diff --git a/.github/workflows/aot-check.yml b/.github/workflows/aot-check.yml
deleted file mode 100644
index ed77ce7ab..000000000
--- a/.github/workflows/aot-check.yml
+++ /dev/null
@@ -1,45 +0,0 @@
-name: "AOT Check"
-
-on:
-  push:
-    branches: [ "master", "rel/v2" ]
-  pull_request:
-    types:
-      - opened
-      - synchronize
-      - reopened
-      - ready_for_review
-    branches: [ "master", "rel/v2" ]
-
-env:
-  TargetNetNext: False
-
-jobs:
-  analyze:
-    runs-on: windows-latest
-    name: AOT check
-
-    steps:
-    - name: Checkout repository
-      uses: actions/checkout@v5
-      with:
-        fetch-depth: 1
-
-    - name: Setup .NET 9.0.x
-      uses: actions/setup-dotnet@v5
-      with:
-        dotnet-version: 9.0.x
-
-    - name: Setup .NET 10.0.x
-      uses: actions/setup-dotnet@v5
-      with:
-        dotnet-version: 10.0.x
-
-    - name: Runs AOT check with .NET 9.0
-      id: aot-powershell-net9
-      run: build\test-aot.ps1 'net9.0'
-
-    - name: Runs AOT check with .NET 10.0
-      id: aot-powershell-net10
-      run: build\test-aot.ps1 'net10.0'
-
diff --git a/Microsoft.Identity.Web.sln b/Microsoft.Identity.Web.sln
index 9c1a3f604..8e68b4d1e 100644
--- a/Microsoft.Identity.Web.sln
+++ b/Microsoft.Identity.Web.sln
@@ -1,7 +1,7 @@
 
 Microsoft Visual Studio Solution File, Format Version 12.00
 # Visual Studio Version 18
-VisualStudioVersion = 18.0.11217.181 d18.0
+VisualStudioVersion = 18.0.11217.181
 MinimumVisualStudioVersion = 10.0.40219.1
 Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "src", "src", "{1DDE1AAC-5AE6-4725-94B6-A26C58D3423F}"
 EndProject
@@ -181,6 +181,30 @@ Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "MtlsPopClient", "tests\DevA
 EndProject
 Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "MtlsPopWebApi", "tests\DevApps\MtlsPop\MtlsPopWebApi\MtlsPopWebApi.csproj", "{A61CEEDE-6F2C-0710-E008-B5F6F25D87D7}"
 EndProject
+Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "build", "build", "{FF3B93A1-B8A4-4120-AF3D-7B5C43C0735C}"
+	ProjectSection(SolutionItems) = preProject
+		build\build.md = build\build.md
+		build\CodeCoverage.runsettings = build\CodeCoverage.runsettings
+		build\credscan-exclusion.json = build\credscan-exclusion.json
+		build\GenerateDocFx.ps1 = build\GenerateDocFx.ps1
+		build\Microsoft.Identity.Web-Source-Assemblies.dgml = build\Microsoft.Identity.Web-Source-Assemblies.dgml
+		build\MSAL.snk = build\MSAL.snk
+		build\pipeline-releasebuild.yaml = build\pipeline-releasebuild.yaml
+		build\policheck_exclusions.xml = build\policheck_exclusions.xml
+		build\policheck_filetypes.xml = build\policheck_filetypes.xml
+		build\release-provisioning-tool.yml = build\release-provisioning-tool.yml
+		build\template-install-dependencies.yaml = build\template-install-dependencies.yaml
+		build\template-onebranch-release-build.yaml = build\template-onebranch-release-build.yaml
+		build\template-pack-and-sign-all-nugets.yaml = build\template-pack-and-sign-all-nugets.yaml
+		build\template-pack-nuget.yaml = build\template-pack-nuget.yaml
+		build\template-postbuild-code-analysis.yaml = build\template-postbuild-code-analysis.yaml
+		build\template-prebuild-code-analysis.yaml = build\template-prebuild-code-analysis.yaml
+		build\template-publish-and-cleanup.yaml = build\template-publish-and-cleanup.yaml
+		build\template-restore-build-MSIdentityWeb.yaml = build\template-restore-build-MSIdentityWeb.yaml
+		build\template-run-unit-tests.yaml = build\template-run-unit-tests.yaml
+		build\tsaConfig.json = build\tsaConfig.json
+	EndProjectSection
+EndProject
 Global
 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
 		Debug|Any CPU = Debug|Any CPU
diff --git a/build/test-aot.ps1 b/build/test-aot.ps1
deleted file mode 100644
index 95f3c8d32..000000000
--- a/build/test-aot.ps1
+++ /dev/null
@@ -1,57 +0,0 @@
-param([string]$targetNetFramework)
-
-$projectName='Microsoft.Identity.Web.AotCompatibility.TestApp'
-$rootDirectory = Split-Path $PSScriptRoot -Parent
-
-# Add TargetNetNext parameter if targeting .NET 10
-$additionalParams = ""
-if ($targetNetFramework -eq "net10.0") {
-    $additionalParams = "/p:TargetNetNext=True"
-}
-
-$publishOutput = dotnet publish $rootDirectory/tests/$projectName/$projectName.csproj --framework $targetNetFramework -nodeReuse:false /p:UseSharedCompilation=false $additionalParams
-
-$actualWarningCount = 0
-
-foreach ($line in $($publishOutput -split "`r`n"))
-{
-    if (($line -like "*analysis warning IL*") -or ($line -like "*analysis error IL*"))
-    {
-        Write-Host $line
-        $actualWarningCount += 1
-    }
-}
-
-Write-Host "Actual warning count is: ", $actualWarningCount
-$expectedWarningCount = 52
-
-if ($LastExitCode -ne 0)
-{
-    Write-Host "There was an error while publishing AotCompatibility Test App. LastExitCode is:", $LastExitCode
-    Write-Host $publishOutput
-}
-
-$runtime = if ($IsWindows) {  "win-x64" } elseif ($IsMacOS) { "macos-x64"} else {"linux-x64"}
-$app = if ($IsWindows ) {"./$projectName.exe" } else {"./$projectName" }
-
-Push-Location $rootDirectory/tests/$projectName/bin/Release/$targetNetFramework/$runtime
-
-Write-Host "Executing test App..."
-$app
-Write-Host "Finished executing test App"
-
-if ($LastExitCode -ne 0)
-{
-  Write-Host "There was an error while executing AotCompatibility Test App. LastExitCode is:", $LastExitCode
-}
-
-Pop-Location
-
-$testPassed = 0
-if ($expectedWarningCount -ne $actualWarningCount)
-{
-    $testPassed = 1
-    Write-Host "Actual warning count:", $actualWarningCount, "is not as expected. Expected warning count is:", $expectedWarningCount
-}
-
-Exit $testPassed
diff --git a/src/Microsoft.Identity.Web.Azure/Microsoft.Identity.Web.Azure.csproj b/src/Microsoft.Identity.Web.Azure/Microsoft.Identity.Web.Azure.csproj
index 2b68c2a06..697258a9e 100644
--- a/src/Microsoft.Identity.Web.Azure/Microsoft.Identity.Web.Azure.csproj
+++ b/src/Microsoft.Identity.Web.Azure/Microsoft.Identity.Web.Azure.csproj
@@ -2,6 +2,7 @@
   <PropertyGroup>
     <Title>Microsoft Identity Web.Azure</Title>
     <Product>Microsoft Identity Web.Azure</Product>
+    <IsAotCompatible Condition="$([MSBuild]::IsTargetFrameworkCompatible('$(TargetFramework)', 'net8.0'))">true</IsAotCompatible>
     <Description>
       This package enables ASP.NET Core web apps and web APIs to use the Azure SDKs with the Microsoft identity platform (formerly Azure AD v2.0)
     </Description>
diff --git a/src/Microsoft.Identity.Web.Certificate/Microsoft.Identity.Web.Certificate.csproj b/src/Microsoft.Identity.Web.Certificate/Microsoft.Identity.Web.Certificate.csproj
index a94798335..7e06581fb 100644
--- a/src/Microsoft.Identity.Web.Certificate/Microsoft.Identity.Web.Certificate.csproj
+++ b/src/Microsoft.Identity.Web.Certificate/Microsoft.Identity.Web.Certificate.csproj
@@ -5,6 +5,7 @@
     <Description>This package brings certificate management for MSAL.NET.</Description>
     <ProjectGuid>{1E0B96CD-FDBF-482C-996A-775F691D984E}</ProjectGuid>
     <PackageReadmeFile>README.md</PackageReadmeFile>
+    <IsAotCompatible Condition="$([MSBuild]::IsTargetFrameworkCompatible('$(TargetFramework)', 'net8.0'))">true</IsAotCompatible>
   </PropertyGroup>
   <ItemGroup>
     <None Include="..\..\README.md">
diff --git a/src/Microsoft.Identity.Web.Diagnostics/Microsoft.Identity.Web.Diagnostics.csproj b/src/Microsoft.Identity.Web.Diagnostics/Microsoft.Identity.Web.Diagnostics.csproj
index 558ff39c4..7e955852d 100644
--- a/src/Microsoft.Identity.Web.Diagnostics/Microsoft.Identity.Web.Diagnostics.csproj
+++ b/src/Microsoft.Identity.Web.Diagnostics/Microsoft.Identity.Web.Diagnostics.csproj
@@ -4,6 +4,7 @@
     <ImplicitUsings>disable</ImplicitUsings>
     <Nullable>enable</Nullable>
     <PackageReadmeFile>README.md</PackageReadmeFile>
+    <IsAotCompatible Condition="$([MSBuild]::IsTargetFrameworkCompatible('$(TargetFramework)', 'net8.0'))">true</IsAotCompatible>
   </PropertyGroup>
 
