Sources

A former Azure Core engineer published a damning exposé on April 2-3, 2026, revealing systemic failures in Microsoft Azure’s engineering culture. Axel Rietschin, who worked on Azure’s core infrastructure from May 2023, documented how management prioritized aggressive feature releases over foundational stability. The result: technical debt so severe that engineers can’t fix bugs without risking cascading system failures. … ## Code Quality So Bad They Can’t Fix Bugs Azure’s codebase has deteriorated to the point where bug fixes are rejected because fixing them risks breaking entire systems. Axel documented a 122-person engineering organization managing 173 VM management agents with no documentation explaining their purpose or interdependencies. The team cannot refactor code or improve quality without fear of cascading failures. “The team had reached a point where it was too risky to make any code refactoring or engineering improvements,” Axel wrote. Proposals to use smart pointers for memory safety were rejected. Meanwhile, 400 Watt Xeon processors are hitting performance limits due to inefficient code. Azure’s Overlake accelerator stack scales to “just a few dozen VMs per node” versus its theoretical 1,024 capacity, creating “noisy neighbor” problems that cause jitter in customer VMs. … The reports are consistent: random AKS pod crashes, database nodes experiencing unexplained disk latency spikes, services stable on GCP becoming “unpredictable” when migrated to Azure, 503 Gateway Timeouts without traceable root causes. One user described the experience bluntly: “The Azure UI feels like a janky mess, barely being held together.” Documentation is “entirely written by AI and constantly out of date.”

If you insist on {ts:77} organizing everything under a few subscriptions with just resource groups for separation or do so unknowingly, {ts:85} you're likely to run into some significant pain points. These issues can hinder scalability, security, {ts:93} manageability, and even cost transparency. In this video, we will count down the top five pain points that {ts:102} real Azure customers face when they treat resource groups as many subscriptions instead of leveraging {ts:109} multiple subscriptions. We'll illustrate each pain with examples and discuss why Azure architects recommend a {ts:117} subscription centric approach. Let's dive in. Painpoint one, hitting subscription limits and quotas. Every {ts:125} Azure subscription comes with certain service limits and quotas, maximum numbers of resources or capacities {ts:134} allowed. When you put all your projects environments in one subscription, they all share the same quota pool. A common {ts:143} pain point is hitting these subscription level limits as your usage grows. For example, an Azure subscription has a {ts:152} limit on certain resource types, such as a maximum of 250 storage accounts per subscription by default. If multiple {ts:162} teams or applications allocate storage accounts under one subscriptions umbrella, it's surprisingly easy to {ts:171} exhaust such quotas. We've seen teams suddenly blocked from deploying new storage because they unknowingly hit the {ts:180} subscriptions cap on a resource type. This problem is less about resource groups which have minimal quotas of {ts:188} their own and more about the subscription being a single container for all usage. … {ts:264} you're still bottlenecked by one subscription's limits. Painpoint two, complex and risky access management, {ts:273} RBAC hell. Another major pain point is the complexity of managing role-based access control, RBAC. When everything {ts:283} lives in one subscription, Azure allows you to assign permissions at the subscription level, resource group … Admins frequently find themselves creating {ts:344} numerous custom roles or complex deny rules to compensate which is errorprone. As one cloud architect noted from {ts:353} experience, a single subscription model requires significantly more complex RBAC configuration along with extra {ts:362} management overhead. In other words, using resource groups as isolation units is not straightforward. … {ts:545} granularity and face increased complexity and risk of policy exceptions. For instance, one team might {ts:552} need a preview as your feature requiring a resource provider registration that another team shouldn't use in production {ts:560} in a single subscription. You can't easily enable it for one project and not the other without it technically … {ts:692} settings and the potential for cross environment interference which you'd constantly have to guard against. {ts:701} Painpoint four, difficulties in cost management and billing segmentation. … The pain comes from the extra work required to achieve what multiple subscriptions offer by design. {ts:874} Clear cost segregation and accountability for each workload or team. Painpoint five, complicated future {ts:883} migrations and scalability constraints. Perhaps the most subtle but extremely important pain point is the technical {ts:891} debt you accumulate by not adopting subscription democratization from the start. … {ts:924} While Azure does support moving many resource types across subscriptions, there are often limitations. Certain {ts:932} services can't be moved or require downtime and intricate dependencies to sort