nerdexam
Microsoft

AZ-400 · Question #516

SIMULATION Navigate to https://dev.azure.com, select Start Free, and specify the following credentials: - User: [email protected] - Password: 0123456789 Use the default setting to sign up f

Azure DevOps: Add External User as Stakeholder Overall Goal This task tests your ability to manage Azure DevOps organization access control - specifically, inviting an external user with the least privileged access level (Stakeholder). In enterprise environments, you frequently n

Submitted by cyberguy42· Mar 6, 2026Develop a security and compliance plan

Question

SIMULATION Navigate to https://dev.azure.com, select Start Free, and specify the following credentials: - User: [email protected] - Password: 0123456789 Use the default setting to sign up for Azure DevOps and create an Azure DevOps organization. Once the organization is created, create a private project named Project1. You need to add an external user that has an email address of User2- [email protected] as a stakeholder of the User1-12345678 Azure DevOps organization. The user must be added to the most restrictive Azure DevOps group. To complete this task, sign in to the Azure DevOps portal as [email protected]. Answer:

Exhibit

AZ-400 question #516 exhibit

Explanation

Azure DevOps: Add External User as Stakeholder

Overall Goal

This task tests your ability to manage Azure DevOps organization access control - specifically, inviting an external user with the least privileged access level (Stakeholder). In enterprise environments, you frequently need to give non-developers (managers, clients, auditors) limited visibility into projects without granting full contributor rights.


Step-by-Step Breakdown

Steps 1-3: Navigate to dev.azure.com and sign in You must authenticate as the organization owner (User1). Azure DevOps ties organizations to Microsoft accounts, so you cannot create or manage an org without first being signed in as the correct user. Signing in as the wrong user would create the org under the wrong identity.

Step 4: Create the Azure DevOps organization The organization is the top-level container for all projects, users, and billing. It must exist before you can create projects or manage users. Using default settings avoids misconfiguration (region selection affects latency but defaults are acceptable for exam purposes).

Step 5: Create a private project named Project1 The project must be private - this ensures external users cannot access it without an explicit invitation. A public project would undermine the access control you're about to configure. The project must exist before you can assign users to it.

Step 6: Add User2 as a Stakeholder to the organization

This is the core of the task. Key details:

  • Navigate to Organization Settings -> Users -> Add users
  • Enter [email protected]
  • Set Access level = Stakeholder
  • Add to the "Project Stakeholders" group (or the default Stakeholder group - this is the most restrictive built-in group)

Why Stakeholder is the most restrictive group: Azure DevOps has three access levels in ascending order of privilege:

LevelCan do
StakeholderView work items, submit feedback, limited read access
BasicFull work item access, code read, pipelines
Basic + Test PlansEverything above + test management

Stakeholder is free and intentionally limited - no code access, no pipeline runs.


What Goes Wrong if Steps Are Skipped/Reordered

MistakeConsequence
Adding user before creating the orgNo org exists to add them to
Setting project to PublicExternal user has access without invitation - defeats the purpose
Adding user as Basic instead of StakeholderFails the "most restrictive group" requirement - exam marked wrong
Adding user to a project group instead of the orgUser may not appear as an org-level stakeholder

Key Tip for Remembering

"Least privilege = Stakeholder" - In any Azure DevOps question asking for the most restrictive access, the answer is always Stakeholder. It's the only free tier and has no code/pipeline permissions. Think: a stakeholder in business has interest but no hands-on involvement - same concept here.

The exam specifically tests whether you know to add the user at the organization level (not just the project level) and choose Stakeholder (not Basic, which is the default when you click "Add").

Topics

#Azure DevOps organization#User management#Access control#Stakeholder role

Community Discussion

No community discussion yet for this question.

Full AZ-400 Practice