   <ItemGroup>
diff --git a/src/Microsoft.Identity.Web.DownstreamApi/DownstreamApi.cs b/src/Microsoft.Identity.Web.DownstreamApi/DownstreamApi.cs
index 8ec8d51c2..75ef5a4b3 100644
--- a/src/Microsoft.Identity.Web.DownstreamApi/DownstreamApi.cs
+++ b/src/Microsoft.Identity.Web.DownstreamApi/DownstreamApi.cs
@@ -134,10 +134,8 @@ public Task<HttpResponseMessage> CallApiForAppAsync(
         }
 
         /// <inheritdoc/>
-#if NET8_0_OR_GREATER
         [RequiresUnreferencedCode("Calls JsonSerializer.Serialize<TInput>")]
         [RequiresDynamicCode("Calls JsonSerializer.Serialize<TInput>")]
-#endif
         public async Task<TOutput?> CallApiForUserAsync<TInput, TOutput>(
             string? serviceName,
             TInput input,
@@ -161,10 +159,8 @@ public Task<HttpResponseMessage> CallApiForAppAsync(
         }
 
         /// <inheritdoc/>
-#if NET8_0_OR_GREATER
         [RequiresUnreferencedCode("Calls JsonSerializer.Serialize<TInput>")]
         [RequiresDynamicCode("Calls JsonSerializer.Serialize<TInput>")]
-#endif
         [MethodImpl(MethodImplOptions.AggressiveInlining)]
         public async Task<TOutput?> CallApiForAppAsync<TInput, TOutput>(
             string? serviceName,
@@ -187,10 +183,8 @@ public Task<HttpResponseMessage> CallApiForAppAsync(
         }
 
         /// <inheritdoc/>
-#if NET8_0_OR_GREATER
         [RequiresUnreferencedCode("Calls JsonSerializer.Serialize<TInput>")]
         [RequiresDynamicCode("Calls JsonSerializer.Serialize<TInput>")]
-#endif
         [MethodImpl(MethodImplOptions.AggressiveInlining)]
         public async Task<TOutput?> CallApiForAppAsync<TOutput>(string serviceName,
             Action<DownstreamApiOptions>? downstreamApiOptionsOverride = null,
@@ -204,10 +198,8 @@ public Task<HttpResponseMessage> CallApiForAppAsync(
         }
 
         /// <inheritdoc/>
-#if NET8_0_OR_GREATER
         [RequiresUnreferencedCode("Calls JsonSerializer.Serialize<TInput>")]
         [RequiresDynamicCode("Calls JsonSerializer.Serialize<TInput>")]
-#endif
         public async Task<TOutput?> CallApiForUserAsync<TOutput>(
             string? serviceName,
             Action<DownstreamApiOptions>? downstreamApiOptionsOverride = null,
@@ -389,10 +381,8 @@ public Task<HttpResponseMessage> CallApiForAppAsync(
             return clonedOptions;
         }
 
-#if NET7_0_OR_GREATER
         [RequiresUnreferencedCode("Calls JsonSerializer.Serialize<TInput>")]
         [RequiresDynamicCode("Calls JsonSerializer.Serialize<TInput>")]
-#endif
         internal static HttpContent? SerializeInput<TInput>(TInput input, DownstreamApiOptions effectiveOptions)
         {
             HttpContent? httpContent;
@@ -424,10 +414,8 @@ public Task<HttpResponseMessage> CallApiForAppAsync(
             return httpContent;
         }
 
-#if NET7_0_OR_GREATER
         [RequiresUnreferencedCode("Calls JsonSerializer.Serialize<TInput>")]
         [RequiresDynamicCode("Calls JsonSerializer.Serialize<TInput>")]
-#endif
         internal static async Task<TOutput?> DeserializeOutputAsync<TOutput>(HttpResponseMessage response, DownstreamApiOptions effectiveOptions, CancellationToken cancellationToken = default)
              where TOutput : class
         {
diff --git a/src/Microsoft.Identity.Web.DownstreamApi/Microsoft.Identity.Web.DownstreamApi.csproj b/src/Microsoft.Identity.Web.DownstreamApi/Microsoft.Identity.Web.DownstreamApi.csproj
index 171f99ba5..cebd4a2f8 100644
--- a/src/Microsoft.Identity.Web.DownstreamApi/Microsoft.Identity.Web.DownstreamApi.csproj
+++ b/src/Microsoft.Identity.Web.DownstreamApi/Microsoft.Identity.Web.DownstreamApi.csproj
@@ -10,6 +10,10 @@
     <EnableConfigurationBindingGenerator>true</EnableConfigurationBindingGenerator>
   <IsAotCompatible>true</IsAotCompatible>
 </PropertyGroup>
+  <!-- Include AOT attribute polyfills for older TFMs -->
+  <ItemGroup Condition="'$(TargetFramework)' == 'net462' or '$(TargetFramework)' == 'net472' or '$(TargetFramework)' == 'netstandard2.0'">
+    <Compile Include="..\Shared\CodeAnalysisAttributes.cs" Link="Polyfills\CodeAnalysisAttributes.cs" />
+  </ItemGroup>
   <ItemGroup>
     <None Include="..\..\README.md">
       <Pack>True</Pack>
diff --git a/src/Microsoft.Identity.Web.GraphServiceClient/GraphServiceCollectionExtensions.cs b/src/Microsoft.Identity.Web.GraphServiceClient/GraphServiceCollectionExtensions.cs
index eb22c3149..5a0da88a1 100644
--- a/src/Microsoft.Identity.Web.GraphServiceClient/GraphServiceCollectionExtensions.cs
+++ b/src/Microsoft.Identity.Web.GraphServiceClient/GraphServiceCollectionExtensions.cs
@@ -2,6 +2,7 @@
 // Licensed under the MIT License.
 
 using System;
+using System.Diagnostics.CodeAnalysis;
 using System.Linq;
 using System.Net.Http;
 using Microsoft.Extensions.Configuration;
@@ -40,6 +41,8 @@ public static IServiceCollection AddMicrosoftGraph(this IServiceCollection servi
         /// <param name="services">Builder.</param>
         /// <param name="configurationSection">Configuration section containing the Microsoft graph config.</param>
         /// <returns>The service collection to chain.</returns>
+        [RequiresUnreferencedCode("Calls Microsoft.Extensions.Configuration.ConfigurationBinder.Bind(IConfiguration, Object).")]
+        [RequiresDynamicCode("Calls Microsoft.Extensions.Configuration.ConfigurationBinder.Bind(IConfiguration, Object).")]
         public static IServiceCollection AddMicrosoftGraph(this IServiceCollection services, IConfiguration configurationSection)
         {
             return services.AddMicrosoftGraph(o => configurationSection.Bind(o));
diff --git a/src/Microsoft.Identity.Web.GraphServiceClient/Microsoft.Identity.Web.GraphServiceClient.csproj b/src/Microsoft.Identity.Web.GraphServiceClient/Microsoft.Identity.Web.GraphServiceClient.csproj
index 596b233bd..3452a5881 100644
--- a/src/Microsoft.Identity.Web.GraphServiceClient/Microsoft.Identity.Web.GraphServiceClient.csproj
+++ b/src/Microsoft.Identity.Web.GraphServiceClient/Microsoft.Identity.Web.GraphServiceClient.csproj
@@ -1,5 +1,6 @@
 <Project Sdk="Microsoft.NET.Sdk">
   <PropertyGroup>
+    <IsAotCompatible Condition="$([MSBuild]::IsTargetFrameworkCompatible('$(TargetFramework)', 'net8.0'))">true</IsAotCompatible>
 
