I have followed the instructions here to create an MVC application with the default configuration to authenticate with Azure active directory.
The Microsoft sign in page presents an option to choose whether I sign in with a 'work / school' account or 'personal' account. This is because i have a personal account set up with the same email as my organisational one.
I would like to prevent personal account sign in.
I know that appending the query string (msafed=0) to the login URL does exactly this, however I don't have a clue where to implement this in the default authentication code.
msafed=0 is the way to go. If you're using OWIN, try hooking the
RedirectToIdentityProvider notification in the
OpenIdConnectAuthenticationOptions. There you can append extra query parameters in the outgoing request.