out. For example, imagine you have {ts:940} a complex application spread over many resource groups and you now want to isolate it in a new subscription. … {ts:1000} single subscription design essentially undoing the old model to adopt a subscription democratized model later. {ts:1010} This is a painful process that can involve export import of resources, downtime windows, or even rebuilding {ts:1018} parts of the infrastructure in a new subscription and migrating data. … {ts:1106} early stages, but these five pain points hitting subscription limits, RBAC complexity, lack of isolation, {ts:1115} governance issues, cost tracking difficulties, and future migration headaches will almost certainly surface {ts:1123} as your cloud usage grows. The consistent theme is that a subscription is a stronger unit of isolation and

- Start with a clear goal. What do you want from your pipeline? Fast builds? Easy rollbacks? Full traceability? - Map your workflow. Write it out, even on paper—a basic map of how code moves from developer to production. - Be honest about your pain points. Is it slow feedback? Flaky releases? Manual handovers? … **Common mistakes to avoid** **Overcomplicating pipelines:**Keep them as simple as possible. If a script is too long, break it up. Use descriptive names for steps. **Poor documentation:**Pipelines as code is good, but future-you (or new teammates) will thank you for adding comments. **Ignoring security:**Always review who has access, especially when you are connecting multiple sources. **No feedback loops:**Set up notifications. Developers need to hear quickly when something breaks. **Skipping manual approvals where needed:**Sometimes a manual check before production is worth the slight delay.

### Limited Control over Underlying Infrastructure One of the most common challenges faced by Azure developers is the limited control over the underlying infrastructure. Azure is a platform-as-a-service (PaaS) offering, which means that Microsoft manages the infrastructure, including servers, storage, and networking, on behalf of the developers. While this can be beneficial in terms of scalability and reliability, it can also be limiting for developers who require more control over the infrastructure to optimize performance or meet specific security requirements. … ### Complex Pricing Structure Another common challenge faced by Azure developers is the complex pricing structure of the platform. Azure offers a pay-as-you-go pricing model, which can be beneficial for developers who want to scale their applications based on demand. However, navigating the various pricing options and understanding how they apply to specific services and resources can be challenging for developers, especially those who are new to the platform. … However, developers may still encounter challenges when configuring and managing these integrations, especially when dealing with complex workflows or disparate systems. To overcome this challenge, developers can use Azure Resource Manager templates to automate the deployment of their applications and infrastructure, reducing the time and effort required to integrate with existing systems and tools. Azure developers face a variety of challenges when working with Microsoft's cloud platform, from limited control over the underlying infrastructure to complex pricing structures and security concerns. By understanding these challenges and implementing best practices for overcoming them, developers can build and deploy applications on Azure more effectively and efficiently. … #### Common Challenges Some common challenges faced by Azure developers when dealing with complex networking configurations include: - Lack of knowledge about networking principles: Many developers come from a software development background and may not have extensive experience with networking concepts. This lack of knowledge can make it difficult to design and implement robust networking solutions in Azure. - Complexity of virtual network configurations: Configuring virtual networks, subnets, and network security groups in Azure can be complex, especially for larger applications with multiple components. Developers must carefully plan and design their network architecture to ensure optimal performance and security. … ## Common Challenges Faced by Azure Developers: Security Concerns and Compliance ### Security Concerns One of the biggest challenges facing Azure developers is ensuring the security of their applications and data. With cyber threats becoming increasingly sophisticated, it is more important than ever for developers to stay on top of the latest security best practices and technologies. One common security concern for Azure developers is data breaches. According to a recent study, the average cost of a data breach is $3.92 million, making it essential for developers to protect their applications and data from unauthorized access. … ## Comments (17) Man, one big challenge I face as an Azure developer is dealing with scalability issues. Sometimes my app can't handle sudden spikes in traffic.