Git checkin/sync/fetch/pull fails in Visual Studio and can’t login with organizational account

We went through the process of setting up our organization in Azure AD and connecting it to VSTS today. 

Connect VSTS account to Azure Active Directory (Azure AD)

Everything seemed to be working correctly initially:

• Our VSTS account was listed in Azure
• We could login to VSTS successfully both from the web portal and Visual Studio Team Explorer Connection Manager
• Had rights to everything we needed
• All our user data had migrated correctly
• We could add AD groups in VSTS
• Our organizational Azure subscriptions were listed as expected

UNTIL the first developer tried to check-in to a git repo in VSTS.  We were prompted for Microsoft account credentials:

The problem was our Microsoft Account (MSA) no longer had rights to VSTS, after following the tutorial above, VSTS had been migrated to authenticate users with our new Azure AD Accounts (AAD).  Typically, this login prompt either identifies the email as an org account (notice the badge in the top right):

Or, if you have both an org and MSA account with that email address it asks which you would like to use:

In this case, it would only take a MSA which wouldn’t work.  Not sure but I expect this is a limitation of Visual Studio today.

Solution

Eventually I figured out that we had previously been connecting to the git repo(s) using a stored Window Credential for our VSTS address:

Checking our VSTS profile we found all our personal access tokens were gone after the migration which makes sense.  So we had to create a new token, update the Window Credential and everything worked again.

Hope this helps others!