microsoft · Benjin · Apr 9, 2026 · Mar 18, 2026 · Apr 2, 2026 · Apr 6, 2026
@@ -1783,6 +1783,7 @@
     "Integrated": "Integrated",
     "SQL Login": "SQL Login",
     "Microsoft Entra Id - Universal w/ MFA Support": "Microsoft Entra Id - Universal w/ MFA Support",
+    "Microsoft Entra Id - Default": "Microsoft Entra Id - Default",
     "Azure Code Grant": "Azure Code Grant",
     "Azure Device Code": "Azure Device Code",
     "MSSQL - Azure Auth Logs": "MSSQL - Azure Auth Logs",
@@ -2230,8 +2231,8 @@
     "Clear cache and refresh token": "Clear cache and refresh token",
     "Clear token cache": "Clear token cache",
     "No workspaces found. Please change Fabric account or tenant to view available workspaces.": "No workspaces found. Please change Fabric account or tenant to view available workspaces.",
-    "Unsupported authentication type in connection string: {0}. Only SQL Login, Integrated, and Azure MFA authentication are supported./{0} is the authentication type": {
-        "message": "Unsupported authentication type in connection string: {0}. Only SQL Login, Integrated, and Azure MFA authentication are supported.",
+    "Unsupported authentication type in connection string: {0}. Only SQL Login, Integrated, Azure MFA, and Active Directory Default authentication are supported./{0} is the authentication type": {
+        "message": "Unsupported authentication type in connection string: {0}. Only SQL Login, Integrated, Azure MFA, and Active Directory Default authentication are supported.",
         "comment": ["{0} is the authentication type"]
     },
     "Add Firewall Rule to {0}/{0} is the server name": {

@@ -541,6 +541,7 @@ export class ConnectionDialogWebviewController extends FormWebviewController<
                     AuthenticationType.SqlLogin,
                     AuthenticationType.Integrated,
                     AuthenticationType.AzureMFA,
+                    AuthenticationType.ActiveDirectoryDefault,
                 ];
 
                 if (
@@ -925,9 +926,24 @@ export class ConnectionDialogWebviewController extends FormWebviewController<
     async updateItemVisibility() {
         let hiddenProperties: (keyof IConnectionDialogProfile)[] = [];
 
+        if (
+            this.state.connectionProfile.authenticationType !== AuthenticationType.SqlLogin &&
+            this.state.connectionProfile.authenticationType !==
+                AuthenticationType.ActiveDirectoryDefault
+        ) {
+            hiddenProperties.push("user");
+        }
         if (this.state.connectionProfile.authenticationType !== AuthenticationType.SqlLogin) {
-            hiddenProperties.push("user", "password", "savePassword");
+            hiddenProperties.push("password", "savePassword");
         }
+
+        const userComponent = this.state.formComponents["user"];
+        if (userComponent) {
+            // userId is required for SQL Login, optional for AD Default, and hidden (above) for everything else
+            userComponent.required =
+                this.state.connectionProfile.authenticationType === AuthenticationType.SqlLogin;
+        }
+
         if (this.state.connectionProfile.authenticationType !== AuthenticationType.AzureMFA) {
             hiddenProperties.push("accountId", "tenantId");
         }

@@ -176,6 +176,7 @@ export let authTypeName = l10n.t("authenticationType");
 export let authTypeIntegrated = l10n.t("Integrated");
 export let authTypeSql = l10n.t("SQL Login");
 export let authTypeAzureActiveDirectory = l10n.t("Microsoft Entra Id - Universal w/ MFA Support");
+export let authTypeAzureActiveDirectoryDefault = l10n.t("Microsoft Entra Id - Default");
 export let azureAuthTypeCodeGrant = l10n.t("Azure Code Grant");
 export let azureAuthTypeDeviceCode = l10n.t("Azure Device Code");
 export let azureLogChannelName = l10n.t("MSSQL - Azure Auth Logs");
@@ -972,7 +973,7 @@ export class ConnectionDialog {
     public static unsupportedAuthType(authenticationType: string) {
         return l10n.t({
             message:
-                "Unsupported authentication type in connection string: {0}. Only SQL Login, Integrated, and Azure MFA authentication are supported.",
+                "Unsupported authentication type in connection string: {0}. Only SQL Login, Integrated, Azure MFA, and Active Directory Default authentication are supported.",
             args: [authenticationType],
             comment: ["{0} is the authentication type"],
         });