<code> if (trafficSpike) { scaleUp(); } </code> Yeah, I hear you. Another pain point for me is debugging. It's hard to track down issues when they're happening in the cloud. … Especially with all those compliance regulations to worry about. It's a never-ending maze of checkboxes. True that. And what about documentation? It's like pulling teeth to keep everything up to date. <code> updateDocumentation(); </code> I hear ya. Sometimes it feels like there are new Azure services popping up every other day. … One common challenge faced by Azure developers is dealing with permission issues when setting up access controls for resources. It can be tricky to get the right permissions in place for users and applications without compromising security. Don't forget about managing costs in Azure! It's easy to spin up resources and forget about them, but those costs add up quickly. Set up budget alerts and regularly review your usage to prevent any surprises on your bill. … One common challenge faced by Azure developers is dealing with the complexity of managing resources across different environments. It can be a real headache trying to ensure that everything is configured correctly and consistently across development, staging, and production environments. <code>if (env === 'production') { /* do something */ }</code> Another challenge is getting familiar with the Azure Portal's interface. It can be overwhelming at first with all the different services and options available. But once you get the hang of it, you'll find that it's actually a pretty powerful tool for managing your resources. <code>const resource = await client.getResources();</code> Scaling your applications can also be a headache. Figuring out the right balance between performance and cost can be tricky, especially when you're dealing with fluctuating traffic levels. <code>if (trafficLevel > 1000) { scaleUp(); }</code> Security is always a concern when working with cloud services. Keeping your data safe and ensuring that only authorized users have access to your resources can be a challenge, especially with all the different security options available in Azure. <code>if (user.role !== 'admin') { denyAccess(); }</code>

- You have to open a support ticket to raise your limits on your subscriptions - and prepare to wait weeks with zero communication from microsoft if your region is contended. - I've had people from the third party support companies directly contact me on teams chasing for me to close their tickets... HIGHLY unprofessional in my opinion. Tickets they have not been able to complete because it's "impossible": … - I hope you like HTTP 409 CONFLICT - Azure AD goes down ALL OF THE TIME. Everything in Azure and Office 365 relies on Azure AD. Somehow this is fine. - One minute, your VM will take two minutes to create. Another minute, it will take 45. You have no way of knowing beforehand. … Their UX and docs are extremely bad. Not that AWS/GCP are perfect, but at least they're actually usable - the docs can be read and understood, and the UI and API don't take years to answer every single call. As an anecdote, demos from their own Solutions Architects leave the impression everything is a slow disjointed mess. As another anecdote, I don't know any single Platform/Infra/SRE/DevOps/Cloud person that actually likes Azure, while I know lots of people who evangelise AWS/GCP for various reasons. … Functions are the worst thing I always had to deal with. It's weird... it's some kind of .net runtime running somewhere. Most if not ALL Function documentation revolves around clickety click bullshit with VSCode. Say you want to provision with terraform you need to pack a zip file with the exact file structure explained from instructions buried among 300 screenshots of VSCode guides. Its also a pain in the ass to troubleshoot. … ryanjshaw on March 29, 2024 Every tutorial and piece of documentation seems to assume you are an administrator in your tenant, and if you aren't, good luck figuring out who administers the particular combination of functionality you're fighting today. Note that the problem here isn't the organisation's controls, it's the complete lack of discoverability of process, and integration into those processes, that is exhausting. Even a hyperlink into a templated SharePoint list with admin distribution lists as required info to activate a policy would be a game changer. … Begging and pleading for spot quota, being repeatedly told it's unavailable because the region is full, while the spot price is at the minimum and has been for months Having quota silently removed because we weren't using it for two weeks, then having to resume begging for months to get it back. Flat out refusal to let me pay by card on a new subscription - bank transfer only - on the same account as other subscriptions paying 10k/mo bills by card. … We use Terraform as our primary Azure client, but I'd argue most of the problems with Terraform are because of fuck-ups in the underlying Azure API or Azure resource providers. If it works manually, but not via Terraform, it's the fault of Terraform (or possibly the underlying Go SDK, small disclaimer). The ARM API is used by the Azure portal, as well as all the SDK's. … empuxr on March 30, 2024 The shit part about this: - Can't do it through the Azure Portal - Can't do it through Terraform - Docs only give you PowerShell examples - Docs don't explain you WHY you need to do this, they just expect you to suck it up - Why is Application Gateway only supporting user-managed identities and not system-assigned identities for this feature?

