Azure DevOps allows control of Branch and Merge protection at both the Project level and the Repository level.

To ensure Salto can perform correctly on protected branches, navigate to Project Settings - Repositories and click on the Security tab. Choose the group that contains your Salto users and change Bypass policies when pushing to Allow.

To set policies for all repositories in the project, change to the Policies tab and click the plus sign in the Branch Policies section. Choose the Protect current and future branches matching a specified pattern radio button and type in the Branch name pattern salto/before/env/<targetEnvId>/deployment/* and the Create button.

(To apply the rules to all environments you can add salto/before/*).

To ensure Salto can perform correctly on protected branches, navigate to Project Settings - Repositories, select the Salto repository and click on the Security tab. Choose the group that contains your Salto users and change Bypass policies when pushing to Allow.

To set branch policies for Salto deployments in this repository, you must enable integrating Pull Requests with Salto, and do at least one "Preview Deployment" activity. This will create the necessary branch hierarchy in your repository. Click on the salto/before/env/<targetEnvId>/deployment/ folder (you may need to search for salto):

This will allow you to select the items that conform to your organization's policies.