     <Title>Microsoft Identity Web, Microsoft Graph v5+ helper</Title>
     <Product>Microsoft Identity Web</Product>
diff --git a/src/Microsoft.Identity.Web.GraphServiceClient/MicrosoftGraphExtensions.cs b/src/Microsoft.Identity.Web.GraphServiceClient/MicrosoftGraphExtensions.cs
index 8ae7f2013..915c24249 100644
--- a/src/Microsoft.Identity.Web.GraphServiceClient/MicrosoftGraphExtensions.cs
+++ b/src/Microsoft.Identity.Web.GraphServiceClient/MicrosoftGraphExtensions.cs
@@ -26,9 +26,8 @@ public static class MicrosoftGraphExtensions
         /// <param name="builder">Builder.</param>
         /// <param name="configurationSection">Configuration section.</param>
         /// <returns>The builder to chain.</returns>
-#if NET6_0_OR_GREATER && !NET8_0_OR_GREATER
-        [RequiresUnreferencedCode("Microsoft.Extensions.Configuration.ConfigurationBinder.Bind(IConfiguration, Object).")]
-#endif
+        [RequiresUnreferencedCode("Calls Microsoft.Extensions.Configuration.ConfigurationBinder.Bind(IConfiguration, Object).")]
+        [RequiresDynamicCode("Calls Microsoft.Extensions.Configuration.ConfigurationBinder.Bind(IConfiguration, Object).")]
         public static MicrosoftIdentityAppCallsWebApiAuthenticationBuilder AddMicrosoftGraph(
             this MicrosoftIdentityAppCallsWebApiAuthenticationBuilder builder,
             IConfigurationSection configurationSection)
diff --git a/src/Microsoft.Identity.Web.GraphServiceClientBeta/GraphBetaServiceCollectionExtensions.cs b/src/Microsoft.Identity.Web.GraphServiceClientBeta/GraphBetaServiceCollectionExtensions.cs
index 0a5abcdbd..11f70a65f 100644
--- a/src/Microsoft.Identity.Web.GraphServiceClientBeta/GraphBetaServiceCollectionExtensions.cs
+++ b/src/Microsoft.Identity.Web.GraphServiceClientBeta/GraphBetaServiceCollectionExtensions.cs
@@ -2,6 +2,7 @@
 // Licensed under the MIT License.
 
 using System;
+using System.Diagnostics.CodeAnalysis;
 using System.Linq;
 using System.Net.Http;
 using Microsoft.Extensions.Configuration;
@@ -40,6 +41,8 @@ public static IServiceCollection AddMicrosoftGraphBeta(this IServiceCollection s
         /// <param name="services">Builder.</param>
         /// <param name="configurationSection">Configuration section containing the Microsoft graph config.</param>
         /// <returns>The service collection to chain.</returns>
+        [RequiresUnreferencedCode("Calls Microsoft.Extensions.Configuration.ConfigurationBinder.Bind(IConfiguration, Object).")]
+        [RequiresDynamicCode("Calls Microsoft.Extensions.Configuration.ConfigurationBinder.Bind(IConfiguration, Object).")]
         public static IServiceCollection AddMicrosoftGraphBeta(this IServiceCollection services, IConfiguration configurationSection)
         {
             return services.AddMicrosoftGraphBeta(o => configurationSection.Bind(o));
diff --git a/src/Microsoft.Identity.Web.GraphServiceClientBeta/Microsoft.Identity.Web.GraphServiceClientBeta.csproj b/src/Microsoft.Identity.Web.GraphServiceClientBeta/Microsoft.Identity.Web.GraphServiceClientBeta.csproj
index 5dd4c9890..bd398e82c 100644
--- a/src/Microsoft.Identity.Web.GraphServiceClientBeta/Microsoft.Identity.Web.GraphServiceClientBeta.csproj
+++ b/src/Microsoft.Identity.Web.GraphServiceClientBeta/Microsoft.Identity.Web.GraphServiceClientBeta.csproj
@@ -1,5 +1,6 @@
 <Project Sdk="Microsoft.NET.Sdk">
   <PropertyGroup>
+    <IsAotCompatible Condition="$([MSBuild]::IsTargetFrameworkCompatible('$(TargetFramework)', 'net8.0'))">true</IsAotCompatible>
 
     <Title>Microsoft Identity Web, Microsoft Graph v5+ helper</Title>
     <Product>Microsoft Identity Web</Product>
diff --git a/src/Microsoft.Identity.Web.Sidecar/Program.cs b/src/Microsoft.Identity.Web.Sidecar/Program.cs
index c230e5584..2fec2e85e 100644
--- a/src/Microsoft.Identity.Web.Sidecar/Program.cs
+++ b/src/Microsoft.Identity.Web.Sidecar/Program.cs
@@ -1,6 +1,7 @@
 // Copyright (c) Microsoft Corporation. All rights reserved.
 // Licensed under the MIT License.
 
+using System.Diagnostics.CodeAnalysis;
 using System.IdentityModel.Tokens.Jwt;
 using System.Security.Cryptography.X509Certificates;
 using Microsoft.AspNetCore.Authentication.JwtBearer;
@@ -12,6 +13,10 @@ namespace Microsoft.Identity.Web.Sidecar;
 
 public class Program
 {
+
+    // Adding these the time to merge Andy's PR. Then will do the work to remove reflexion usage
+    [RequiresUnreferencedCode("EnableTokenAcquisitionToCallDownstreamApis uses reflection")]
+    [RequiresDynamicCode("EnableTokenAcquisitionToCallDownstreamApis uses reflection")]
     public static void Main(string[] args)
     {
         var builder = WebApplication.CreateSlimBuilder(args);
diff --git a/src/Microsoft.Identity.Web.TokenAcquisition/AspNetCore/ApplicationBuilderExtensions.cs b/src/Microsoft.Identity.Web.TokenAcquisition/AspNetCore/ApplicationBuilderExtensions.cs
index bc6cf6145..a52054cc2 100644
--- a/src/Microsoft.Identity.Web.TokenAcquisition/AspNetCore/ApplicationBuilderExtensions.cs
+++ b/src/Microsoft.Identity.Web.TokenAcquisition/AspNetCore/ApplicationBuilderExtensions.cs
@@ -10,9 +10,8 @@ namespace Microsoft.Identity.Web
     /// Extension class on IApplicationBuilder to initialize the service provider of
     /// the TokenAcquirerFactory in ASP.NET Core.
     /// </summary>
-#if NET6_0_OR_GREATER
     [RequiresUnreferencedCode("Microsoft.Identity.Web.TokenAcquirerFactory.GetDefaultInstance(String).")]
-#endif
+    [RequiresDynamicCode("Microsoft.Identity.Web.TokenAcquirerFactory.GetDefaultInstance(String).")]
     public static class ApplicationBuilderExtensions
     {
         /// <summary>
diff --git a/src/Microsoft.Identity.Web.TokenAcquisition/Microsoft.Identity.Web.TokenAcquisition.csproj b/src/Microsoft.Identity.Web.TokenAcquisition/Microsoft.Identity.Web.TokenAcquisition.csproj
index 94f899947..89eac7524 100644
--- a/src/Microsoft.Identity.Web.TokenAcquisition/Microsoft.Identity.Web.TokenAcquisition.csproj
+++ b/src/Microsoft.Identity.Web.TokenAcquisition/Microsoft.Identity.Web.TokenAcquisition.csproj
@@ -9,6 +9,10 @@
     <GeneratePackageOnBuild>True</GeneratePackageOnBuild>
   </PropertyGroup>
 
