Securing Your Visual Studio Online Account with Multi-Factor Authentication

For several months now, we have been on the path of going through the many audits & initiatives to get the various set of compliance certifications for Visual Studio Online.  The underlying infrastructure in Azure has been certified which really helps us tremendously but as a service on top of the infrastructure, Visual Studio Online still needs to go through the proper audits and the process.  One of the things we wanted to do was make sure we were transparent with our data protection procedures, and Jeff Beehler wrote a great whitepaper that dives into the details if you are interested:

Additionally, Brian Harry announced yesterday that Visual Studio Online is past a significant milestone with receiving the ISO 27001 certification and adding the European Model Clauses to our service terms.  This is really great and are public proof points of our internal data procedures.  We will continue down that journey.

Yesterday, I was leading a briefing with one of our large enterprise customers in our Microsoft Executive Briefing Center here in Redmond and we talked a lot about data security.  One of the things that was brought up was support for multi-factor authentication.  I was really happy to mention to them that we do have support with Visual Studio Online for multi-factor authentication when using Azure Active Directory and two-factor authentication when you are using Microsoft Accounts.

In a nutshell, multi-factor authentication is “a security system that requires more than one form of authentication to verify the legitimacy of a transaction.”  In the case of using Visual Studio Online, we want to have better mechanisms for verifying  person who is logging in to participate in your source code, work item tracking, test cases, etc.  With multi-factor authentication strategies, your team members not only need

Identity Strategies with Visual Studio Online

Let’s take a step back, and look at the two options you can use for authentication & identity for user accounts in Visual Studio Online:

  1. Microsoft Accounts (formerly known as Windows Live IDs, Passport accounts, etc.) – These accounts are the ones that you typically use with many consumer-based services at Microsoft like Skype, OneDrive,, XBox Live, logging into Windows, and even logging into Visual Studio to roam your personal settings.  You can manage your Microsoft account or create a new one at
  2. Azure Active Directory – This is an Active Directory tenant that sits within Microsoft Azure that can either be completely cloud-based identities or for many organizations, they will setup directory synchronization with their on-premises Active Directory to use the same accounts & passwords.  There are also some key things to note about this approach:
    • If you are using Office 365, you already have an Azure Active Directory tenant.  Here are the steps for how you can add you Office 365 AAD tenant to you Azure subscription to manage.
    • You can add Microsoft Accounts (from #1 above) to your Azure Active Directory tenant in addition to your regular Active Directory user accounts.  It allows for a nice blended model.  This is nice because you don’t have to necessarily create a new Active Directory account for them.
    • The Azure Active Directory administrator gets to ensure “who” shows up in that directory including external collaborators.  You can remove them when they are no longer needed or shut off their access at the directory endpoint.
    • The Azure Active Directory administrator can still set security policies on all of the accounts in the directory.

Diagram of Visual Studio Online with Azure Active Directory Accounts

If you would like more information about how to setup your Visual Studio Online account to use the Azure Active Directory method from #2 above, we have a walkthrough available here:  Manage Organization Access for Visual Studio Online.

Configuring Two-Factor Authentication with Microsoft Accounts

Setting up two-factor authentication for your Microsoft Account is helpful to secure access to all of your Microsoft services like Skype,, OneDrive, XBox Live, and Visual Studio Online.  Here’s an overview of the steps  :

  1. Sign in to your Microsoft account.
  2. Because you're changing sensitive info, you might be prompted to enter a security code. Check your phone or alternate email for the code, enter it, and tap or click Submit.
  3. Under Password and security info, tap or click Edit security info.
  4. Under Two-step verification, tap or click Set up two-step verification.
  5. Tap or click Next, and then follow the instructions.

    If you need to add or verify any security info before you can turn on two-step verification, Microsoft will prompt you with a few simple steps to do so.

The key to remember with this approach is that each of your team members will need to enable this for their accounts or you can take the approach to only enable it on your administrator accounts.

Authy for Two-Factor Authentication with Visual Studio Online and Microsoft AccountsAuthy and Google Authenticator

You can have the Microsoft Account system text you as the second authentication factor or you can use an app on your phone & computer to generate the temporary secure codes for you using QR Codes.  One popular app is Google Authenticator.  You can find many that follow the same standard that Google Authenticator including my personal favorite:  Authy.