Azure Web & Worker Roles were Microsoft’s first attempt at this. They work well, but have a few pain points. Very slow to deploy. Can’t change the instance size after deployment. Configurations via service definitions can get complicated. My biggest complaint is that they can get expensive quickly if you have a lot of small apps. You can’t easily pack multiple apps onto fewer servers and you get stuck paying even more for staging servers. Luckily, Microsoft has solved all of these issues with Azure Web Apps.

### Microsoft Azure Developer Challenges and Solutions The following are some issues with Microsoft Azure and their fixes: #### Cost Management Challenges in Azure Recognize your needs and select the appropriate services for your budget before utilizing Azure. **Challenge: **If you don’t control your consumption and spending, Azure can be costly. Azure cost management presents the following challenges: **Complexity:**Because Azure prices vary depending on various parameters, such as location, capacity, and services used, they might be complicated. - Determining if you’re overpaying or receiving value for your money might be challenging. **Multiple Cloud Services:**It may be more challenging to comprehend the connections between prices, consumption, and services when using different Microsoft cloud services. **Free Tier:**For the first 12 months, certain Azure services are free; others, with certain restrictions, are free indefinitely. **Old Habits:**Your Azure cloud charge may go up if you overprovision or leave resources running unnecessarily out of habit. **Managing Data Storage and Transfer:**A sizable amount of cloud expenditures may be related to data storage and transit. … #### Challenges in Administration and Monitoring with Azure **Challenge: **Although they could be under-resourced, some IT directors believe that Azure includes management and monitoring. The following are some challenges associated with administering and monitoring on Azure: **Lack of alerts and notifications:**The lack of custom alerts and notifications in Azure Monitor might make it challenging to keep track of the condition of your infrastructure. **Security Risks:**A security risk associated with cloud migration may be mitigated by Azure’s information protection procedure. - If a user account with privileged access is compromised or if users are granted permanent privileged access, businesses may still have difficulties. **Cost Increases:**Businesses that migrate to Azure may see sharp increases in costs, particularly if they don’t properly plan. **Azure Monitor Log Issues:**Azure Monitor logs frequently have the following problems: … **Solutions:** Here are some strategies to address these problems: **Azure IT Services:**Investigate and address security issues with Azure-managed IT services. Additionally, they can train your IT staff. **Azure Reliability:**To carry out a disaster recovery plan, use Azure Site Recovery, Azure Backup, and Azure Reliability. **Azure Identity Management:**Reduce the amount of time that rights are exposed and improve usage visibility by utilizing Microsoft Entra Privileged Identity Management. **Other Azure Tools:**To assess application performance, fulfill SLAs, and identify faults, use a solution such as Turbo360. … - Compared to on-premises systems, managing these discrepancies in cloud environments might be more difficult. **DevOps Procedures:**Compliance may become more difficult as a result of DevOps techniques that facilitate the creation of Azure resources. **System Images:**Virtual machine or VM-based system images may be a security risk. **Data Security:**To safeguard data while it is in use, in transit, and at rest, a multifaceted strategy is needed. … **Challenges:** Azure can scale. The following are some issues with Azure scalability: **Satisfying demand:**Users may not be able to access an app during peak hours if it is unable to manage sudden spikes in demand. **Cost control:**If consumption and costs aren’t well managed, Azure may be pricey. To keep costs down, it’s critical to comprehend needs before selecting services. … **Challenges: **The following are some challenges with Azure’s DevOps and CI/CD: **Infrastructure Management:**Smaller teams may find it difficult and expensive to set up and operate Azure DevOps Server. **Scalability:**Large projects may be more difficult to manage with Azure DevOps Server’s limited scalability when compared to Azure DevOps Services. **Configuration and personalization:**These skills are necessary because they can be complex. **Support and updates:**The cloud version may have better support and updates. **Integrating with other tools:**Including Azure DevOps Server with other cloud services or CI/CD solutions can make your pipeline more complicated and risky. **Inadequate Identity and Access Management (IAM):**IAM issues can allow unauthorized users to deploy compromised software, insert malicious code, or alter code. Enroll in our Azure DevOps job seeker program to secure your future in cloud computing. ##### Other challenges with CI/CD and DevOps include: - Observing many environments for development, testing, and production - DevOps tool selection and integration. - Lack of backing from senior management. - Selecting appropriate DevOps metrics. - Team architectures that are siloed. - Lack of a defined governance framework for DevOps projects. - Manual deployment and testing. **Solutions: **The following are some solutions for Azure’s DevOps and CI/CD issues: **Security:**Throughout the software development lifecycle (SDLC), incorporate security. - To find vulnerabilities early, use tools like Microsoft Security Code Analysis. Additionally, handle credentials and secrets with Azure Key Vault. **Performance:**Put in place an automated testing mechanism to look for problems with performance.