+  <PropertyGroup Condition="$([MSBuild]::IsTargetFrameworkCompatible('$(TargetFramework)', 'net8.0'))">
+    <IsAotCompatible>true</IsAotCompatible>
+  </PropertyGroup>
+
   <!-- Reactivate when https://github.com/AzureAD/microsoft-identity-abstractions-for-dotnet/pull/178 is fixed-->
   <!--<PropertyGroup Condition="$([MSBuild]::IsTargetFrameworkCompatible('$(TargetFramework)', 'net8.0'))">
     <EnableConfigurationBindingGenerator>true</EnableConfigurationBindingGenerator>
@@ -53,6 +57,8 @@
 
   <ItemGroup Condition="'$(TargetFrameworkIdentifier)' == '.NETFramework' Or '$(TargetFramework)' == 'netstandard2.0'">
     <Compile Remove="AspNetCore\*.cs" />
+    <!-- Include shared AOT polyfill for older TFMs -->
+    <Compile Include="..\Shared\CodeAnalysisAttributes.cs" Link="Polyfills\CodeAnalysisAttributes.cs" />
   </ItemGroup>
 
   <ItemGroup>
diff --git a/src/Microsoft.Identity.Web.TokenAcquisition/MicrosoftIdentityAppCallingWebApiAuthenticationBuilder.cs b/src/Microsoft.Identity.Web.TokenAcquisition/MicrosoftIdentityAppCallingWebApiAuthenticationBuilder.cs
index 92488959e..8939dfbcc 100644
--- a/src/Microsoft.Identity.Web.TokenAcquisition/MicrosoftIdentityAppCallingWebApiAuthenticationBuilder.cs
+++ b/src/Microsoft.Identity.Web.TokenAcquisition/MicrosoftIdentityAppCallingWebApiAuthenticationBuilder.cs
@@ -19,9 +19,8 @@ namespace Microsoft.Identity.Web
     /// </summary>
     public class MicrosoftIdentityAppCallsWebApiAuthenticationBuilder : MicrosoftIdentityBaseAuthenticationBuilder
     {
-#if NET6_0_OR_GREATER
-        [RequiresUnreferencedCode("Calls Microsoft.Identity.Web.MicrosoftIdentityBaseAuthenticationBuilder.MicrosoftIdentityBaseAuthenticationBuilder(IServiceCollection, IConfigurationSection)")]
-#endif
+        [RequiresUnreferencedCode("Calls Microsoft.Identity.Web.MicrosoftIdentityBaseAuthenticationBuilder.MicrosoftIdentityBaseAuthenticationBuilder(IServiceCollection, IConfigurationSection).")]
+        [RequiresDynamicCode("Calls Microsoft.Identity.Web.MicrosoftIdentityBaseAuthenticationBuilder.MicrosoftIdentityBaseAuthenticationBuilder(IServiceCollection, IConfigurationSection).")]
         internal MicrosoftIdentityAppCallsWebApiAuthenticationBuilder(
             IServiceCollection services,
             IConfigurationSection? configurationSection = null)
diff --git a/src/Microsoft.Identity.Web.TokenAcquisition/MicrosoftIdentityBaseAuthenticationBuilder.cs b/src/Microsoft.Identity.Web.TokenAcquisition/MicrosoftIdentityBaseAuthenticationBuilder.cs
index 306808905..0b5050cc4 100644
--- a/src/Microsoft.Identity.Web.TokenAcquisition/MicrosoftIdentityBaseAuthenticationBuilder.cs
+++ b/src/Microsoft.Identity.Web.TokenAcquisition/MicrosoftIdentityBaseAuthenticationBuilder.cs
@@ -23,9 +23,8 @@ public class MicrosoftIdentityBaseAuthenticationBuilder
         /// </summary>
         /// <param name="services">The services being configured.</param>
         /// <param name="configurationSection">Optional configuration section.</param>
-#if NET6_0_OR_GREATER && !NET8_0_OR_GREATER
         [RequiresUnreferencedCode("Calls Microsoft.Extensions.Configuration.ConfigurationBinder.Bind(IConfiguration, Object).")]
-#endif
+        [RequiresDynamicCode("Calls Microsoft.Extensions.Configuration.ConfigurationBinder.Bind(IConfiguration, Object).")]
         protected MicrosoftIdentityBaseAuthenticationBuilder(
             IServiceCollection services,
             IConfigurationSection? configurationSection = null)
@@ -38,6 +37,8 @@ protected MicrosoftIdentityBaseAuthenticationBuilder(
             IdentityModelEventSource.ShowPII = logOptions.EnablePiiLogging;
         }
 
+        [RequiresUnreferencedCode("Calls Microsoft.Extensions.Configuration.ConfigurationBinder.GetValue")]
+        [RequiresDynamicCode("Calls Microsoft.Extensions.Configuration.ConfigurationBinder.GetValue")]
         internal static void SetIdentityModelLogger(IServiceProvider serviceProvider)
         {
             if (serviceProvider != null)
diff --git a/src/Microsoft.Identity.Web.TokenAcquisition/MicrosoftIdentityHttpClientBuilderExtensions.cs b/src/Microsoft.Identity.Web.TokenAcquisition/MicrosoftIdentityHttpClientBuilderExtensions.cs
index 55fccad1b..65e29fb2e 100644
--- a/src/Microsoft.Identity.Web.TokenAcquisition/MicrosoftIdentityHttpClientBuilderExtensions.cs
+++ b/src/Microsoft.Identity.Web.TokenAcquisition/MicrosoftIdentityHttpClientBuilderExtensions.cs
@@ -2,6 +2,7 @@
 // Licensed under the MIT License.
 
