Episode Details
Back to Episodes
Dev Tunnels in Visual Studio for Microsoft 365 App Testing: How to Expose Local Apps Securely for Teams and SharePoint
Season 1
Published 8 months ago
Description
Dev Tunnels in Visual Studio for Microsoft 365 App Testing
Ever built the perfect Teams or Microsoft 365 app locally—only to realize your customer can’t test it without a painful deployment loop? In this episode, I walk through how Dev Tunnels in Visual Studio let you expose your local services as secure, internet‑reachable endpoints in minutes, so Teams, SharePoint and Power Platform can talk to your dev box without publishing to Azure first. You’ll learn how to configure tunnels correctly, avoid accidental over‑exposure, and keep your OAuth redirect URIs stable so your iteration speed goes up without your security posture going down.
We start with what Dev Tunnels really are and why that matters for Microsoft 365 apps. A tunnel is more than a temporary URL—it’s a controlled entry point into whatever is running on your machine right now. I break down why that’s so powerful for Teams tabs, SharePoint Framework solutions and webhooks, and why treating tunnels as disposable shortcuts can accidentally expose more of your dev environment than you intended. You’ll hear real scenarios where developers cut their feedback loop from 15‑minute deployments to instant reloads in Teams by routing traffic through a tunnel instead of a staging environment.
Then we go step by step through enabling Dev Tunnels in Visual Studio without breaking your existing setup. We look at where to turn tunnels on in project properties, how to choose the right visibility (Public, Public authenticated, Private authenticated), and how to pick a persistent tunnel name so your Entra ID (Azure AD) app registration redirect URIs don’t need constant edits. I also cover practical pitfalls—like IIS Express restarts killing your debug session, or multi‑port projects where you need to plan which service gets tunneled—so tunnels become a transparent layer on top of your workflow instead of a new source of friction.
Finally, we dig into the security trade‑offs between public anonymous and private authenticated tunnels. You’ll learn when anonymous access is acceptable (hackathons, quick demos) and when you absolutely want authentication in front of your tunnel, especially if you’re exposing APIs or tenant‑specific apps. By the end, you’ll have a clear mental model: Dev Tunnels as an on‑demand extension of your dev environment into the outside world—with the guardrails set by you, not by accident.
WHAT YOU’LL LEARN
The core insight of this episode is that Dev Tunnels are infrastructure, not a gimmick. O
Ever built the perfect Teams or Microsoft 365 app locally—only to realize your customer can’t test it without a painful deployment loop? In this episode, I walk through how Dev Tunnels in Visual Studio let you expose your local services as secure, internet‑reachable endpoints in minutes, so Teams, SharePoint and Power Platform can talk to your dev box without publishing to Azure first. You’ll learn how to configure tunnels correctly, avoid accidental over‑exposure, and keep your OAuth redirect URIs stable so your iteration speed goes up without your security posture going down.
We start with what Dev Tunnels really are and why that matters for Microsoft 365 apps. A tunnel is more than a temporary URL—it’s a controlled entry point into whatever is running on your machine right now. I break down why that’s so powerful for Teams tabs, SharePoint Framework solutions and webhooks, and why treating tunnels as disposable shortcuts can accidentally expose more of your dev environment than you intended. You’ll hear real scenarios where developers cut their feedback loop from 15‑minute deployments to instant reloads in Teams by routing traffic through a tunnel instead of a staging environment.
Then we go step by step through enabling Dev Tunnels in Visual Studio without breaking your existing setup. We look at where to turn tunnels on in project properties, how to choose the right visibility (Public, Public authenticated, Private authenticated), and how to pick a persistent tunnel name so your Entra ID (Azure AD) app registration redirect URIs don’t need constant edits. I also cover practical pitfalls—like IIS Express restarts killing your debug session, or multi‑port projects where you need to plan which service gets tunneled—so tunnels become a transparent layer on top of your workflow instead of a new source of friction.
Finally, we dig into the security trade‑offs between public anonymous and private authenticated tunnels. You’ll learn when anonymous access is acceptable (hackathons, quick demos) and when you absolutely want authentication in front of your tunnel, especially if you’re exposing APIs or tenant‑specific apps. By the end, you’ll have a clear mental model: Dev Tunnels as an on‑demand extension of your dev environment into the outside world—with the guardrails set by you, not by accident.
WHAT YOU’LL LEARN
- Why Dev Tunnels are more than “just a temporary URL” for Microsoft 365 app testing.
- How to enable and configure Dev Tunnels in Visual Studio without breaking your existing debug setup.
- How to keep OAuth redirect URIs stable by reusing tunnel names and domains.
- When to choose public anonymous vs. authenticated tunnels, and what each option means for security.
The core insight of this episode is that Dev Tunnels are infrastructure, not a gimmick. O