We were using Jamf Connect with Azure/Entra for about a year without issue, it's only used on a small number of clients and I'm unsure how often the computers are actually used, but at the moment none permit authentication.

I've trimmed down the config to the barebones, and even recreated the app registration in Entra without any change.

Any user attempting to sign in sees Invalid Response Code 401 from https://login.microsoftonline.com and it gets no further.

The original working plist for jamf.connect.login included, the following, but has been well trimmed down to just app registration IDs and secrets without any change.

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>AllowNetworkSelection</key>
<true/>
<key>BackgroundImage</key>
<string>/usr/local/share/jc.jpg</string>
<key>CreateAdminUser</key>
<false/>
<key>CreateJamfConnectPassword</key>
<true/>
<key>DemobilizeUsers</key>
<true/>
<key>LoginWindowMessage</key>
<string>DU Welcome</string>
<key>Migrate</key>
<false/>
<key>OIDCAdminAttribute</key>
<string>roles</string>
<key>OIDCClientID</key>
<string>ABC</string>
<key>OIDCClientSecret</key>
<string>ABC</string>
<key>OIDCIgnoreCookies</key>
<true/>
<key>OIDCLocalAuthButton</key>
<string>CIS Login</string>
<key>OIDCNewPassword</key>
<false/>
<key>OIDCProvider</key>
<string>Azure</string>
<key>OIDCROPGID</key>
<string>ABC</string>
<key>OIDCRedirectURI</key>
<string>https://127.0.0.1/jamfconnect</string>
<key>OIDCTenant</key>
<string>XYZ</string>
<key>OIDCUsePassthroughAuth</key>
<true/>
<key>OIDCAdmin</key>
<array>
<string>Administrator</string>
</array>
</dict>
</plist>