 using System;
+using System.Diagnostics.CodeAnalysis;
 using Microsoft.Extensions.Configuration;
 using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Identity.Abstractions;
@@ -386,6 +387,8 @@ public static IHttpClientBuilder AddMicrosoftIdentityMessageHandler(
         /// }
         /// </code>
         /// </example>
+        [RequiresUnreferencedCode("Calls Microsoft.Extensions.Configuration.ConfigurationBinder.Bind(IConfiguration, Object).")]
+        [RequiresDynamicCode("Calls Microsoft.Extensions.Configuration.ConfigurationBinder.Bind(IConfiguration, Object).")]
         public static IHttpClientBuilder AddMicrosoftIdentityMessageHandler(
             this IHttpClientBuilder builder,
             IConfiguration configuration,
diff --git a/src/Microsoft.Identity.Web.TokenAcquisition/TokenAcquirerFactory.cs b/src/Microsoft.Identity.Web.TokenAcquisition/TokenAcquirerFactory.cs
index 3e476e7ed..a71230ad8 100644
--- a/src/Microsoft.Identity.Web.TokenAcquisition/TokenAcquirerFactory.cs
+++ b/src/Microsoft.Identity.Web.TokenAcquisition/TokenAcquirerFactory.cs
@@ -78,9 +78,8 @@ protected TokenAcquirerFactory()
         ///  [!code-csharp[ConvertType](~/../tests/DevApps/aspnet-mvc/OwinWebApp/App_Start/Startup.Auth.cs?highlight=22)]
         /// ]]></format>
         /// </example>
-#if NET6_0_OR_GREATER && !NET8_0_OR_GREATER
         [RequiresUnreferencedCode("Calls Microsoft.Extensions.Configuration.ConfigurationBinder.Bind(IConfiguration, Object).")]
-#endif
+        [RequiresDynamicCode("Calls Microsoft.Extensions.Configuration.ConfigurationBinder.Bind(IConfiguration, Object).")]
         static public T GetDefaultInstance<T>(string configSection="AzureAd") where T : TokenAcquirerFactory, new()
         {
             T instance;
@@ -121,9 +120,8 @@ protected TokenAcquirerFactory()
         ///  [!code-csharp[ConvertType](~/../tests/DevApps/daemon-app/daemon-console-calling-msgraph/Program.cs?highlight=5)]
         /// ]]></format>
         /// </example>
-#if NET6_0_OR_GREATER && !NET8_0_OR_GREATER
         [RequiresUnreferencedCode("Calls Microsoft.Extensions.Configuration.ConfigurationBinder.Bind(IConfiguration, Object).")]
-#endif
+        [RequiresDynamicCode("Calls Microsoft.Extensions.Configuration.ConfigurationBinder.Bind(IConfiguration, Object).")]
         static public TokenAcquirerFactory GetDefaultInstance(string configSection = "AzureAd")
         {
             TokenAcquirerFactory instance;
diff --git a/src/Microsoft.Identity.Web.TokenAcquisition/WebApiBuilders.cs b/src/Microsoft.Identity.Web.TokenAcquisition/WebApiBuilders.cs
index 152970ddc..c482a62f5 100644
--- a/src/Microsoft.Identity.Web.TokenAcquisition/WebApiBuilders.cs
+++ b/src/Microsoft.Identity.Web.TokenAcquisition/WebApiBuilders.cs
@@ -26,9 +26,8 @@ public static class WebApiBuilders
         /// <param name="services">The services being configured.</param>
         /// <param name="configuration">IConfigurationSection.</param>
         /// <returns>The authentication builder to chain.</returns>
-#if NET6_0_OR_GREATER && !NET8_0_OR_GREATER
-        [RequiresUnreferencedCode("Calls Bind, Configure with Unspecified Configuration and ServiceCollection.")]
-#endif
+        [RequiresUnreferencedCode("Calls Microsoft.Extensions.Configuration.ConfigurationBinder.Bind(IConfiguration, Object).")]
+        [RequiresDynamicCode("Calls Microsoft.Extensions.Configuration.ConfigurationBinder.Bind(IConfiguration, Object).")]
         public static MicrosoftIdentityAppCallsWebApiAuthenticationBuilder EnableTokenAcquisition(
             Action<ConfidentialClientApplicationOptions> configureConfidentialClientApplicationOptions,
             string authenticationScheme,
diff --git a/src/Microsoft.Identity.Web.TokenCache/Microsoft.Identity.Web.TokenCache.csproj b/src/Microsoft.Identity.Web.TokenCache/Microsoft.Identity.Web.TokenCache.csproj
index efb69b7de..20ede7cd4 100644
--- a/src/Microsoft.Identity.Web.TokenCache/Microsoft.Identity.Web.TokenCache.csproj
+++ b/src/Microsoft.Identity.Web.TokenCache/Microsoft.Identity.Web.TokenCache.csproj
@@ -7,6 +7,7 @@
     <ProjectGuid>{7885DFBB-0D20-4115-86E2-709C2E12253B}</ProjectGuid>
     <PackageReadmeFile>README.md</PackageReadmeFile>
     <NoWarn>$(NoWarn);NU1510</NoWarn>
+    <IsAotCompatible Condition="$([MSBuild]::IsTargetFrameworkCompatible('$(TargetFramework)', 'net8.0'))">true</IsAotCompatible>
   </PropertyGroup>
   <ItemGroup>
     <None Include="..\..\README.md">
diff --git a/src/Microsoft.Identity.Web/DownstreamWebApiSupport/DownstreamWebApi.cs b/src/Microsoft.Identity.Web/DownstreamWebApiSupport/DownstreamWebApi.cs
index faae19acf..f1c68c25d 100644
--- a/src/Microsoft.Identity.Web/DownstreamWebApiSupport/DownstreamWebApi.cs
+++ b/src/Microsoft.Identity.Web/DownstreamWebApiSupport/DownstreamWebApi.cs
@@ -108,9 +108,8 @@ public async Task<HttpResponseMessage> CallWebApiForUserAsync(
         }
 
         /// <inheritdoc/>
-#if NET6_0_OR_GREATER
         [RequiresUnreferencedCode("Calls System.Text.Json.JsonSerializer.Serialize<TValue>(TValue, JsonSerializerOptions).")]
-#endif
+        [RequiresDynamicCode("Calls System.Text.Json.JsonSerializer.Serialize<TValue>(TValue, JsonSerializerOptions).")]
         public async Task<TOutput?> CallWebApiForUserAsync<TInput, TOutput>(
             string serviceName,
             TInput input,
diff --git a/src/Microsoft.Identity.Web/DownstreamWebApiSupport/DownstreamWebApiExtensions.cs b/src/Microsoft.Identity.Web/DownstreamWebApiSupport/DownstreamWebApiExtensions.cs
index 3d21f4930..cc0244df0 100644
--- a/src/Microsoft.Identity.Web/DownstreamWebApiSupport/DownstreamWebApiExtensions.cs
+++ b/src/Microsoft.Identity.Web/DownstreamWebApiSupport/DownstreamWebApiExtensions.cs
@@ -25,9 +25,8 @@ public static class DownstreamWebApiExtensions
         [Obsolete("Use AddDownstreamApi in Microsoft.Identity.Abstractions, implemented in Microsoft.Identity.Web.DownstreamApi." +
         "See aka.ms/id-web-downstream-api-v2 for migration details.", false)]
         [EditorBrowsable(EditorBrowsableState.Never)]
-#if NET6_0_OR_GREATER && !NET8_0_OR_GREATER
         [RequiresUnreferencedCode("Calls Microsoft.Extensions.DependencyInjection.OptionsConfigurationServiceCollectionExtensions.Configure<TOutput>(IServiceCollection, String, IConfiguration).")]
-#endif
+        [RequiresDynamicCode("Calls Microsoft.Extensions.DependencyInjection.OptionsConfigurationServiceCollectionExtensions.Configure<TOutput>(IServiceCollection, String, IConfiguration).")]
         public static MicrosoftIdentityAppCallsWebApiAuthenticationBuilder AddDownstreamWebApi(
             this MicrosoftIdentityAppCallsWebApiAuthenticationBuilder builder,
             string serviceName,
diff --git a/src/Microsoft.Identity.Web/DownstreamWebApiSupport/DownstreamWebApiGenericExtensions.cs b/src/Microsoft.Identity.Web/DownstreamWebApiSupport/DownstreamWebApiGenericExtensions.cs
index 8f13285e9..2d263030e 100644
--- a/src/Microsoft.Identity.Web/DownstreamWebApiSupport/DownstreamWebApiGenericExtensions.cs
+++ b/src/Microsoft.Identity.Web/DownstreamWebApiSupport/DownstreamWebApiGenericExtensions.cs
@@ -38,9 +38,8 @@ public static class DownstreamWebApiGenericExtensions
         [Obsolete("Use IDownstreamApi.GetForUserAsync in Microsoft.Identity.Abstractions, implemented in Microsoft.Identity.Web.DownstreamApi." +
         "See aka.ms/id-web-downstream-api-v2 for migration details.", false)]
         [EditorBrowsable(EditorBrowsableState.Never)]
-#if NET6_0_OR_GREATER
         [RequiresUnreferencedCode("Calls Microsoft.Identity.Web.DownstreamWebApiGenericExtensions.ConvertToOutput<TOutput>(TInput).")]
-#endif
+        [RequiresDynamicCode("Calls Microsoft.Identity.Web.DownstreamWebApiGenericExtensions.ConvertToOutput<TOutput>(TInput).")]
         public static async Task<TOutput?> GetForUserAsync<TOutput>(
             this IDownstreamWebApi downstreamWebApi,
             string serviceName,
@@ -82,9 +81,8 @@ public static class DownstreamWebApiGenericExtensions
         [Obsolete("Use IDownstreamApi.GetForUserAsync in Microsoft.Identity.Abstractions, implemented in Microsoft.Identity.Web.DownstreamApi." +
         "See aka.ms/id-web-downstream-api-v2 for migration details.", false)]
         [EditorBrowsable(EditorBrowsableState.Never)]
-#if NET6_0_OR_GREATER
         [RequiresUnreferencedCode("Calls Microsoft.Identity.Web.DownstreamWebApiGenericExtensions.ConvertFromInput<TInput>(TInput).")]
-#endif
+        [RequiresDynamicCode("Calls Microsoft.Identity.Web.DownstreamWebApiGenericExtensions.ConvertFromInput<TInput>(TInput).")]
         public static async Task GetForUserAsync<TInput>(
             this IDownstreamWebApi downstreamWebApi,
             string serviceName,
@@ -129,9 +127,8 @@ await downstreamWebApi.CallWebApiForUserAsync(
         [Obsolete("Use IDownstreamApi.PostForUserAsync in Microsoft.Identity.Abstractions, implemented in Microsoft.Identity.Web.DownstreamApi." +
         "See aka.ms/id-web-downstream-api-v2 for migration details.", false)]
         [EditorBrowsable(EditorBrowsableState.Never)]
-#if NET6_0_OR_GREATER
         [RequiresUnreferencedCode("Calls Microsoft.Identity.Web.DownstreamWebApiGenericExtensions.ConvertToOutput<TOutput>(TInput).")]
-#endif
+        [RequiresDynamicCode("Calls Microsoft.Identity.Web.DownstreamWebApiGenericExtensions.ConvertToOutput<TOutput>(TInput).")]
         public static async Task<TOutput?> PostForUserAsync<TOutput, TInput>(
             this IDownstreamWebApi downstreamWebApi,
             string serviceName,
@@ -178,9 +175,8 @@ await downstreamWebApi.CallWebApiForUserAsync(
         [Obsolete("Use IDownstreamApi.PutForUserAsync in Microsoft.Identity.Abstractions, implemented in Microsoft.Identity.Web.DownstreamApi." +
         "See aka.ms/id-web-downstream-api-v2 for migration details.", false)]
         [EditorBrowsable(EditorBrowsableState.Never)]
-#if NET6_0_OR_GREATER
         [RequiresUnreferencedCode("Calls Microsoft.Identity.Web.DownstreamWebApiGenericExtensions.ConvertFromInput<TInput>(TInput).")]
-#endif
+        [RequiresDynamicCode("Calls Microsoft.Identity.Web.DownstreamWebApiGenericExtensions.ConvertFromInput<TInput>(TInput).")]
         public static async Task PutForUserAsync<TInput>(
             this IDownstreamWebApi downstreamWebApi,
             string serviceName,
@@ -226,9 +222,8 @@ await downstreamWebApi.CallWebApiForUserAsync(
         [Obsolete("Use IDownstreamApi.PutForUserAsync in Microsoft.Identity.Abstractions, implemented in Microsoft.Identity.Web.DownstreamApi." +
         "See aka.ms/id-web-downstream-api-v2 for migration details.", false)]
         [EditorBrowsable(EditorBrowsableState.Never)]
-#if NET6_0_OR_GREATER
         [RequiresUnreferencedCode("Calls Microsoft.Identity.Web.DownstreamWebApiGenericExtensions.ConvertToOutput<TOutput>(TInput).")]
-#endif
+        [RequiresDynamicCode("Calls Microsoft.Identity.Web.DownstreamWebApiGenericExtensions.ConvertToOutput<TOutput>(TInput).")]
         public static async Task<TOutput?> PutForUserAsync<TOutput, TInput>(
             this IDownstreamWebApi downstreamWebApi,
             string serviceName,
@@ -274,9 +269,8 @@ await downstreamWebApi.CallWebApiForUserAsync(
         [Obsolete("Use IDownstreamApi.CallWebApiForUserAsync in Microsoft.Identity.Abstractions, implemented in Microsoft.Identity.Web.DownstreamApi." +
         "See aka.ms/id-web-downstream-api-v2 for migration details.", false)]
         [EditorBrowsable(EditorBrowsableState.Never)]
-#if NET6_0_OR_GREATER
         [RequiresUnreferencedCode("Calls Microsoft.Identity.Web.DownstreamWebApiGenericExtensions.ConvertToOutput<TOutput>(TInput).")]
-#endif
+        [RequiresDynamicCode("Calls Microsoft.Identity.Web.DownstreamWebApiGenericExtensions.ConvertToOutput<TOutput>(TInput).")]
         public static async Task<TOutput?> CallWebApiForUserAsync<TOutput>(
             this IDownstreamWebApi downstreamWebApi,
             string serviceName,
@@ -296,17 +290,15 @@ await downstreamWebApi.CallWebApiForUserAsync(
             return await ConvertToOutputAsync<TOutput>(response).ConfigureAwait(false);
         }
 