The 2025 updates to Azure feeds are significant because they address common challenges such as latency, security, and data relevance, while introducing intelligent automation and better integration with AI-powered analytics. For developers and SMBs, this means faster access to up-to-date packages, improved reliability, and smarter insights into usage patterns. Why should you care? Because these updates directly impact your ability to scale applications efficiently, reduce downtime, and make data-driven decisions with business analytics solutions tailored for cloud environments. … ### 1. Enhanced feed caching and global distribution One of the biggest pain points for developers using Azure feeds has been latency caused by geographic distance from data centers. The 2025 update introduces enhanced feed caching mechanisms combined with a globally distributed content delivery network (CDN). This means: - Faster package retrieval times regardless of your location. - Reduced bandwidth consumption through intelligent caching. - Improved reliability during peak usage or network disruptions. For SMBs operating in multiple regions, this translates to consistent performance and less downtime, enabling smoother deployment cycles. ### 2. Integrated AI-driven feed recommendations Azure feeds updates 2025 bring AI-powered recommendations that analyze your project dependencies and suggest optimal package versions or alternative libraries. This feature leverages machine learning models trained on millions of usage patterns to: - Prevent compatibility issues by recommending stable versions. - Highlight security patches and deprecated packages proactively. - Suggest performance-optimized alternatives based on your workload. Developers benefit from reduced trial-and-error during dependency management, while SMBs gain from more secure and efficient software stacks. … **Leverage global caching:**If your team is distributed, ensure your feed configurations take advantage of the new caching and CDN capabilities. **Use analytics dashboards:**Monitor feed usage and performance metrics to identify bottlenecks or outdated dependencies. **Sync with GitHub packages:**If you’re using GitHub, set up synchronization to streamline package management across platforms. By implementing these steps, you can reduce technical debt, improve security, and accelerate development cycles using the latest Azure feeds updates 2025. … **Scalable tech tools:**With global caching and CDN support, Azure feeds can handle increased load without compromising speed, making them ideal for growing businesses. **Intelligent business tools:**AI-driven recommendations and vulnerability scanning provide actionable insights that reduce risk and optimize software stacks. **Business analytics solutions:**Enhanced integration with Azure DevOps and GitHub enables better tracking of package usage and performance, feeding into broader analytics platforms for strategic decision-making. These capabilities allow SMBs and developers to focus on building value rather than managing infrastructure, aligning with modern DevOps and cloud-native best practices.