@@ -1333,6 +1333,8 @@ export default class ConnectionManager {
                 connectionSource: connectionSource,
             },
             undefined,
+            credentials,
+            undefined,
             true, // include call stack
         );
 
@@ -1404,7 +1406,7 @@ export default class ConnectionManager {
              */
             connectionActivity.endFailed(
                 error,
-                false, // Do not include error message as it might contain sensitive info
+                false, // includeErrorMessage
             );
             return false;
         }

@@ -238,10 +238,12 @@ export default class QueryRunner {
         const cancelQueryActivity = startActivity(
             TelemetryViews.QueryEditor,
             TelemetryActions.CancelQuery,
-            undefined,
-            undefined,
-            undefined,
-            true, // Include call stack
+            undefined, // correlationId
+            undefined, // startActivityAdditionalProps
+            undefined, // startActivityAdditionalMeasurements
+            undefined, // connectionInfo
+            undefined, // serverInfo
+            true, // include callstack in telemetry
         );
         const cancelParams: QueryCancelParams = { ownerUri: this._ownerUri };
         let cancelRequestCompleted = false;
@@ -316,12 +318,14 @@ export default class QueryRunner {
         const runStatementActivity = startActivity(
             TelemetryViews.QueryEditor,
             TelemetryActions.RunQuery,
-            undefined,
+            undefined, // correlationId
             {
                 executionType: "statement",
                 hasExecutionPlan: executionPlanOptions ? "true" : "false",
             },
-            undefined,
+            undefined, // startActivityAdditionalMeasurements
+            undefined, // connectionInfo
+            undefined, // serverInfo
             true, // Include call stack
         );
         let runStatementRequestCompleted = false;
@@ -392,7 +396,9 @@ export default class QueryRunner {
                 executionType: queryType,
                 hasExecutionPlan: executionPlanOptions ? "true" : "false",
             },
-            undefined,
+            undefined, // startActivityAdditionalMeasurements
+            undefined, // connectionInfo
+            undefined, // serverInfo
             true, // Include call stack
         );
 
@@ -640,11 +646,13 @@ export default class QueryRunner {
         const rowsFetchActivity = startActivity(
             TelemetryViews.QueryEditor,
             TelemetryActions.GetResultRowsSubset,
-            undefined,
-            undefined,
+            undefined, // correlationId
+            undefined, // startActivityAdditionalProps
             {
                 rowCount: bucketizeRowCount(numberOfRows),
             },
+            undefined, // connectionInfo
+            undefined, // serverInfo
             true, // Include call stack
         );
         try {

@@ -366,12 +366,14 @@ export abstract class WebviewBaseController<State, Reducers> implements vscode.D
             const reducerActivity = startActivity(
                 TelemetryViews.WebviewController,
                 TelemetryActions.Reducer,
-                undefined,
+                undefined, // correlationId
                 {
                     type: action.type as string,
                     webviewId: this._sourceFile,
                 },
-                undefined,
+                undefined, // startActivityAdditionalMeasurements
+                undefined, // connectionInfo
+                undefined, // serverInfo
                 true, // include call stack
             );
             const reducer = this._reducerHandlers.get(action.type);
@@ -440,12 +442,14 @@ export abstract class WebviewBaseController<State, Reducers> implements vscode.D
             const handlerActivity = startActivity(
                 TelemetryViews.WebviewController,
                 TelemetryActions.OnRequest,
-                undefined,
+                undefined, // correlationId
                 {
                     type: type.method,
                     webviewId: this._sourceFile,
                 },
-                undefined,
+                undefined, // startActivityAdditionalMeasurements
+                undefined, // connectionInfo
+                undefined, // serverInfo
                 true, // include call stack
             );
             try {

@@ -243,6 +243,10 @@ export class ConnectionCredentials implements IConnectionInfo {
                 name: LocalizedConstants.authTypeAzureActiveDirectory,
                 value: utils.authTypeToString(AuthenticationTypes.AzureMFA),
             },
+            {
+                name: LocalizedConstants.authTypeAzureActiveDirectoryDefault,
+                value: utils.authTypeToString(AuthenticationTypes.ActiveDirectoryDefault),
+            },
         ];
 
         return choices;

