From 0aab52524f4e8b14eb1baf5a6733995dbdc62824 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Tue, 2 Jun 2026 18:05:45 +0000
Subject: [PATCH 1/2] Initial plan


From 982adc0625548c8518a5aa0266c711cff451b138 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Tue, 2 Jun 2026 18:09:35 +0000
Subject: [PATCH 2/2] Fix KnownInstanceMetadataIsUpToDateAsync: add HTTP
 status-code guards for discovery endpoints

---
 .../InstanceDiscoveryIntegrationTests.cs      | 24 +++++++++++++++++++
 1 file changed, 24 insertions(+)

diff --git a/tests/Microsoft.Identity.Test.Integration.netcore/HeadlessTests/InstanceDiscoveryIntegrationTests.cs b/tests/Microsoft.Identity.Test.Integration.netcore/HeadlessTests/InstanceDiscoveryIntegrationTests.cs
index c26790d5cf..447dc377cb 100644
--- a/tests/Microsoft.Identity.Test.Integration.netcore/HeadlessTests/InstanceDiscoveryIntegrationTests.cs
+++ b/tests/Microsoft.Identity.Test.Integration.netcore/HeadlessTests/InstanceDiscoveryIntegrationTests.cs
@@ -136,12 +136,26 @@ public async Task KnownInstanceMetadataIsUpToDateAsync()
                     HttpMethod.Get,
                     validDiscoveryUri)).ConfigureAwait(false);
             string discoveryJson = await discoveryResponse.Content.ReadAsStringAsync().ConfigureAwait(false);
+            if (!discoveryResponse.IsSuccessStatusCode)
+            {
+                Assert.Fail(
+                    $"Public discovery endpoint returned {(int)discoveryResponse.StatusCode} " +
+                    $"{discoveryResponse.ReasonPhrase}. Body: {Truncate(discoveryJson)}");
+            }
 
             HttpResponseMessage ppeDiscoveryResponse = await httpClient.SendAsync(
                 new HttpRequestMessage(
                     HttpMethod.Get,
                     validPpeDiscoveryUri)).ConfigureAwait(false);
             string ppeDiscoveryJson = await ppeDiscoveryResponse.Content.ReadAsStringAsync().ConfigureAwait(false);
+            if (!ppeDiscoveryResponse.IsSuccessStatusCode)
+            {
+                Assert.Inconclusive(
+                    $"PPE discovery endpoint {validPpeDiscoveryUri} returned " +
+                    $"{(int)ppeDiscoveryResponse.StatusCode} {ppeDiscoveryResponse.ReasonPhrase}. " +
+                    $"This is typically an environmental issue (login.windows-ppe.net is restricted). " +
+                    $"Body: {Truncate(ppeDiscoveryJson)}");
+            }
 
             InstanceDiscoveryMetadataEntry[] actualMetadata = JsonHelper.DeserializeFromJson<InstanceDiscoveryResponse>(discoveryJson).Metadata;
             InstanceDiscoveryMetadataEntry[] actualPpeMetadata = JsonHelper.DeserializeFromJson<InstanceDiscoveryResponse>(ppeDiscoveryJson).Metadata;
@@ -177,6 +191,16 @@ public async Task KnownInstanceMetadataIsUpToDateAsync()
                 new InstanceDiscoveryMetadataEntryComparer());
         }
 
+        private static string Truncate(string s, int maxLength = 500)
+        {
+            if (string.IsNullOrEmpty(s))
+            {
+                return string.Empty;
+            }
+
+            return s.Length <= maxLength ? s : s.Substring(0, maxLength);
+        }
+
         private class InstanceDiscoveryMetadataEntryComparer : IEqualityComparer<InstanceDiscoveryMetadataEntry>
         {
             public bool Equals(InstanceDiscoveryMetadataEntry x, InstanceDiscoveryMetadataEntry y)