Sure. But the list of projects is for 1 Azure Devops organization and the list appear to be in alphabetical order and showing B to C. Also it looks a bit like the logged on user only has access to one of the projects (at least it's only showing icons for one of them).
Once a threat actor has access to internal, less hardened systems, it is a matter of time until they have access to everything. In this case it’s a matter of privilege escalation at best and RCE at worst, no lateral movement required unless it’s easier to escalate directly in the IdP system or as a MitM between the IdP and the service in the screenshot.
My point was that so far every little information has been shared.
I have no idea what your point is. Also not sure if what you mean by "internal system" here. I can also log on to Azure Devops service (it public), but that doesn't mean I can access windows source code.