@@ -66,7 +66,9 @@ export class ConnectionProfile extends ConnectionCredentials implements IConnect
         if (this.authenticationType) {
             if (
                 this.authenticationType === AuthenticationTypes[AuthenticationTypes.Integrated] ||
-                this.authenticationType === AuthenticationTypes[AuthenticationTypes.AzureMFA]
+                this.authenticationType === AuthenticationTypes[AuthenticationTypes.AzureMFA] ||
+                this.authenticationType ===
+                    AuthenticationTypes[AuthenticationTypes.ActiveDirectoryDefault]
             ) {
                 return utils.isNotEmpty(this.server);
             } else {

@@ -31,6 +31,7 @@ export enum AuthenticationTypes {
     Integrated = 1,
     SqlLogin = 2,
     AzureMFA = 3,
+    ActiveDirectoryDefault = 4,
 }
 
 export enum EncryptOptions {

@@ -762,7 +762,7 @@ export class ObjectExplorerService {
                 );
                 if (choice === LocalizedConstants.ObjectExplorer.FailedOEConnectionErrorSignIn) {
                     try {
-                        await VsCodeAzureHelper.signIn(); // User chose to sign in to the missing account; try again.
+                        await VsCodeAzureHelper.signIn(true); // User chose to sign in to the missing account; try again.
                         return await prepareConnectionProfile();
                     } catch (retryError) {
                         this._logger.error(

@@ -133,9 +133,11 @@ export class SchemaDesignerWebviewController extends WebviewPanelController<
             const schemaDesignerInitActivity = startActivity(
                 TelemetryViews.SchemaDesigner,
                 TelemetryActions.Initialize,
-                undefined,
-                undefined,
-                undefined,
+                undefined, // correlationId
+                undefined, // startActivityAdditionalProps
+                undefined, // startActivityAdditionalMeasurements
+                undefined, // connectionInfo
+                undefined, // serverInfo
                 true, // include callstack in telemetry
             );
             try {

@@ -212,6 +212,10 @@ export enum AuthenticationType {
      * Microsoft Entra Id - Universal with MFA support
      */
     AzureMFA = "AzureMFA",
+    /**
+     * Microsoft Entra Id - Default
+     */
+    ActiveDirectoryDefault = "ActiveDirectoryDefault",
     /**
      * Microsoft Entra Id - Password
      */

@@ -286,7 +286,7 @@ export type FinishActivity = (
     activityStatus: Exclude<ActivityStatus, ActivityStatus.Failed>,
     additionalProperties?: Record<string, string>,
     additionalMeasurements?: Record<string, number>,
-    connectionProfile?: any, //TODO fix any with IConnectionProfile
+    connectionProfile?: vscodeMssql.IConnectionInfo,
     serverInfo?: vscodeMssql.IServerInfo,
 ) => void;
 
@@ -310,7 +310,7 @@ export type FinishActivityFailed = (
 export type UpdateActivity = (
     additionalProperties?: Record<string, string>,
     additionalMeasurements?: Record<string, number>,
-    connectionProfile?: any, //TODO fix any with IConnectionProfile
+    connectionProfile?: vscodeMssql.IConnectionInfo,
     serverInfo?: vscodeMssql.IServerInfo,
 ) => void;
 

@@ -101,7 +101,7 @@ export function sendActionEvent(
     telemetryAction: TelemetryActions,
     additionalProps: TelemetryEventProperties | { [key: string]: string } = {},
     additionalMeasurements: TelemetryEventMeasures | { [key: string]: number } = {},
-    connectionInfo?: IConnectionProfile,
+    connectionInfo?: vscodeMssql.IConnectionInfo,
     serverInfo?: vscodeMssql.IServerInfo,
     includeCallStack: boolean = false,
 ): void {
@@ -188,6 +188,8 @@ export function startActivity(
     correlationId?: string,
     startActivityAdditionalProps: TelemetryEventProperties = {},
     startActivityAdditionalMeasurements: TelemetryEventMeasures = {},
+    connectionInfo?: vscodeMssql.IConnectionInfo,
+    serverInfo?: vscodeMssql.IServerInfo,
     includeCallStack: boolean = false,
 ): ActivityObject {
     const startTime = performance.now();
@@ -209,6 +211,8 @@ export function startActivity(
             ...startActivityAdditionalMeasurements,
             startTime: Math.round(startTime),
         },
+        connectionInfo,
+        serverInfo,
     );
 