-#if NET6_0_OR_GREATER
         [RequiresUnreferencedCode("Calls System.Text.Json.JsonSerializer.Serialize<TValue>(TValue, JsonSerializerOptions).")]
-#endif
+        [RequiresDynamicCode("Calls System.Text.Json.JsonSerializer.Serialize<TValue>(TValue, JsonSerializerOptions).")]
         private static StringContent ConvertFromInput<TInput>(TInput input)
         {
             return new StringContent(JsonSerializer.Serialize(input), Encoding.UTF8, "application/json");
         }
 
-#if NET6_0_OR_GREATER
         [RequiresUnreferencedCode("Calls System.Text.Json.JsonSerializer.Deserialize<TValue>(String, JsonSerializerOptions).")]
-#endif
+        [RequiresDynamicCode("Calls System.Text.Json.JsonSerializer.Deserialize<TValue>(String, JsonSerializerOptions).")]
         private static async Task<TOutput?> ConvertToOutputAsync<TOutput>(HttpResponseMessage response)
             where TOutput : class
         {
diff --git a/src/Microsoft.Identity.Web/DownstreamWebApiSupport/IDownstreamWebApi.cs b/src/Microsoft.Identity.Web/DownstreamWebApiSupport/IDownstreamWebApi.cs
index abcbe8de8..96baf27c2 100644
--- a/src/Microsoft.Identity.Web/DownstreamWebApiSupport/IDownstreamWebApi.cs
+++ b/src/Microsoft.Identity.Web/DownstreamWebApiSupport/IDownstreamWebApi.cs
@@ -119,9 +119,8 @@ Task<HttpResponseMessage> CallWebApiForUserAsync(
         /// }
         /// </code>
         /// </example>
-#if NET6_0_OR_GREATER
         [RequiresUnreferencedCode("Calls System.Text.Json.JsonSerializer.Serialize<TValue>(TValue, JsonSerializerOptions).")]
-#endif
+        [RequiresDynamicCode("Calls System.Text.Json.JsonSerializer.Serialize<TValue>(TValue, JsonSerializerOptions).")]
         public Task<TOutput?> CallWebApiForUserAsync<TInput, TOutput>(
             string serviceName,
             TInput input,
@@ -185,9 +184,8 @@ Task<HttpResponseMessage> CallWebApiForUserAsync(
         /// }
         /// </code>
         /// </example>
-#if NET6_0_OR_GREATER
         [RequiresUnreferencedCode("Calls System.Text.Json.JsonSerializer.Serialize<TValue>(TValue, JsonSerializerOptions).")]
-#endif
+        [RequiresDynamicCode("Calls System.Text.Json.JsonSerializer.Serialize<TValue>(TValue, JsonSerializerOptions).")]
         Task<TOutput?> CallWebApiForUserAsync<TInput, TOutput>(
             string serviceName,
             TInput input,
diff --git a/src/Microsoft.Identity.Web/DownstreamWebApiSupport/MicrosoftIdentityAuthenticationMessageHandlerHttpClientBuilderExtensions.cs b/src/Microsoft.Identity.Web/DownstreamWebApiSupport/MicrosoftIdentityAuthenticationMessageHandlerHttpClientBuilderExtensions.cs
index 94f3cb794..b821dccf0 100644
--- a/src/Microsoft.Identity.Web/DownstreamWebApiSupport/MicrosoftIdentityAuthenticationMessageHandlerHttpClientBuilderExtensions.cs
+++ b/src/Microsoft.Identity.Web/DownstreamWebApiSupport/MicrosoftIdentityAuthenticationMessageHandlerHttpClientBuilderExtensions.cs
@@ -22,9 +22,8 @@ public static class MicrosoftIdentityAuthenticationMessageHandlerHttpClientBuild
         /// <param name="serviceName">Name of the configuration for the service.</param>
         /// <param name="configuration">Configuration.</param>
         /// <returns>The builder for chaining.</returns>
-#if NET6_0_OR_GREATER && !NET8_0_OR_GREATER
         [RequiresUnreferencedCode("Calls Microsoft.Extensions.DependencyInjection.OptionsConfigurationServiceCollectionExtensions.Configure<TOutput>(IServiceCollection, String, IConfiguration).")]
-#endif
+        [RequiresDynamicCode("Calls Microsoft.Extensions.DependencyInjection.OptionsConfigurationServiceCollectionExtensions.Configure<TOutput>(IServiceCollection, String, IConfiguration).")]
         public static IHttpClientBuilder AddMicrosoftIdentityUserAuthenticationHandler(
             this IHttpClientBuilder builder,
             string serviceName,
@@ -65,9 +64,8 @@ public static IHttpClientBuilder AddMicrosoftIdentityUserAuthenticationHandler(
         /// <param name="serviceName">Name of the configuration for the service.</param>
         /// <param name="configuration">Configuration.</param>
         /// <returns>The builder for chaining.</returns>
-#if NET6_0_OR_GREATER && !NET8_0_OR_GREATER
         [RequiresUnreferencedCode("Calls Microsoft.Extensions.DependencyInjection.OptionsConfigurationServiceCollectionExtensions.Configure<TOutput>(IServiceCollection, String, IConfiguration).")]
-#endif
+        [RequiresDynamicCode("Calls Microsoft.Extensions.DependencyInjection.OptionsConfigurationServiceCollectionExtensions.Configure<TOutput>(IServiceCollection, String, IConfiguration).")]
         public static IHttpClientBuilder AddMicrosoftIdentityAppAuthenticationHandler(
             this IHttpClientBuilder builder,
             string serviceName,
diff --git a/src/Microsoft.Identity.Web/Microsoft.Identity.Web.csproj b/src/Microsoft.Identity.Web/Microsoft.Identity.Web.csproj
index 50fed045b..0777de23d 100644
--- a/src/Microsoft.Identity.Web/Microsoft.Identity.Web.csproj
+++ b/src/Microsoft.Identity.Web/Microsoft.Identity.Web.csproj
@@ -14,6 +14,10 @@
     <PackageReadmeFile>README.md</PackageReadmeFile>
   </PropertyGroup>
 
