Multi-Factor authentication (2FA) in release approvals

Few months back, we (Anjani Chandan) had enabled a feature in RM which lets you enforce multi-factor authentication in the release approval flow. This is very useful in scenarios where you want approvers to re-signin before approving so that it is crystal clear that who approved the release. One example where it is little ambiguous is as follows : -

  • User1 has got a release to approve.
  • Before approving the release, user1 go away from its machine leaving it unlocked.
  • User2 uses user1's machine to approve the release.

Now let us see how you can enable it in your release definition. The enabling of this feature is very simple, all you have to do is to enable the approval policy, "Revalidate identity of approver before completing the release" in your environment.

Note: - This feature is only available in VSTS for AAD backed accounts only. You can find out whether your account is AAD backed or not by visiting the account settings page https://{myaccountName}

Now let us see how the approval flow changes when you create a release. You get a normal approval dialog.

When you attempt to approve the release, we take you to the sign-in experience again so that we can revalidate your identity.

If your organization's active directory enforces multi-factor authentication, then this experience will also take you through it.

Please try it out and do let us know how it goes for you !!

Skip to main content