Authy has a clean interface and just works well with syncing with the phone app & my trusted computers.  It works everywhere that Google Authenticator works.

Configuring Multi-Factor Authentication with Azure Active Directory User Accounts

There are several options included with Azure Active Directory.  The overview on setting up multi-factor authentication for Azure Active Directory is a great place to start exploring the many options.  You can then move on to the actual steps to enable multi-factor authentication.

One of the really nice things with this approach is that the administrator for the directory is able to specify which accounts require multi-factor authentication

By offering the following options, Azure Multi-Factor Authentication provides flexibility for users and backup options if users cannot pass authentication by using their preferred method:

  • Multi-Factor Authentication apps are available for Windows Phone, Android, and IOS devices. Users can download the free app from the device store and activate it by using a code that they get during setup. When the user signs in, a notification is pushed to the app on their mobile device. The user taps to approve or deny the authentication request. Cellular or Wi-Fi access is required for installing and setting up the app. After the app is installed, it can operate in the following modes to provide the additional security that a multi-factor authentication service can provide:
    • Notification. In this mode, the Multi-Factor Authentication app prevents unauthorized access to accounts and stops fraudulent transactions. It accomplishes this by using a push notification to the phone or registered device. The user simply views the notification, and if it is legitimate, selects Authenticate. Otherwise, the user can choose to deny, or choose to deny and report, the fraudulent notification. For information about reporting fraudulent notifications, see How to configure and use Fraud Alert for Azure Multi-Factor Authentication.
    • One-Time Passcode. In this mode, the Multi-Factor Authentication app can be used as software token to generate an Open Authentication (OATH) passcode. The user can then enter this passcode along with the user name and password to provide the second form of authentication. This option is useful in instances of spotty phone coverage.
  • Automated phone calls can be placed by the Multi-Factor Authentication service to any phone, whether landline or mobile. The user simply answers the call and presses the pound key (#) on the phone to complete the sign-in.
  • Text messages can be sent by the Multi-Factor Authentication service to any mobile phone. Each text message contains a one-time passcode. The user is prompted to either reply to the text message by using the passcode or enter the passcode on the sign-in screen.


Let us know if you have any other questions!

Ed Blankenship

New Work Item Tag Manager Visual Studio Extension

Happy Holidays!  Before you go off on a break, I found out there is a new Visual Studio extension available: Tag Admin for Visual Studio 2015.  It’s a pretty nice tool for helping you manage work item tags for either your Team Foundation Server or your Visual Studio Online account.  It’s really helpful for beginning to see which tags are in use and also allows you to rename/merge & delete tags.  You can also take a look at how many and a list of work items that are using a specific tag.  Simple & to the point!

VSO Tag Admin for Visual Studio 2015  VSO Tag Admin for Visual Studio 2015

Here is a demo video of Tag Admin in action:

Tip of the hat to @onlyutkarsh and @arora_tarun for releasing this great tool!


Happy Holidays!

Ed Blankenship

My First MSDN Magazine Article on Visual Studio Online

I was very happy to see that my first article for the MSDN Magazine has appeared in this month’s edition!  If you have been hoping to get some more information, take a look at your magazine in the mail this month or it’s available in the digital edition as well below).  Let me know if you have any other questions in the meantime!

Introducing Visual Studio Online
by Ed Blankenship

Whether you’re part of a team or you’re a team of one, with Visual Studio Online you can easily plan, create, construct, build, test, and monitor seriously demanding applications, from anywhere. You don’t need a large infrastructure team, and you don’t need to touch a single server. As someone who has performed hundreds of Team Foundation Server (TFS) installations and upgrades as a consultant, I love how the drudgery of that kind of routine maintenance is now a thing of the past. Visual Studio Online is updated with the newest features automatically and continuously, so you can focus on what you need to do most: construct your applications!

I’m often asked, “Isn’t Visual Studio Online just TFS in the cloud?” The answer is yes and no…

Work Item Charts

Thanks a ton again to Andrew Clear and Cheryl Hammond for all of their help with the article!


