Hired a new developer for my team and he's got Azure Devops access to repos and boards and is able to login to the Azure Government portal via his company appointed .onMicrosoft.com email account. He gets this issue when trying to sign into that .onMicrosoft.com on Visual Studio Community 2022.
Sign-in error code: 65002
Failure reason: Consent between first party application '{applicationId}' and first party resource '{resourceId}' must be configured via preauthorization - applications owned and operated by Microsoft must get approval from the API owner before requesting tokens for that API.
Additional Details
A developer in your tenant may be attempting to reuse an App ID owned by Microsoft. This error prevents them from impersonating a Microsoft application to call other APIs. They must move to another app ID they register in portal.azure.com.
Here's the steps that have been done thus far with no luck:
- Changed password on portal login
- Made sure to match all permissions with other users through all resources
- Deleted the %localappdata%.identityservice folder
- Deleted all browser cookies and local storage
- Deleted the account and then recreated it (as well as reestablished resource IAM permissions)
Also Can't seem to find the applicationId nor resourceId when looking through all apps in App Registrations
Spoke with MS devs and it indeed is VS's new ID not being authorized by Azure. I was able to help the MS team identify the issue; it was related to the fact that they changed VS app ID and (potentially in Azure Government) something wasn't authorizing the VS app. To temp fix it until their patch, go to Tools --> Environment --> Preview Features and uncheck 'Use new identity service client configuration(requires restart)' This will restore VS to the older app ID.
Was told as of this posting that they identified it locally and will patch this soon.