How to Get Notified when a Azure DevOps Project is Created or Deleted!

Lets discuss how we can monitor the Azure DevOps project creation and deletion as part of administering the ADO.

We have been working with Azure DevOps to get notifications and found no ways to get info of the projects getting deleted and created(by some other collection admins!!).Main reason to get the notifications was as the project admins have the privilege to delete their project, so monitoring of the deletion in an automated way was necessary. Apart from this if we have multiple collection admins then, it is suggested all to be aware of what is happening in an ADO at collection level. I would always recommend the collection level admins to be maintained as low number as 2-4 people.

To monitor this, the only way was read the audit from ADO audit Logs. So the best way we found was to write a timer triggered job which runs on a daily basis and reads the audit for project created and deleted, then notifies the collection admins through Email or through the Teams Channel.

To get the audits of the Azure DevOps you can use the Audit API:

GET https://auditservice.dev.azure.com/{organization}/_apis/audit/auditlog?startTime={startTime}&endTime={endTime}&batchSize={batchSize}&continuationToken={continuationToken}&skipAggregation={skipAggregation}&api-version=5.1-preview.1

Example: GET https://auditservice.dev.azure.com/orgname/_apis/audit/auditlog?startTime=6/13/2020%2012:31:34%20PM&endTime=6/14/2020%2012:31:34%20PM&continuationToken=&batchSize=1000&skipAggregation=true&api-version=5.1-preview.1

The above example fetched the audit log for last 24 hrs from 13/06/2020 12:31PM to 14/06/2020 12:31PM.

Response:

The decoratedAuditLogEntries contains all the log details. We just need to read each attributes of the depending on the length of the decoratedAuditLogEntries. For example here the lenth of decoratedAuditLogEntries is 94. So we may need to check all the 94 entries inside it.All the actions perfromed in Azure DevOps is logged in decoratedAuditLogEntries with an action id. So we can easily get the action id for project created and deleted.

Now for project creation ,decoratedAuditLogEntries will have its actionId as Project.CreateCompleted.

If you can get the action Id  "Project.CreateCompleted" from response json, then you can read the project name, Id and other details.

Similarly for Project deletion , decoratedAuditLogEntries will have its actionId as Project.SoftDeleteCompleted.

If you can get the action Id  "Project.SoftDeleteCompleted" from response json, then you can read the project name, operation time and other details.

Once you get all the details from Project.SoftDeleteCompleted and Project.CreateCompleted for deleted and created projects, you can use some notification method via email or to your organisation Teams channel.

The important thing to note here at times the log could be large, so we may have to use the continuation token and hasMore property from the API response.

Here we need to check whether "hasMore" property is true or not, if its true then we need to check for the continuationToken and the pass it with the API each time.

Enjoy!