR Requests.
For MSA identities, if you run into issues while exporting data from the Privacy Request site, sign in to the Privacy Request site and submit a request for help from the Microsoft Privacy team via the request webform.
Learn more
Microsoft is committed to ensuring that your Azure DevOps Services data remains secure and private. Visit the Azure DevOps Services data protection overview whitepaper to learn more about how Microsoft protects your Azure DevOps Services data.