MacroView DMF 8.9.1086 and later supports using the Microsoft Identity Platform to sign in to SharePoint Online and OneDrive, as well as on-premises servers that are published via Azure AD Application Proxy. This improved integration leverages the Microsoft Authentication Library (MSAL) to provide a more seamless and secure experience when signing in.
Modern Authentication support in MacroView DMF was originally implemented using the Microsoft Azure Active Directory Authentication Library (ADAL), which has now reached end-of-life. ADAL support ends in December 2022 and is superseded by MSAL. MacroView DMF 8.9.10xx no longer uses ADAL and relies entirely on MSAL to perform Modern Authentication.
Sign-in required after upgrade
The migration to MSAL introduces some changes for existing MacroView DMF users. After upgrading to an MSAL-enabled build, users will need to sign in to all of their servers that use Modern Authentication. MacroView DMF displays account management UI during start up when there is more than one server that uses Modern Authentication and one or more of them need attention:
This UI is designed to clearly show signed in accounts at a glance and allow users to be better informed about the server they are signing in to when a sign in prompt is displayed. Users are unable to interact with MacroView DMF until they dismiss the account management UI, when it is displayed during start up.
Accounts can be displayed and/or switched at any time by right-clicking the MacroView DMF system tray icon and selecting 'Manage Accounts'. Users can also continue to sign in with another account by right-clicking the server in the browse tree-view.
Use different accounts for multiple servers in the same tenant
When accessing SharePoint and OneDrive servers in the same tenant the first account signed in for that tenant is automatically used to sign in to the other servers. This reduces sign in fatigue, in most cases is the desired result and retains the existing MacroView DMF behaviour when handling multiple servers in the same tenant.
The signed in account for a server can be switched via the tree-view or the Manage Accounts UI as previously described. Switching accounts for a server won't change the signed in account for any other servers in that same tenant. This is a new feature as earlier MacroView DMF versions only allowed a single account per tenant to be signed in.
Integrated with WAM
Web Account Manager (WAM) is a Windows 10+ component that streamlines user sign in by acting as an authentication broker for accounts that are known to Windows. When available, MacroView DMF will use WAM to sign in users. If for any reason WAM is available but not functioning correctly users can opt out by disabling the 'Use authentication broker' advanced setting. This will cause sign in to fall back to a browser-based experience.
When using WAM, the sign in prompt will automatically display work or school accounts that are connected to Windows:
These accounts will appear even after signing out in the browser. The only way to remove them from the sign in prompt is to disconnect them from Windows:
Different token cache format
The reason why user sign in is required after upgrade is that the previous ADAL token cache maintained by MacroView DMF cannot be migrated to the latest unified cache format used by MSAL. Any existing ADAL token cache is left in place after upgrade and MSAL token cache files are created at: %AppData%\MacroView DMF\Cache\TokenCache. These cache files are encrypted with the DPAPI to secure the access tokens.
- MacroView DMF and MacroView 8.9.1086 and later