+  <PropertyGroup Condition="$([MSBuild]::IsTargetFrameworkCompatible('$(TargetFramework)', 'net8.0'))">
+    <IsAotCompatible>true</IsAotCompatible>
+  </PropertyGroup>
+
   <ItemGroup>
     <None Include="..\..\README.md">
       <Pack>True</Pack>
@@ -55,7 +59,7 @@
     <ProjectReference Include="..\Microsoft.Identity.Web.TokenAcquisition\Microsoft.Identity.Web.TokenAcquisition.csproj" />
     <ProjectReference Include="..\Microsoft.Identity.Web.TokenCache\Microsoft.Identity.Web.TokenCache.csproj" />
   </ItemGroup>
-  
+
   <ItemGroup>
     <AdditionalFiles Include="PublicAPI/$(TargetFramework)/PublicAPI.Shipped.txt" />
     <AdditionalFiles Include="PublicAPI/$(TargetFramework)/PublicAPI.Unshipped.txt" />
diff --git a/src/Microsoft.Identity.Web/Policy/RequiredScopeOrAppPermissionExtensions.cs b/src/Microsoft.Identity.Web/Policy/RequiredScopeOrAppPermissionExtensions.cs
index fc81ba553..fc8e8b278 100644
--- a/src/Microsoft.Identity.Web/Policy/RequiredScopeOrAppPermissionExtensions.cs
+++ b/src/Microsoft.Identity.Web/Policy/RequiredScopeOrAppPermissionExtensions.cs
@@ -1,6 +1,7 @@
 // Copyright (c) Microsoft Corporation. All rights reserved.
 // Licensed under the MIT License.
 
+using System.Diagnostics.CodeAnalysis;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Builder;
 using Microsoft.Extensions.DependencyInjection;
@@ -21,6 +22,8 @@ public static class RequiredScopeOrAppPermissionExtensions
         /// </summary>
         /// <param name="services">The services being configured.</param>
         /// <returns>Services.</returns>
+        [RequiresUnreferencedCode("Calls Microsoft.Extensions.Configuration.ConfigurationBinder.GetValue")]
+        [RequiresDynamicCode("Calls Microsoft.Extensions.Configuration.ConfigurationBinder.GetValue")]
         public static IServiceCollection AddRequiredScopeOrAppPermissionAuthorization(this IServiceCollection services)
         {
             services.AddAuthorization();
diff --git a/src/Microsoft.Identity.Web/Policy/ScopeOrAppPermissionAuthorizationHandler.cs b/src/Microsoft.Identity.Web/Policy/ScopeOrAppPermissionAuthorizationHandler.cs
index ae3dd9e64..82740ddff 100644
--- a/src/Microsoft.Identity.Web/Policy/ScopeOrAppPermissionAuthorizationHandler.cs
+++ b/src/Microsoft.Identity.Web/Policy/ScopeOrAppPermissionAuthorizationHandler.cs
@@ -18,6 +18,8 @@ namespace Microsoft.Identity.Web
     ///  Scope or app permission authorization handler that needs to be called for a specific requirement type.
     ///  In this case, <see cref="ScopeOrAppPermissionAuthorizationRequirement"/>.
     /// </summary>
+    [RequiresUnreferencedCode("Calls Microsoft.Extensions.Configuration.ConfigurationBinder.GetValue")]
+    [RequiresDynamicCode("Calls Microsoft.Extensions.Configuration.ConfigurationBinder.GetValue")]
     internal class ScopeOrAppPermissionAuthorizationHandler : AuthorizationHandler<ScopeOrAppPermissionAuthorizationRequirement>
     {
         private readonly IConfiguration _configuration;
@@ -102,7 +104,7 @@ protected override Task HandleRequirementAsync(
             {
                 return Task.CompletedTask;
             }
-            
+
             var hasScope = scopes != null && scopeClaims.SelectMany(s => s.Value.Split(' ')).Intersect(scopes).Any();
 
             var hasAppPermission = appPermissions != null && appPermissionClaims.SelectMany(s => s.Value.Split(' ')).Intersect(appPermissions).Any();
diff --git a/src/Microsoft.Identity.Web/Resource/OpenIdConnectMiddlewareDiagnostics.cs b/src/Microsoft.Identity.Web/Resource/OpenIdConnectMiddlewareDiagnostics.cs
index 5b1866849..bcbe461e8 100644
--- a/src/Microsoft.Identity.Web/Resource/OpenIdConnectMiddlewareDiagnostics.cs
+++ b/src/Microsoft.Identity.Web/Resource/OpenIdConnectMiddlewareDiagnostics.cs
@@ -2,6 +2,7 @@
 // Licensed under the MIT License.
 
 using System;
+using System.Diagnostics.CodeAnalysis;
 using System.Globalization;
 using System.Threading.Tasks;
 using Microsoft.AspNetCore.Authentication.OpenIdConnect;
@@ -137,7 +138,7 @@ private async Task OnRedirectToIdentityProviderAsync(RedirectContext context)
 
         private void DisplayProtocolMessage(OpenIdConnectMessage message)
         {
-            foreach (var property in message.GetType().GetProperties())
+            foreach (var property in typeof(OpenIdConnectMessage).GetProperties())
             {
                 object? value = property.GetValue(message);
                 if (value != null)
diff --git a/src/Microsoft.Identity.Web/TokenCacheProviders/Session/SessionTokenCacheProviderExtension.cs b/src/Microsoft.Identity.Web/TokenCacheProviders/Session/SessionTokenCacheProviderExtension.cs
index 2a2881255..645237b0c 100644
--- a/src/Microsoft.Identity.Web/TokenCacheProviders/Session/SessionTokenCacheProviderExtension.cs
+++ b/src/Microsoft.Identity.Web/TokenCacheProviders/Session/SessionTokenCacheProviderExtension.cs
@@ -2,6 +2,7 @@
 // Licensed under the MIT License.
 
 using System;
+using System.Diagnostics.CodeAnalysis;
 using Microsoft.AspNetCore.Http;
 using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Extensions.DependencyInjection.Extensions;
@@ -36,6 +37,8 @@ public static class SessionTokenCacheProviderExtension
         /// </remarks>
         /// <param name="services">The services collection to add to.</param>
         /// <returns>The service collection.</returns>
+        [RequiresUnreferencedCode("Session State middleware does not currently support trimming or native AOT. https://aka.ms/aspnet/trimming")]
+        [RequiresDynamicCode("Session State middleware does not currently support trimming or native AOT. https://aka.ms/aspnet/trimming")]
         public static IServiceCollection AddSessionAppTokenCache(this IServiceCollection services)
         {
             return CreateSessionTokenCache(services);
@@ -63,11 +66,15 @@ public static IServiceCollection AddSessionAppTokenCache(this IServiceCollection
         /// </remarks>
         /// <param name="services">The services collection to add to.</param>
         /// <returns>The service collection.</returns>
+        [RequiresUnreferencedCode("Session State middleware does not currently support trimming or native AOT. https://aka.ms/aspnet/trimming")]
+        [RequiresDynamicCode("Session State middleware does not currently support trimming or native AOT. https://aka.ms/aspnet/trimming")]
         public static IServiceCollection AddSessionPerUserTokenCache(this IServiceCollection services)
         {
             return CreateSessionTokenCache(services);
         }
 
