Full web support for Conditional Access Policies

Today, Azure DevOps supports all conditional access policies set on the Azure Active Directory tenant for web and interactive flows during initial signin. Once a user has signed in, however, only IP-fencing policies are supported on an ongoing basis. We will invest in deepening Azure DevOps' integration with Azure Active Directory such that all conditional access policies are continuously evaluated - typically on an hourly basis. This will improve support for policies like device compliance, which can be used to prevent usage from devices that fail to meet a variety of compliance requirements.

Note

Non-interactive flows - for example, requests made programmatically using Personal Access Tokens - will continue to only support IP-fencing conditional access policies.