Ed Blankenship

Announcing Visual Studio Online

We have been up early this morning and late last night with getting ready for updates to the new website, Windows Azure, and the now formerly known as Team Foundation Service.  Hopefully you are watching the Visual Studio 2013 Launch Event where you have just learned that we have announced a new set of services for developers and development teams:  Visual Studio Online.  It has really been great to be working so closely with Visual Studio Online at Microsoft! 

Visual Studio Online Logo

There are quite a few announcements this morning that I’ll continue to follow-up on over the next few weeks.  Visual Studio Online is really about where Visual Studio is going in a world of services for developers & development teams.  It’s really the connected piece to Visual Studio just like Office is to Office 365 & SkyDrive.  It’s also an easy way to get all of the ALM services you need quickly for you and your team without having to worry about infrastructure & upgrading.  Visual Studio Online is also a way for Microsoft to provide additional cloud-based services for development teams.  We have a few examples of those types of shared services today.

Some additional news we have announced are that individuals and teams of five or less can create free Visual Studio Online accounts.  MSDN Subscribers also now have Visual Studio Online included as an additional benefit.  There are an additional set of Visual Studio Online plans available for non-MSDN subscribers after the fifth user account.  Additionally, the Visual Studio Online Professional plan even includes the ability to “rent” the Visual Studio Professional IDE.  Early adopters of Team Foundation Service are also grandfathered with “Early Adopter” status for 90 days which means you can continue to use Visual Studio Online without any additional costs during the early adopter period.  During the “commercial preview” of Visual Studio Online, all plans & services are reduced by 50% of their normal rates.

Each Visual Studio Online account has a set of consumable shared services as well which include a free base amount like 60 minutes of cloud build usage and 15,000 virtual user minutes of the cloud load testing service.

Another aspect of Visual Studio Online is that it is now integrated with Windows Azure so you can have a more consolidated management experience and simplified billing experience.  You can create a new Visual Studio Online account or link to an existing one in the Windows Azure Management Portal.

Connecting Visual Studio Online Account to Windows Azure

Tip:  All Visual Studio Online user plans and shared services receive the same discounts that your Windows Azure account receives based on your commitment level.  It’s also included in the commitment level so you can reach those commitment levels more easily and receive the same discount across all Windows Azure resources including infrastructure, storage, and now developer services.  The lowest “walk-up” discount level is 20% based on paying monthly and a $500 per month commitment on all Windows Azure & Visual Studio Online resources.  It goes up from there and if you are an Enterprise, you can get some pretty awesome discounts when adding an Windows Azure Commitment to your Enterprise Agreement.

If you want to learn more, there is an Introduction to Visual Studio Online overview video available at the Visual Studio 2013 Virtual Launch site.  I will update the blog post and include the link when it becomes live.

There is plenty more to come!  Keep up to date on the latest features & services that are being added to Visual Studio Online here: 

Have fun and let me know if you have any questions!

Ed Blankenship

Visual Studio 2013 RC, VS 2013 RTM, Windows 8.1 RTM, and Launch

Wow… all sorts of announcements this morning.  Let me summarize for you quickly:

  • Visual Studio 2013 RC and Team Foundation Server 2013 RC is ready to downloadMSDN Subscriber Downloads,
    • You will be able to build & test your Windows 8.1 Store apps with Visual Studio 2013
    • Remember that you can use both Visual Studio 2013 and TFS 2013 in production with the “Go-Live” license.  That means you will be supported by Microsoft and will have a supported upgrade path to the RTM version.  You can use Visual Studio 2013 for most solutions & projects with “round-tripping” without requiring the entire team to upgrade.
    • I hope you’ll be part of the first ever TFS Upgrade Weekend scheduled for this weekend!
    • Be sure to let the product team know if you have any issues by reporting them on Connect or suggestions on User Voice
    • Check out the system requirements and platform compatibility page for the RC.  You’ll notice the RC will not install on Windows 8.1 Preview.
  • Visual Studio 2013 and Team Foundation Server 2013 will RTM on October 18, 2013 at the same time Windows 8.1 is generally available to the public.
  • Windows 8.1 RTM is ready to download today for MSDN Subscribers:  MSDN Subscriber Downloads
  • The Virtual Launch for Visual Studio 2013 and Team Foundation Server 2013 will be on November 13, 2013 – You’ll want to save the date and register at:

