I worked on this by setting the IIS the URL Rewrite the Module and adding a rewrite rule, which returns from 403up POSTsto api method called Quick Edit:
<rewrite>
<rules>
<rule name="PreventQuickEditCheckin" patternSyntax="Wildcard" stopProcessing="true">
<match url="*" />
<conditions>
<add input="{URL}" pattern="/tfs/collection/_apis/tfvc/changesets" />
<add input="{REQUEST_METHOD}" pattern="POST" />
<add input="{HEADER_X-Requested-With}" pattern="XMLHttpRequest" />
</conditions>
<action type="CustomResponse"
statusCode="403"
statusReason="Forbidden: This action is not permitted."
statusDescription="Quick edit is currently disabled to prevent
checkin policies being circumvented." />
</rule>
</rules>
</rewrite>
An additional restriction only for queries with a header X-Requested-With(added by jQuery) is that this method is blocked only by queries from TFS Web.
, TFS, , !