{"id":229998,"date":"2020-07-10T08:00:41","date_gmt":"2020-07-10T15:00:41","guid":{"rendered":"https:\/\/devblogs.microsoft.com\/visualstudio\/?p=229998"},"modified":"2021-06-23T11:26:24","modified_gmt":"2021-06-23T18:26:24","slug":"improving-the-authentication-experience-for-enterprises-leveraging-conditional-access-policies","status":"publish","type":"post","link":"https:\/\/devblogs.microsoft.com\/visualstudio\/improving-the-authentication-experience-for-enterprises-leveraging-conditional-access-policies\/","title":{"rendered":"Improving the authentication experience for enterprises leveraging Conditional Access policies"},"content":{"rendered":"

As part of the Visual Studio 2019 16.6 update, we\u2019ve introduced a set of new capabilities to improve your overall authentication experience. While these changes benefit all Visual Studio users, they are especially helpful if you need to work across Azure AD tenants that have enabled multi-factor authentication (MFA) policies. That\u2019s because these improvements help preserve your authenticated state, which removes the need to re-enter your credentials outside your organization\u2019s policy requirements.<\/p>\n

With today\u2019s demands for more secure environments, Conditional Access (CA) policies such as MFA have become more common place. Azure AD offers a wide range of CA policies to secure access to your resources, and while Visual Studio 2017 offered support for these policies, if you work across multiple MFA enabled tenants, you likely experienced the need to constantly re-enter your credentials inside Visual Studio. Today, I\u2019ll show you how we\u2019ve resolved the problem in the latest version of Visual Studio 2019.<\/p>\n

System web browser authentication flow<\/h2>\n

Perhaps the most impactful change we made, is to allow you to use your system\u2019s default web browser to authenticate your accounts. If you access resources across multiple tenants that enabled MFA policies, using this new flow should help minimize the need to re-enter credentials.<\/p>\n

To enable this workflow, go to Visual Studio’s Options dialog\u00a0(Tools > Options\u2026)<\/strong>, select the\u00a0Accounts<\/strong>\u00a0tab and pick\u00a0System web browser<\/strong>\u00a0under the\u00a0Add and reauthenticate accounts using:<\/strong>\u00a0dropdown:<\/p>\n

<\/p>\n

Once the option is enabled, you can sign in or add accounts to Visual Studio as you normally would, via the Account Settings dialog\u00a0(File > Account Settings\u2026)<\/strong>.<\/p>\n

\"Add<\/p>\n

This action will open your system’s default web browser, ask you to sign into your account, and validate any pending MFA request.<\/p>\n

While this will help minimize the need to re-enter your credentials, please note that Visual Studio may still prompt for credentials based on your company\u2019s CA session management policies<\/a>.<\/p>\n

Individual tenant filtering<\/h2>\n

Previous versions of Visual Studio offered the option of scoping down to a single Azure AD tenant by applying a filter. While helpful, and since you couldn\u2019t multi-select, you had to constantly switch your filter to fit your needs. In addition, your selection had no impact on your authentication experience, as you still needed to always authenticate against all your tenants.<\/p>\n

You might be happy to know that we have redesigned the filtering experience. The new version allows you to multi-select tenants and it impacts your authentication experience. For example, applying a filter also removes the need to authenticate against tenants not selected by the filter, and also hides their respective resources from Visual Studio.<\/p>\n

To filter out tenants, open the Account Settings dialog\u00a0(File > Account Settings\u2026)<\/strong>\u00a0and click on\u00a0Apply filter<\/strong>:<\/p>\n

\"Apply<\/p>\n

The\u00a0Filter account<\/strong>\u00a0dialog will appear, allowing you to select which tenants you want to use with your account:<\/p>\n

\"Select<\/p>\n

Authenticate across all tenants on signing-in<\/h3>\n

Based on your company\u2019s CA policies, tenants on your account could be associated with a very strict set of policies such as a specific IP range or a domain join requirement. If you already know you won\u2019t be able to meet those requirements, attempting to authenticate against these tenants will negatively impact your productivity.<\/p>\n

To avoid dealing with those tenants, you can now disable the \u201cAuthenticate across all Azure Active Directories on signing-in\u201d option. Disabling the option allows you to only authenticate with your account\u2019s default tenant (if you are using a Work or School account it will likely be the organization\u2019s tenant), and ignore or filter out all other tenants. Consequentially, sign-in operations such as when launching Visual Studio, will be faster. However, it also means that you need to manually select any additional tenants you\u2019d like to work with, allowing you to fully customize the tenants and resources that will show up in Visual Studio.<\/p>\n

You can select this capability via the Options dialog (Tools > Options\u2026 > Accounts):<\/strong><\/p>\n

<\/p>\n

Try it out and let us know what you think!<\/h3>\n

We are eager to know how these features fit your workflow and account configurations. Send us feedback via the\u00a0Developer Community<\/a>\u00a0portal, or via the Help > Send Feedback feature inside Visual Studio. We\u2019d love to know how to further improve your experience!<\/p>\n","protected":false},"excerpt":{"rendered":"

As part of the Visual Studio 2019 16.6 update, we\u2019ve introduced a set of new capabilities to improve your overall authentication experience. While these changes benefit all Visual Studio users, they are especially helpful if you need to work across Azure AD tenants that have enabled multi-factor authentication (MFA) policies. That\u2019s because these improvements help […]<\/p>\n","protected":false},"author":1092,"featured_media":255385,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1085,1412,155],"tags":[6589,6590,6591,6592],"class_list":["post-229998","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cloud","category-development","category-visual-studio","tag-authentication","tag-conditional-access","tag-mfa","tag-sign-in"],"acf":[],"blog_post_summary":"

As part of the Visual Studio 2019 16.6 update, we\u2019ve introduced a set of new capabilities to improve your overall authentication experience. While these changes benefit all Visual Studio users, they are especially helpful if you need to work across Azure AD tenants that have enabled multi-factor authentication (MFA) policies. That\u2019s because these improvements help […]<\/p>\n","_links":{"self":[{"href":"https:\/\/devblogs.microsoft.com\/visualstudio\/wp-json\/wp\/v2\/posts\/229998","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/devblogs.microsoft.com\/visualstudio\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/devblogs.microsoft.com\/visualstudio\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/visualstudio\/wp-json\/wp\/v2\/users\/1092"}],"replies":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/visualstudio\/wp-json\/wp\/v2\/comments?post=229998"}],"version-history":[{"count":0,"href":"https:\/\/devblogs.microsoft.com\/visualstudio\/wp-json\/wp\/v2\/posts\/229998\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/visualstudio\/wp-json\/wp\/v2\/media\/255385"}],"wp:attachment":[{"href":"https:\/\/devblogs.microsoft.com\/visualstudio\/wp-json\/wp\/v2\/media?parent=229998"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/visualstudio\/wp-json\/wp\/v2\/categories?post=229998"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/visualstudio\/wp-json\/wp\/v2\/tags?post=229998"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}