How to deny commits to remote master branch on TFS 2015?

Question

Our team is using VS2015.3 and TFS2015.3 with git repositories for a year now. We use two remote branches: develop and master (a simplified GitFlow setup).

We use pull requests to merge changes from the remote develop to the remote master branch. Before pull request completion:

• A team member should approve the changes;
• The linked build definition should pass.

These rules are configured by TFS' branch policies in the admin section of the TFS portal.

One thing we can not seem to figure out is how to deny everyone permissions to commit and merge local changes directly on the remote master branch. We'd like to:

• Have all changes approved, before merging;
• Have all developers be able to approve eachothers changes;
• Still have the ability to have a local master branch.

Questions

1. Is this a reasonable request? Because we do not seem to be able to find very useful resources on this...
2. Does TFS support a solution for this case?
3. If both 'no'... what is the best working procedure for approving changes?

Answer 1

Having a branch policy in place should do exactly what you're saying you want. Make sure you don't have people set to be Exempt from Policy Enforcement on the security settings for that branch.