Visual Studio 2013 Ultimate with MSDN Product TileVisual Studio 2013 Premium with MSDN Product TileVisual Studio 2013 Test Professional with MSDN Product TileVisual Studio 2013 Professional with MSDN Product TileTeam Foundation Server 2013 Product Tile

New Features in Visual Studio 2013 RC and Team Foundation Server 2013 RC

  • Office 365 Cloud Business Apps: With Visual Studio 2013 RC, Microsoft delivers a new capability to build Office 365 Cloud Business Apps that run in the cloud. These apps take advantage of the rich platform capabilities exposed by Windows Azure and Office 365. As cloud-based apps, they are available to a myriad of devices to aggregate data and services from in and out of an enterprise, and integrate user identities and social graphs. These applications integrate with the application lifecycle management capabilities of Visual Studio, bridging the worlds of the business app developer with IT operations.
  • Work Item Charting: A new feature in Team Foundation Server 2013 RC is Work Item Charting which enables developers to quickly create diverse charts to visualize data drawn from work item queries, such as bugs, user stories, and tasks.
    As of today, this feature will also be automatically available to customers using Team Foundation Service as part of our regular feature releases to the service.
  • TypeScript: Less than a year ago, Microsoft released the first public preview of TypeScript, a language and tools for application-scale JavaScript development.  With Visual Studio 2013 RC, we are including the most recently released version of TypeScript tooling (v0.9.1.1) as we continue to seek community feedback from our early adopters.
    TypeScript brings classes, modules and optional static types to JavaScript development.  In Visual Studio, this enables rich tools like live error reporting as you type, IntelliSense, and Rename refactoring.
  • Web Development: Visual Studio 2013 RC introduces refinement to new web development features and capabilities such as a new Browser Link panel, Browser Link extensibility API and updates to SignalR 2, MVC5 and Web API 2 platforms.
  • Peek Definition: In Visual Studio 2013 Preview, we released a new inline preview feature called Peek Definition that enables developers to preview code being referenced in their classes without leaving their context.
    In Visual Studio 2013 RC, this feature is further enhanced by enabling code in the inline peek to be editable, making it even easier to change code or fix issues without leaving the original view.
  • CodeLens: In Visual Studio 2013 Preview, we released a new feature called CodeLens which provides deep contextual insights inline within source code files. CodeLens for C# and Visual Basic provides information such as the number of references, and recent changes from source control. 
    In Visual Studio 2013 RC, we enhance CodeLens by enabling integration of Microsoft's Lync unified communications platform, making it easy to contact the developer who most recently worked on a piece of code from directly within the Visual Studio editor. For developers working with source code in Team Foundation Server 2013 RC, we also added several new indicators exposing bugs, work items and code reviews related to the class or member.
  • C++: During the Build conference Microsoft wrote about the roadmap for C++ standards conformance in Visual C++.  Last week at the Going Native conference in Redmond, we hosted a great discussion about the present and near future of modern, standard C++, and talked about what’s coming in Visual C++ and C++ on Microsoft's platforms.  In Visual Studio 2013 RC, we’ve made more steps along the roadmap laid out at Build, adding C++ 11 features like using aliases, = default and non-static data member initializers.
  • NuGet & Sonatype: NuGet Package License Details: in partnership with Sonatype, there is an update to both the NuGet gallery and Visual Studio add-in that provides license data associated for each NuGet package based on the Sonatype Component Lifecycle Management (CLM) platform.

Remember, we have a brand new “Release Archive” which helps you track all of the new features for Team Foundation Service and which version of Team Foundation Server you will start to see those features:

You can find out more about today’s announcements here:

Go start downloading!

Ed B.

