Live Share: Enterprise Policies are here!
Securing your Visual Studio Live Share session has never been easier. Whether you’re looking to restrict access to only individuals in your organization or to disable read-write terminals, your organization can now configure policies for proper control and compliance.
Today, we invite organizations to explore everything Live Share has to offer, including editing and debugging with others in real time, sharing terminal instances, and the newly added policies. With these policies, your organization will be able to add an extra layer of protection to prevent accidents on Visual Studio Live Share and increase productivity.
Set guardrails on Visual Studio Live Share
We’ve heard from Live Share users that they want to use Live Share in their organization, but without controls to prevent individuals from outside their company domain joining Live Share sessions, they’re blocked. We are excited that this and many other requested policies are now available.
We currently support the following policies:
- Allow only company domain accounts: Prevents users from being able to share their session with any guests who are not part of the domain that the organization allows via policy. Users must also be logged in with the domain account that the organization allows via this policy to share a session. When enabling this policy, multiple domains can be added by using a semicolon to separate each domain.
- Disable read-write terminals: Prevent the host from being able to explicitly share a new writeable terminal. This policy also suppresses the option for the guest to request write access to a terminal. This would effectively look like the experience you see today in a read-only session (you can’t share writeable terminals) but would apply to read/write sessions too.
- Disable shared servers: Prevent the host from being able to explicitly share a new server, as well as auto-sharing of servers from the terminal. In this mode, the “Shared Servers” node in the “Session Details” tree view will be hidden, along with all associated commands.
- Require direct connection: Prevents hosts from allowing relay-based guests from joining their session. Organizations might want to configure this policy, so guests connect directly to the host without going through the web. Live Share already supports the “Live Share: Connection Mode” setting, and so this policy is effectively just enforcing it to “direct”.
- Disable anonymous guests: Disallow anonymous guests from joining a session. We already have the “Live Share: Anonymous Guest Approval” setting, and so this policy is effectively just enforcing that to “reject”.
- Enforce accepting/rejecting a guest: Requires the host to individually accept each guest that attempts to join a session.
Step 1: Download the latest Visual Studio Live Share version
To get started with enabling policies, you’ll need to download the latest Visual Studio Live Share version from the Visual Studio Marketplace.
Step 2: Download the Public Preview templates
Next, head over to the Microsoft Download Center and grab the Visual Studio Group Policy Administrative Template files (ADMX/ADML). It’ll ask you where you want the files to be downloaded, please ensure the location is ‘C:\Windows\PolicyDefinitions\en-US’.
Step 3: Test using the Local Group Policy Editor
- Open the Windows Local Group Policy Editor
- Navigate to the Administrative Templates > Microsoft Visual Studio node
- Apply the desired policy changes to Visual Studio
- Ensure the new group policy changes are applied to the respective product’s path:
- Restart your Visual Studio instance to pick up the new policy changes
Note: Depending on your organization’s policy, you might need to force a group policy update via gpupdate.exe to apply the change
After all desired policies are set, teams across your organization can confidently and securely collaborate with Visual Studio Live Share. Please see our documentation for more information about Visual Studio Live Share policies.