Terms and Conditions for Use
Your Azure DevOps Organization is to be used only for Yale University purposes by authorized persons. Unauthorized use is prohibited and may result in administrative or legal action. System activities may be monitored for administrative and security purposes. Anyone using the environment consents to such monitoring and accepts responsibility to preserve the confidentiality, integrity and availability of information accessed, created, stored, transmitted or received in your Azure DevOps Organization. Use is subject to all policies and procedures set forth by the University at https://your.yale.edu/policies-procedures/policies.
You are responsible for making sure that Yale's Minimum Security Standards are met either by Microsoft or by you.
All services and applications which handle moderate or high risk data must have a Security Planning Assessment (SPA)
with Yale IT Information Security as required by the Minimum Security Standards.
For more information on Yale IT security, see https://cybersecurity.yale.edu/
About the Shared Security Responsibility Model
Cloud providers are responsible for the security of the platform that they provide, while users of those platforms are responsible for configuring the solutions they build in a secure manner. This is known as the Shared Responsibility Model for cloud services. You are responsible for security configurations beyond what Microsoft provides.
When reading the table below, please keep in mind the following definitions:
- "Azure DevOps" or "Microsoft" refers to features of Azure DevOps services as Microsoft provides them to Yale and are generally not under the control of Yale.
- "You" or "User" refers to things that you must do to protect the security and integrity of your work, either as a best practice or to comply with a Yale policy.
...