### 1. Security Concerns Security is a top priority for any organization, especially when it comes to cloud-based solutions. Azure provides a wide range of security features, but developers must still follow best practices to ensure that their applications are secure. One common roadblock is the misconfiguration of security settings, which can leave the application vulnerable to attacks. To overcome this challenge, developers should implement Azure security best practices such as using Role-Based Access Control (RBAC) to manage access to resources, encrypting sensitive data at rest and in transit, and regularly monitoring for security vulnerabilities. ### 2. Performance Issues Another common roadblock in Azure development is performance issues. Slow response times and high latency can negatively impact the user experience and overall application performance. These issues can be caused by factors such as inefficient coding, improper resource allocation, or network bottlenecks. To address performance issues, developers should conduct thorough performance testing and optimization during the development phase. They can also use Azure monitoring and diagnostic tools to identify and resolve performance bottlenecks in real-time. ### 3. Scalability Challenges Scalability is a key advantage of cloud-based solutions like Azure, but it can also present challenges for developers. Ensuring that the application can scale seamlessly to accommodate increasing traffic and workload requires careful planning and implementation. Developers can overcome scalability challenges by designing applications with scalability in mind, using Azure services such as Azure App Service or Azure Functions for auto-scaling, and monitoring performance metrics to proactively adjust resources as needed. ### 4. Integration Complexity Integrating Azure services with existing systems and applications can be complex and time-consuming. Developers may face challenges in ensuring seamless communication between different components, handling data synchronization, and managing dependencies. To overcome integration challenges, developers should use Azure Integration Services such as Azure Logic Apps and Azure Service Bus to automate workflows and simplify integration tasks. They should also follow best practices for designing loosely coupled and modular architectures. ### 5. Cost Management Cost management is another common roadblock in Azure development, as cloud services can quickly become expensive if not properly monitored and optimized. Developers must ensure that they are using resources efficiently to avoid unnecessary costs. To address cost management challenges, developers should leverage Azure cost management tools to track and optimize spending, use Azure Advisor recommendations to identify cost-saving opportunities, and implement cost-saving strategies such as resizing virtual machines or utilizing reserved instances. … ### 1. Deployment Failures One of the most common roadblocks developers face when working with Azure is deployment failures. These failures can occur for a variety of reasons, such as a misconfiguration of resources or insufficient permissions. To overcome this challenge, it is important to thoroughly test your deployment process before going live. Utilize tools such as Azure DevOps to automate your deployment pipeline and catch any issues early on. … ### 1. Limited Knowledge of Azure Services One of the most common roadblocks developers face when starting with Azure development is limited knowledge of Azure services. With a wide range of services available in Azure, it can be overwhelming to know which services to use for specific tasks. To overcome this challenge, developers should invest time in learning about the different Azure services through online tutorials, courses, and documentation. Understanding the purpose and capabilities of each service will help developers make informed decisions when architecting their applications. … ### 3. Scalability and Performance Issues Scalability and performance are key considerations in Azure development, especially for applications that need to handle a large volume of traffic. Developers often face challenges in designing scalable and high-performance architectures that can meet the demands of their users. To address scalability and performance issues, developers should design their applications with scalability in mind from the beginning. They can leverage Azure services like Azure App Service, Azure Functions, and Azure Cosmos DB to build highly scalable and performant applications that can grow with their user base. … Have you checked your app settings in Azure? Sometimes a simple configuration change can make all the difference. <code> AzureFunctions:Worker:OutOfProcess:true </code> I had a similar issue with my Azure web app the other day. Turned out I was missing some required dependencies in my project. Make sure you've got all your packages installed correctly. <code> npm install azure-functions-core-tools -g </code> Ugh, I hate it when my Azure deployment takes forever. … Hey developers, I've been working with Azure for awhile now and let me tell you, it's not all smooth sailing. There are definitely some roadblocks that can trip you up if you're not careful. But fear not, because I'm here to share some tips on how to overcome those common challenges.<code> const azure = require('azure-sdk'); </code> One of the biggest hurdles I've come across is setting up proper authentication with Azure. It can be a real pain trying to figure out which credentials to use and how to securely store them. Any advice on that? <code> // authenticate with Azure const credentials = new azure.ApplicationTokenCredentials(clientId, domain, secret); </code> Another roadblock I've encountered is dealing with the sheer complexity of Azure services.

