Region Discovery Troubleshooting

Feature available from 4.18.0 as an experimental feature. To use this feature there is additional configuration required and is not available to use generally.

What is region discovery?

App developers using MSAL don’t need to be aware of the regional endpoints when running their app on Azure. The WithAzureRegion(bool autoDetectRegion) method provides a developer friendly approach to opt in to use reginal endpoints which will be auto detected by MSAL.

How to enable region discovery?

app = ConfidentialClientApplicationBuilder.Create(“client_id”)
.WithCertificate(certificate)
.WithExperimentalFeatures(true)
.WithAuthority(new Uri("https://login.microsoft.com/1234-5678”))
.Build();

var result = app.AcquireTokenForClient(scopes)
.WithAzureRegion(true).ExecuteAsync();

Note: To enable Auto detection of region WithExperimentalFeatures should be set to true. If it is not set, the following exception is thrown:

The API WithAzureRegion is marked as experimental and you should be mindful about using it in production. It may change without incrementing the major version of the library. Call .WithExperimentalFeatures() when creating the public / confidential client to bypass this. See https://aka.ms/msal-net-experimental-features for details.

Troubleshooting

In case you get the following exception:

MsalClientException: ErrorCode: region_discovery_failed
Microsoft.Identity.Client.MsalClientException: Region discovery for the instance failed. Region discovery can only be made if the service resides in Azure function or Azure VM.

The region can only be detected when the service is running either in Azure function where the region can be found in Environment variable. Or the service is running inside an Azure VM for which a call to Local IMDS is made to detect the region. The above exception comes when region could not be discovered from either way mentioned above.