diff --git a/src/Microsoft.Identity.Web.TokenAcquisition/TokenAcquisition.cs b/src/Microsoft.Identity.Web.TokenAcquisition/TokenAcquisition.cs
index c812b6482..4febb5759 100644
--- a/src/Microsoft.Identity.Web.TokenAcquisition/TokenAcquisition.cs
+++ b/src/Microsoft.Identity.Web.TokenAcquisition/TokenAcquisition.cs
@@ -352,8 +352,18 @@ public Task<AuthenticationResult> GetAuthenticationResultForAppAsync(
 
             var builder = application
                    .AcquireTokenForClient(new[] { scope }.Except(_scopesRequestedByMsal))
-                   .WithSendX5C(mergedOptions.SendX5C)
-                   .WithTenantId(tenant);
+                   .WithSendX5C(mergedOptions.SendX5C);
+
+            // MSAL.net only allows .WithTenantId for AAD authorities. This makes sense as there should
+            // not be cross tenant operations with such an authority.
+            if (!mergedOptions.Instance.Contains(".ciamlogin.com"
+#if NETCOREAPP3_1_OR_GREATER
+                , StringComparison.OrdinalIgnoreCase
+#endif
+                ))
+            { 
+                   builder.WithTenantId(tenant);
+            }
 
             if (tokenAcquisitionOptions != null)
             {