## Incremental and dynamic consent One of the biggest issues with v1, especially for multi-tenant applications, is that you must define every permission your app will ever need in advance. And the user must accept all of these required permissions. So for example, if your application offers an optional calendar integration to Office 365, … ## Only OpenID Connect and OAuth The v2 endpoint only supports the OpenID Connect and OAuth protocols, which are very commonly used by modern applications. It does not support all of the flows for OAuth which v1 supported yet though, like Device Profile and Resource Owner Password Credentials Grant. Those flows will be enabled later. SAML and WS-Federation are protocols used by primarily older applications and were supported in the v1 endpoint, but are not supported in v2 (not yet at least). … The main difference is that with ADAL you would use an `AuthenticationContext` to acquire tokens, whereas in MSAL you use `ConfidentialClientApplication` or `UserAgentApplication`/ `PublicClientApplication`, depending on if the application is running in a back-end or on the user's device. … ## Current limitations and problems In this part we will look at some limitations of the v2 endpoint as well as problems we have faced. **These limitations are going to be removed as time goes by though!** No official schedule exists for when those features will come. But they will be added. Perhaps the biggest limitation currently is the rather … Also, you **cannot build stand-alone Web APIs currently**. Only an app with the same application ID can request an access token for the API. So you cannot register an API and use it from another app currently. If you want to read about the full set of current limitations, you can check the documentation: Azure AD v2 endpoint limitations. The API for token caches in MSAL.NET is a little bit *funky*. Firstly, the `TokenCache` class is `sealed`, so you can't inherit from it as in ADAL. The only way of doing it properly is to instantiate a `TokenCache` and set a couple event handlers that will be called to load and persist cache data. Now this would not be such a bad thing, but the handler methods must return *void*. What this means is that we cannot use asynchronous APIs to load and persist data in token caches. In ASP.NET Core applications with enough requests coming in, this could actually lead to the application going down and requiring a server restart to recover. … So now we cannot take advantage of the asynchronous APIs available on the distributed cache, and we are blocking the thread until we get a response from the cache. This same issue exists in ADAL as well. It is also important to remember that **v1 applications are currently not compatible with the v2 endpoint**. … One problem that we run into some time ago, but did not run into anymore, was that consent was not being granted after logging in and consenting to the permissions. It took a while (like 15 seconds) for the consent to be done. This issue seems to have been fixed.

… has built-in in-memory token caching. By initializing this object once and reusing it for subsequent token requests (within the lifetime of your function’s warm instance), you allow MSAL to serve tokens from its cache if they are still valid. This significantly reduces calls to Azure AD, improving performance and reducing the likelihood of being throttled. **Automatic Token Renewal**: MSAL handles the logic for checking token expiry and acquiring a new token when needed before the old one expires.

Exceptions in MSAL.NET are intended for app developers to troubleshoot and not for displaying to end-users. Exception messages are not localized. MSAL throws `MsalClientException` for things that go wrong inside the library (e.g. bad configuration) and `MsalServiceException` for things that go wrong service side or in the broker (e.g. a secret expired). Client exceptions have an error code which you can use to handle the exception. The error codes are explained in the MsalError class. ### Common exceptions - User cancelled authentication (public client only) When calling `AcquireTokenInteractive`, a browser or the broker is invoked to handle user interaction. If the user closes this process or if they hit the browser back button, MSAL generates an `MsalClientException` with the error code `authentication_canceled` ( `MsalError.AuthenticationCanceledError`). On Android, this exception can also occur if a browser with tabs is not available. - HTTP errors ### HTTP Exceptions Developers are expected to implement their own retry policies when calling MSAL. MSAL makes HTTP calls to the AAD service, and occasional failures can occur, for example the network can go down or the server is overloaded. HTTP 5xx status code responses are retried once. MSAL does not rethrow HTTP exceptions as MsalException. See also Simple retry for errors with HTTP error codes 500-600 and Http 429 (Retry After) … #### MsalUiRequiredException The "Ui Required" is proposed as a specialization of `MsalServiceException` named `MsalUiRequiredException`. This means you have attempted to use a non-interactive method of acquiring a token (e.g. AcquireTokenSilent), but MSAL could not do it silently. this can be because: - you need to sign-in - you need to consent - you need to go through a multi-factor authentication experience. The remediation is to call `AcquireTokenInteractive` try { app.AcquireTokenXXX(scopes, account) .WithYYYY(...) .ExecuteAsync() } catch(MsalUiRequiredException ex) { app.AcquireTokenInteractive(scopes) .WithAccount(account) .WithClaims(ex.Claims) .ExcecuteAsync(); } ### Handling Claim challenge exceptions in MSAL.NET In some cases, when the Azure AD tenant admin has enabled conditional access policies, your application will need to handle claim challenge exceptions. This will appear as an `MsalServiceException` which `Claims` property won't be empty. For instance if the conditional access policy is to have a managed device (Intune) the error will be something like `AADSTS53000: Your device is required to be managed to access this resource` or something similar. To handle the claim challenge, you will need to use the .WithClaim() method of PublicClientApplicationBuilder class as shown above. ### Getting started with MSAL.NET - Home