Posted in ALM | TFS | Visual Studio

TFS 2013 Includes Agile Planning in TFS CAL

One of the changes for the July 1, 2013 update of the Microsoft Product Use Rights will help teams who have team members who are contributing as part of their agile process and practicing ALM.  The following two activities will be moving to be included in the standard Team Foundation Server CAL beginning with TFS 2013:

Previously,  these were capabilities that were reserved for users with Visual Studio Test Professional, Visual Studio Premium, and Visual Studio Ultimate.  The following activities will now be included for those with Visual Studio Test Professional or above in TFS 2013:

Ed Blankenship

Posted in Licensing | TFS | VSTS

What’s New in Visual Studio 2013 Preview

Two weeks ago at Build 2013, the Visual Studio 2013 Preview and Team Foundation Server 2013 Preview downloads were made available so that everyone can start kicking the tires.  The nice thing is that now with round-tripping and with Visual Studio 2013 Preview being able to be installed side by side with earlier versions of Visual Studio, most solutions & projects should be able to be opened up without requiring everyone on the team to upgrade to Visual Studio 2013 Preview either.

Soma mentioned a few of the new features for Visual Studio 2013 Preview in his blog post.  For those partners, consultants, or community speakers that are interested, Dmitry and team have also put together a great PowerPoint deck that you can use to talk about Visual Studio 2013 Preview and Team Foundation Server 2013 Preview.

It is available for download on SkyDrive here:  The downloads for Visual Studio 2013 Preview and Team Foundation Server 2013 Preview are available here too:

It’s been a great release to use and I’ve switched to using it primarily from day to day.  The more frequent release cadence has really made an impact on the quality of the releases!

Ed Blankenship

Posted in ALM | TFS | Visual Studio

TFS 2012 Update to the Deploying Process Template Changes Build XAML

Just wanted to provide a quick update to the popular blog post around deploying TFS process template changes using TFS BuildNeno Loje, one of the awesome Visual Studio ALM Microsoft MVPs, was able to update the build process template .XAML file to now work with TFS 2012!  Thanks a ton Neno!

Check it out!

Ed Blankenship

Radio TFS Episode – Chatting about Lab Management

I had a good time yesterday with Greg & Martin chatting about Lab Management in the latest episode of Radio TFS.  If you don’t subscribe to the Radio TFS podcast series, I would definitely recommend it.  They are roughly 30-minute episodes and are an easy listen that you can fit into your weekly routine.

Download Radio TFS Episode

Radio TFS Logo

Let me know if you have any questions about any of the topics we discussed during the episode!

Ed Blankenship

In this episode we chat with Ed Blankenship about his new job at Microsoft as a program manager on the Test & Lab Management product team.

Before recently joining Microsoft, Ed was a Microsoft MVP for TFS and Visual Studio ALM in which he has been involved & using since the very beginning of the products nearly seven years ago. He worked as the Practice Technical Lead for the ALM/TFS Consulting Practice as Imaginet (formerly Notion Solutions). Ed was also voted as the Visual Studio ALM & Team Foundation Server MVP of the Year for 2010 by his group of peers in the MVP Community.

He is also an author of the Wrox Professional Team Foundation Server 2012 and TFS 2010 books. You can follow Ed via is blog at or via twitter @edblankenship

Links from the show:

For feedback contact or call +1 425 233-8379.

Visual Studio 2012 and TFS 2012 Official Release Timeframe Announced

Jason Zander, the Corporate Vice President for Visual Studio, has tweeted that the Visual Studio 2012 will release to manufacturing (RTM) in early August which is the same time that Windows 8 will RTM as announced at the Microsoft Worldwide Partner’s Conference.


The Visual Studio 2012 release includes all of the individual components of the Visual Studio family including:

  • .NET 4.5
  • Visual Studio 2012 Ultimate, Premium, Test Professional, and Professional
  • Team Foundation Server 2012
  • Microsoft Test Manager 2012
  • Lab Management components of Visual Studio, Microsoft Test Manager, and TFS
  • Feedback Client
  • Visual Studio Agents

It’s just around the corner now!  If you haven’t had a chance to Go-Live on the 2012 release, then start making plans to get upgraded at RTM!  Remember, if you don’t feel like setting up TFS 2012 internally, you can always use the Microsoft hosted version of TFS available at:


Ed Blankenship