Merge pull request #12798 from anandmeg/wam-updates

Updates for WAM as default

Author: Stacyrch140

docs/ide/media/vs-2022/signing-in-to-visual-studio/sign-in-account-windows-account-manager.png

@@ -1,7 +1,7 @@
 ---
 title: Multifactor authentication with Visual Studio sign-ins
 titleSuffix: "" 
-ms.date: 05/21/2024
+ms.date: 08/13/2024
 ms.topic: how-to
 description: Use Visual Studio with accounts that require multifactor authentication (MFA) to protect your apps and data with conditional access policies.
 author: anandmeg
@@ -12,18 +12,18 @@ ms.subservice: general-ide
 
 # Sign in to Visual Studio with accounts that require multifactor authentication (MFA)
 
-In this article, you'll learn how to use Visual Studio with accounts that require multifactor authentication (MFA).
+In this article, you learn to use Visual Studio with accounts that require multifactor authentication (MFA).
 
 ## Why enable MFA policies?
 
 When collaborating with external guest users, it's a good idea to protect your apps and data with **conditional access (CA)** policies such as **multifactor authentication (MFA)**.  
 
 Once enabled, guest users will need more than just a username and password to access your resources, and must satisfy additional security requirements. MFA policies can be enforced at the tenant, app, or individual guest user level, the same way that they are enabled for members of your own organization. 
 
-## How is the Visual Studio experience affected by MFA policies?
-Versions of Visual Studio prior to 16.6 may have degraded authentication experiences when used with accounts that have enabled CA policies such as MFA, and are associated with two or more tenants.
-
-These issues can cause your instance of Visual Studio to prompt reauthentication multiple times per day. You may have to re-enter your credentials for previously authenticated tenants, even during the course of the same Visual Studio session.
+> [!NOTE]
+> Versions of Visual Studio prior to 16.6 may have degraded authentication experiences when used with accounts that have enabled CA policies such as MFA, and are associated with two or more tenants.
+>
+> These issues can cause your instance of Visual Studio to prompt reauthentication multiple times per day. You may have to re-enter your credentials for previously authenticated tenants, even during the course of the same Visual Studio session.
 
 ## Using Visual Studio with MFA policies
 
@@ -35,7 +35,13 @@ You can access resources secured via CA policies such as MFA in Visual Studio. T
 
 ::: moniker range="=vs-2022"
 
-You can access resources secured via CA policies such as MFA in Visual Studio. To use this enhanced workflow, you'll need to opt into using your system's default web browser or the Windows authentication broker (available in [Visual Studio version 17.5](/visualstudio/releases/2022/release-notes-v17.5), but we recommend using [Visual Studio version 17.7](/visualstudio/releases/2022/release-notes) for an optimal experience) as the mechanism to add and reauthenticate Visual Studio accounts. 
+With [Visual Studio 2022 version 17.11](/visualstudio/releases/2022/release-notes), Windows authentication broker is now the default workflow for adding and reauthenticating accounts in Visual Studio. 
+
+Windows authentication broker uses [Web Account Manager (WAM)](/entra/msal/dotnet/acquiring-tokens/desktop-mobile/wam) and offers many benefits such as security, improved MFA support, and seamless integration between accounts added to the OS and Visual Studio. Using WAM as the authentication mechanism in Visual Studio makes it easier to access resources secured via CA policies such as MFA.
+
+:::image type="content" source="media/vs-2022/windows-authentication-broker.png" alt-text="Select web authentication broker from the dropdown.":::
+
+If run into any [issues with using WAM](#web-account-manager-wam-errors), we recommend you [use System web browser](#enabling-system-web-browser) as the alternative to add and reauthenticate Visual Studio accounts.
 
 ::: moniker-end
 
@@ -44,16 +50,18 @@ You can access resources secured via CA policies such as MFA in Visual Studio. T
 
 ::: moniker range="=vs-2022"
 
-### Enabling Windows authentication broker
+### Using Windows authentication broker
 
->[!NOTE]
->Web Account Manager (WAM) is only available on Windows 10 and above, as well as Windows Server 2019 and above.
+To start using WAM as the authentication mechanism in Visual Studio:
 
-To enable this workflow, go to Visual Studio's Options dialog **(Tools > Options…)**, select the **Accounts** tab, and then select **Windows authentication broker** from the **Add and reauthenticate accounts using:** dropdown. 
+1. Update to [Visual Studio 2022 version 17.11 or later](/visualstudio/releases/2022/release-notes).
+1. Select an account from the WAM dialog when prompted. If your account isn't listed, add it by using **Add an account**.
 
