How to see who deleted a project in Azure DevOps
One of projects in Azure DevOps has been deleted (actually partially - repositories, pipelines, permissions were removed, but the project still exists). I have turned on Audit Logs and found below row, that initialized the removal:
Timestamp: <i>(removed)</i>
Id: <i>(removed)</i>
CorrelationId: <i>(removed)</i>
ActivityId: <i>(removed)</i>
ActorCUID: 00000000-0000-0000-0000-000000000000
ActorUserId: 00000002-0000-8888-8000-000000000000
ActorClientId: 00000000-0000-0000-0000-000000000000
ActorUPN: Azure DevOps Service
AuthenticationMechanism:
ScopeType: Organization
ScopeDisplayName: <i>(removed)</i>
ScopeId: <i>(removed)</i>
ProjectId: <i>(removed)</i>
ProjectName:
IpAddress:
UserAgent: TFS JobAgent(TfsJobAgent.exe, 19.242.35214.3)
ActionId: Project.HardDeleteQueued
Data: {"PreviousProjectName":"<i>(removed)</i>"}
Details: <i>(removed)</i> project deletion was started
Area: Project
Category: Remove
CategoryDisplayName: Remove
ActorDisplayName: Azure DevOps Service
How to discover who deleted the project? How do I know who triggered the Azure DevOps Service, which then triggered the deletion?
Thank you in advance for any hints.
In Azure DevOps, the Audit log not only records the operations of Organization users, but also records the operations of background services (Actor is usually displayed as Azure DevOps Service).
From the audit log you shared, it shows the action: Project.HardDeleteQueued. Soft deletion of a project is performed by Organization users, but hard deletion is performed automatically by the background service 28 days after the soft deletion by default. So it shows that the actor is Azure DevOps Service.
How to discover who deleted the project? How do I know who triggered the Azure DevOps Service, which then triggered the deletion?
To discover who deleted the project, you can search for the action: Project.SoftDeleteQueued with the target project name in the Audit log(Especially the records of the 28 days before Project hard delete).
For example:
The user who executes the project softdelete operation is the actual user who deletes the project.
The operation that triggers the hard deletion of a project in azure devops services is automatically done after 28 days. Therefore, we cannot see the organization user who triggered it in the audit log.
For more detailed info, you can refer to this doc: Access, export, and filter audit logs
Audit changes occur whenever a user or service identity within the organization edits the state of an artifact.
- .Net Azure Function app publish does not generate a bin folder
- Git cleanup/garbage collection on remote Azure DevOps git repository
- Run build only on approval
- yaml pipeline: How to use a build artifact generated in a previous build
- How to resolve eslint errors due to use of the html() method in jquery libraries when running security scans with Github advanced security?
- Preview state of azure pipeline yaml after supplying it with runtime parameters
- Azure pipelines submodules clone failed
- Azure DevOps : how to disable CI trigger on a YAML template pipeline?
- In Azure Dev Ops, given a branch name, how I do I get the corresponding Pull Request (if one exists)
- How to see who deleted a project in Azure DevOps
- remove a required reviewer from Azure Devops
- ios azure pipeline build fails with build with error no team ID found in the archive
- Consuming private NuGet feed hosted on GitHub from an Azure Devops pipeline
- Error 500 while creating Azure DevOps server connector in Microsoft teams
- Azure Dev-Ops - Stages and Variable Groups
- Adding additional boards in Azure Devops
- AZDO API - Get Pull Request for Builds
- Get project on the same level for deploy
- Images not showing Azure Devops repository README when .md is rendered from R markdown
- AzureDev Repos, how to change target for pull request
- how to use npmauthenticate step within azure dev-ops pipeline and not invalidate docker cache
- create a PR request in azure build pipeline
- I want to detect in the client-side script that I have gotten a 401 error when fetching data with bad PAT (Using Azure DevOps REST API)
- The service connection does not exist or has not been authorized for use
- Use git tag or package.json version as Release name in VSTS
- Is there a way to run Azure Pipelines configurations locally to see their output?
- MSBuild Exclude Project when DeployOnBuild flag is set to true
- How do I run an Azure DevOps pipeline using the Azure DevOps NuGet and at the same time specify resources?
- ADO: TerraformCLI@1 Init task asking for az login
- Yaml number type not being recognised as a integer