     const activityUpdateAdditionalPropsBase: TelemetryEventProperties = {

@@ -124,5 +124,20 @@ suite("ConnectionCredentials Tests", () => {
                 ).to.equal(originalConnInfo[key as keyof IConnectionInfo]);
             }
         });
+
+        test("createConnectionInfo preserves ActiveDirectoryDefault auth type", () => {
+            const connDetails: ConnectionDetails = {
+                options: {
+                    server: "someServer",
+                    authenticationType:
+                        AuthenticationTypes[AuthenticationTypes.ActiveDirectoryDefault],
+                },
+            };
+
+            const connInfo = ConnectionCredentials.createConnectionInfo(connDetails);
+            expect(connInfo.authenticationType).to.equal(
+                AuthenticationTypes[AuthenticationTypes.ActiveDirectoryDefault],
+            );
+        });
     });
 });
@@ -332,6 +332,19 @@ suite("ConnectionDialogWebviewController Tests", () => {
             expect(controller.state.isEditingConnection).to.be.true;
             expect(controller.state.editingConnectionDisplayName).to.not.be.undefined;
         });
+
+        test("should show optional user and hide password fields for ActiveDirectoryDefault", async () => {
+            controller.state.connectionProfile.authenticationType =
+                AuthenticationType.ActiveDirectoryDefault;
+
+            await controller.updateItemVisibility();
+
+            expect(controller.state.formComponents.user.hidden).to.not.be.true;
+            expect(controller.state.formComponents.password.hidden).to.be.true;
+            expect(controller.state.formComponents.savePassword.hidden).to.be.true;
+            expect(controller.state.formComponents.accountId.hidden).to.be.true;
+            expect(controller.state.formComponents.tenantId.hidden).to.be.true;
+        });
     });
 
     suite("Reducers", () => {
@@ -920,6 +933,25 @@ suite("ConnectionDialogWebviewController Tests", () => {
                 expect(controller.state.dialog, "dialog should be closed").to.be.undefined;
             });
 
+            test("should load connection details from connection string with ActiveDirectoryDefault", async () => {
+                const parsedDetails = {
+                    options: {
+                        server: "myServer",
+                        database: "myDB",
+                        authenticationType: AuthenticationType.ActiveDirectoryDefault,
+                    },
+                } as ConnectionDetails;
+
+                await runConnectionStringScenario(parsedDetails);
+
+                expect(controller.state.connectionProfile.server).to.equal("myServer");
+                expect(controller.state.connectionProfile.database).to.equal("myDB");
+                expect(controller.state.connectionProfile.authenticationType).to.equal(
+                    AuthenticationType.ActiveDirectoryDefault,
+                );
+                expect(controller.state.dialog, "dialog should be closed").to.be.undefined;
+            });
+
             test("should display error message if connection string has unsupported authentication type", async () => {
                 const parsedDetails = {
                     options: {

@@ -6,6 +6,7 @@
 import * as sinon from "sinon";
 import { IConnectionInfo } from "vscode-mssql";
 import { ConnectionCredentials } from "../../src/models/connectionCredentials";
+import { ConnectionProfile } from "../../src/models/connectionProfile";
 import { AuthenticationTypes } from "../../src/models/interfaces";
 import { expect } from "chai";
 
@@ -115,4 +116,13 @@ suite("Connection Profile tests", () => {
         expect(details.options["user"]).to.not.be.undefined;
         expect(details.options["workstationId"]).to.not.be.undefined;
     });
+
+    test("ActiveDirectoryDefault profile only requires server", () => {
+        const profile = new ConnectionProfile();
+        profile.server = "my-server";
+        profile.authenticationType =
+            AuthenticationTypes[AuthenticationTypes.ActiveDirectoryDefault];
+
+        expect(profile.isValidProfile()).to.be.true;
+    });
 });
@@ -49,6 +49,7 @@ export function buildCapabilitiesResult(): CapabilitiesResult {
                             AuthenticationType.SqlLogin,
                             AuthenticationType.Integrated,
                             AuthenticationType.AzureMFA,
+                            AuthenticationType.ActiveDirectoryDefault,
                         ],
                     },
                     {