-:::image type="content" source="media/vs-2022/windows-authentication-broker.png" alt-text="Select web authentication broker from the dropdown.":::
+    :::image type="content" source="media/vs-2022/signing-in-to-visual-studio/sign-in-account-windows-account-manager.png" alt-text="Add an account using the Windows authentication broker workflow.":::
+
+You can manage your accounts from the **Account Settings** dialog in Visual Studio.
 
-Windows authentication broker uses [Web Account Manager (WAM)](/entra/msal/dotnet/acquiring-tokens/desktop-mobile/wam) and offers many benefits such as security, improved MFA support, and seamless integration between accounts added to the OS and Visual Studio.
+Using Windows Account Manager (WAM) as the authentication mechanism in Visual Studio is the recommended workflow for adding and reauthenticating accounts. However, if run into any [issues with using WAM](#web-account-manager-wam-errors), you can switch to using the system web browser.
 
 ::: moniker-end
 
@@ -62,26 +70,34 @@ Windows authentication broker uses [Web Account Manager (WAM)](/entra/msal/dotne
 > [!NOTE] 
 > For the best experience, we recommend that you clear your system’s default web browser data before proceeding with this workflow. Additionally, if you have Work or School accounts in your Windows 10 Settings under **Access work or school**, please verify that they are properly authenticated.
 
-To enable this workflow, go to Visual Studio's Options dialog **(Tools > Options…)**, select the **Accounts** tab and select **System web browser** from the **Add and reauthenticate accounts using:** dropdown. 
+To enable the **system web browser** workflow, go to Visual Studio's Options dialog **(Tools > Options…)**, select the **Accounts** tab and select **System web browser** from the **Add and reauthenticate accounts using:** dropdown. 
 
 :::image type="content" source="media/vs-2022/select-system-web-browser.png" alt-text="Select system web browser from the menu.":::
 
 ### Sign into additional accounts with MFA policies 
 
+::: moniker range="<=vs-2019"
+
+Once the system web browser workflow is enabled, you can sign in or add accounts to Visual Studio as you normally would, via the Account Settings dialog **(File > Account Settings…)**.
+
+::: moniker-end
+
 ::: moniker range="=vs-2022"
 
+You can sign in or add accounts to Visual Studio via the [Profile Card](signing-in-to-visual-studio.md#add-and-switch-user-accounts-in-visual-studio) or the Account Settings dialog **(File > Account Settings…)**.
+
 **Windows authentication broker**
 
-Once the Windows authentication broker workflow is enabled, you can sign in or add accounts to Visual Studio as you normally would, via the Account Settings dialog **(File > Account Settings…)**. Web Account Manager (WAM) simplifies the sign in experience by allowing users to log in with accounts known to Windows, such as the account signed into your Windows session.
+Once the Windows authentication broker workflow is enabled, you can sign in or add accounts to Visual Studio as you normally would. Web Account Manager (WAM) simplifies the sign in experience by allowing users to log in with accounts known to Windows, such as the account signed into your Windows session.
 
 :::image type="content" source="media/vs-2022/add-personalization-account-web-account-manager.png" alt-text="Add additional accounts to Visual Studio with the Windows authentication broker workflow.":::
 
 **System web browser**
 
+Once the system web browser workflow is enabled, you can sign in or add accounts to Visual Studio as you normally would.
+
 ::: moniker-end
 
-Once the system web browser workflow is enabled, you can sign in or add accounts to Visual Studio as you normally would, via the Account Settings dialog **(File > Account Settings…)**.   
-</br>
 :::image type="content" source="media/vs-2022/add-personalization-account.png" alt-text="Add a new personalization account to Visual Studio." border="false":::
 
 This action will open your system's default web browser, ask you to sign into your account, and validate any required MFA policy.
@@ -152,7 +168,7 @@ Starting with Visual Studio 2022 version 17.5, if you see the previous error dia
 ::: moniker range="=vs-2022"
 ### Web Account Manager (WAM) errors
 
-If you run into errors when using the [Windows authentication broker workflow for signing in to Visual Studio](#enabling-windows-authentication-broker), follow the action listed on the error dialog to resolve or report the issue. Use the links on the dialog to learn more about the error or to see error logs.
+If you run into errors when using the [Windows authentication broker workflow for signing in to Visual Studio](#using-windows-authentication-broker), follow the action listed on the error dialog to resolve or report the issue. Use the links on the dialog to learn more about the error or to see error logs.
 
 For example, if you see the following error dialog, you can resolve the issue by selecting **change authentication mechanism** to open **Sign-in options** and switch to the [system web browser](#enabling-system-web-browser).