PSA: New MSAs Can’t Use Org. E-mail Addresses just finished the post, Get a List of VSTS Users with APIs, which was inspired by some work I’ve been doing to prepare for migrating my organization’s VSTS accounts to be backed by Azure Active Directory (AAD). The reason we are doing this now is a) because we’ve waited way too long to do it and, b) because Microsoft has now imposed a deadline of March 30th when it will no longer allow Microsoft Accounts (MSAs) to be created with an e-mail address that is also an organizational ID (e.g. a Azure/Office 365 account).

Straight from Justin Marks’ announcement:

On September 15, 2016, the Azure Active Directory (Azure AD) team blocked the ability to create new Microsoft accounts using email addresses in domains that are configured in Azure AD. Many VSTS customers expressed concern when this change happened. As a result, we worked with the Azure AD team to get a temporary exception for our service to be excluded from this limitation. Over the past year, we have improved our experience for connecting accounts to Azure AD and we are now ready to end this exception. This means that, as of March 30th, 2018, a new user in your organization will not be able to create a new MSA sign-in with a custom domain name if that domain name is already used by an Azure AD tenant. This may affect the way you bring new users into your VSTS account, so we wanted to give you advance warning of the change as well as give you guidance on how to move forward.

In our case, we have asked our VSTS users to create their MSAs with the same e-mail address as their work e-mail address with the hope that it would ease the transition when we finally moved to AAD. While it looks like our efforts will help out slightly, it really didn’t buy us a whole lot (since Microsoft does any of the user account migrations for us).

Regardless, if you are in the same boat as us, you’ll want to make sure you get migrated prior to the 30th. Otherwise, any new employees/VSTS users that come along after the 30th will have to use a different e-mail address when creating their MSA.

Here are some links for further information if you’re curious…

Happy migration!