Why is azure devops trying to access apps and service on devices connected to my local network

Hello Matt M,

The prompt is not caused by Azure DevOps attempting to access or scan the customer’s local network. It is a browser‑generated security warning triggered by modern web security controls.

What triggered the prompt

Modern browsers (Microsoft Edge, Google Chrome) enforce a security feature called Private Network Access (PNA). This feature is designed to prevent internet‑hosted websites from making requests to local or private network addresses (for example, localhost, 127.0.0.1, or 192.168.x.x) without explicit user consent.

While loading the Azure DevOps page, the browser detected that one of the scripts associated with the page (or a browser extension) attempted to initiate a request to a local/private network endpoint. As a result, the browser displayed the permission dialog.

Important clarifications

• Azure DevOps does not initiate network discovery or scanning of customer devices.
• Azure DevOps cannot access any local resources unless the user explicitly allows it.
• The prompt is shown before any connection is made, as a preventive security measure.
• This behavior is enforced entirely by the browser, not by Azure DevOps.

Common scenarios that can cause this

• A browser extension (for example, DevOps tooling, security tools, or developer utilities).
• Custom JavaScript or embedded components in a project page attempting to reference localhost.
• Developer‑related features that optionally integrate with local services.

Please accept as answer and do a Thumbs-up to upvote this response if you are satisfied with the community help. Your upvote will be beneficial for the community users facing similar issues.

The prompt appears because something running inside the Azure DevOps web experience (typically an extension or embedded iframe) is trying to call a resource on the local network (for example, http://localhost:port or an internal server). Modern browsers treat this as “local network access” and require explicit user consent.

In Azure DevOps, this is most often caused by:

1. Extensions that integrate with on‑premises or local services
   • Custom extensions or marketplace extensions can call back‑end services hosted on an internal network (REST APIs, microservices, internal build servers, artifact repositories, reporting/monitoring tools, etc.).
   • When such an extension runs in the browser, the browser sees dev.azure.com (internet) trying to reach a local address and triggers the local network access prompt.
2. Browser security protections (Private/Local Network Access)
   • Browsers have added protections (often called Private Network Access / Local Network Access) that block or gate cross‑origin calls from a public site to local addresses.
   • Instead of silently blocking, the browser asks whether to allow dev.azure.com to access apps and services on the local network.

From Microsoft’s side, the reason this behavior exists is to allow legitimate Azure DevOps scenarios where organizations intentionally use extensions that must talk to on‑premises or local resources. Azure DevOps exposes an organization‑level security policy, Allow extensions to access local network resources, that controls whether extensions are allowed to make these local network calls at all. If this policy is enabled and an extension attempts such access, the browser prompt is expected.

If there is no business need for Azure DevOps extensions to reach local resources, the recommended approach is:

• Keep the browser prompt blocked, and
• Ensure the organization policy Allow extensions to access local network resources remains Off, so extensions cannot rely on local network access.

References:

• Allow extensions to access local network resources
• Adapting your website for new Local Network Access restrictions in Microsoft Edge