+        [RequiresUnreferencedCode("Session State middleware does not currently support trimming or native AOT. https://aka.ms/aspnet/trimming")]
+        [RequiresDynamicCode("Session State middleware does not currently support trimming or native AOT. https://aka.ms/aspnet/trimming")]
         private static IServiceCollection CreateSessionTokenCache(IServiceCollection services)
         {
             _ = Throws.IfNull(services);
diff --git a/src/Microsoft.Identity.Web/WebApiExtensions/MicrosoftIdentityWebApiAuthenticationBuilder.cs b/src/Microsoft.Identity.Web/WebApiExtensions/MicrosoftIdentityWebApiAuthenticationBuilder.cs
index 37a2cd710..b321d7424 100644
--- a/src/Microsoft.Identity.Web/WebApiExtensions/MicrosoftIdentityWebApiAuthenticationBuilder.cs
+++ b/src/Microsoft.Identity.Web/WebApiExtensions/MicrosoftIdentityWebApiAuthenticationBuilder.cs
@@ -28,9 +28,8 @@ public class MicrosoftIdentityWebApiAuthenticationBuilder : MicrosoftIdentityBas
         /// the <see cref="MicrosoftIdentityOptions"/>Microsoft identity options.</param>
         /// <param name="configurationSection">Configuration section from which to
         /// get parameters.</param>
-#if NET6_0_OR_GREATER && !NET8_0_OR_GREATER
         [RequiresUnreferencedCode("Calls Microsoft.Identity.Web.MicrosoftIdentityBaseAuthenticationBuilder.MicrosoftIdentityBaseAuthenticationBuilder(IServiceCollection, IConfigurationSection).")]
-#endif
+        [RequiresDynamicCode("Calls Microsoft.Identity.Web.MicrosoftIdentityBaseAuthenticationBuilder.MicrosoftIdentityBaseAuthenticationBuilder(IServiceCollection, IConfigurationSection).")]
         internal MicrosoftIdentityWebApiAuthenticationBuilder(
             IServiceCollection services,
             string jwtBearerAuthenticationScheme,
@@ -53,9 +52,8 @@ internal MicrosoftIdentityWebApiAuthenticationBuilder(
         /// </summary>
         /// <param name="configureConfidentialClientApplicationOptions">The action to configure <see cref="ConfidentialClientApplicationOptions"/>.</param>
         /// <returns>The authentication builder to chain.</returns>
-#if NET6_0_OR_GREATER && !NET8_0_OR_GREATER
         [RequiresUnreferencedCode("Calls Microsoft.Identity.Web.Internal.WebApiBuilders.EnableTokenAcquisition(IServiceCollection, string, Action<ConfidentialClientApplicationOptions>, IConfigurationSection).")]
-#endif
+        [RequiresDynamicCode("Calls Microsoft.Identity.Web.Internal.WebApiBuilders.EnableTokenAcquisition(IServiceCollection, string, Action<ConfidentialClientApplicationOptions>, IConfigurationSection).")]
         public MicrosoftIdentityAppCallsWebApiAuthenticationBuilder EnableTokenAcquisitionToCallDownstreamApi(
             Action<ConfidentialClientApplicationOptions> configureConfidentialClientApplicationOptions)
         {
@@ -72,9 +70,8 @@ public MicrosoftIdentityAppCallsWebApiAuthenticationBuilder EnableTokenAcquisiti
                 ConfigurationSection);
         }
 
-#if NET6_0_OR_GREATER && !NET8_0_OR_GREATER
         [RequiresUnreferencedCode("Calls Microsoft.Identity.Web.Internal.WebApiBuilders.EnableTokenAcquisition(Action<ConfidentialClientApplicationOptions>, String, IServiceCollection, IConfigurationSection).")]
-#endif
+        [RequiresDynamicCode("Calls Microsoft.Identity.Web.Internal.WebApiBuilders.EnableTokenAcquisition(Action<ConfidentialClientApplicationOptions>, String, IServiceCollection, IConfigurationSection).")]
         internal static void CallsWebApiImplementation(
             IServiceCollection services,
             string jwtBearerAuthenticationScheme,
diff --git a/src/Microsoft.Identity.Web/WebApiExtensions/MicrosoftIdentityWebApiAuthenticationBuilderExtensions.cs b/src/Microsoft.Identity.Web/WebApiExtensions/MicrosoftIdentityWebApiAuthenticationBuilderExtensions.cs
index 2d7b92c00..a92b9dd90 100644
--- a/src/Microsoft.Identity.Web/WebApiExtensions/MicrosoftIdentityWebApiAuthenticationBuilderExtensions.cs
+++ b/src/Microsoft.Identity.Web/WebApiExtensions/MicrosoftIdentityWebApiAuthenticationBuilderExtensions.cs
@@ -37,9 +37,8 @@ public static class MicrosoftIdentityWebApiAuthenticationBuilderExtensions
         /// Set to true if you want to debug, or just understand the JWT bearer events.
         /// </param>
         /// <returns>The authentication builder to chain.</returns>
-#if NET6_0_OR_GREATER && !NET8_0_OR_GREATER
         [RequiresUnreferencedCode("Calls Microsoft.Identity.Web.MicrosoftIdentityWebApiAuthneticationBuilderExtensions.AddMicrosoftIdentityWebApi(AuthenticationBuilder, IConfigurationSection, string, bool).")]
-#endif
+        [RequiresDynamicCode("Calls Microsoft.Identity.Web.MicrosoftIdentityWebApiAuthneticationBuilderExtensions.AddMicrosoftIdentityWebApi(AuthenticationBuilder, IConfigurationSection, string, bool).")]
         public static MicrosoftIdentityWebApiAuthenticationBuilderWithConfiguration AddMicrosoftIdentityWebApi(
         this AuthenticationBuilder builder,
         IConfiguration configuration,
@@ -69,9 +68,8 @@ public static MicrosoftIdentityWebApiAuthenticationBuilderWithConfiguration AddM
         /// Set to true if you want to debug, or just understand the JWT bearer events.
         /// </param>
         /// <returns>The authentication builder to chain.</returns>
-#if NET6_0_OR_GREATER && !NET8_0_OR_GREATER
         [RequiresUnreferencedCode("Microsoft.Extensions.Configuration.ConfigurationBinder.Bind(IConfiguration, Object).")]
-#endif
+        [RequiresDynamicCode("Microsoft.Extensions.Configuration.ConfigurationBinder.Bind(IConfiguration, Object).")]
         public static MicrosoftIdentityWebApiAuthenticationBuilderWithConfiguration AddMicrosoftIdentityWebApi(
             this AuthenticationBuilder builder,
             IConfigurationSection configurationSection,
@@ -80,7 +78,7 @@ public static MicrosoftIdentityWebApiAuthenticationBuilderWithConfiguration AddM
         {
             _ = Throws.IfNull(configurationSection);
             _ = Throws.IfNull(builder);
-            
+
             AddMicrosoftIdentityWebApiImplementation(
                 builder,
                 options => configurationSection.Bind(options),
@@ -105,9 +103,8 @@ public static MicrosoftIdentityWebApiAuthenticationBuilderWithConfiguration AddM
         /// <param name="subscribeToJwtBearerMiddlewareDiagnosticsEvents">
         /// Set to true if you want to debug, or just understand the JWT bearer events.</param>
         /// <returns>The authentication builder to chain.</returns>
-#if NET6_0_OR_GREATER && !NET8_0_OR_GREATER
         [RequiresUnreferencedCode("Microsoft.Identity.Web.MicrosoftIdentityWebApiAuthenticationBuilder.MicrosoftIdentityWebApiAuthenticationBuilder(IServiceCollection, String, Action<JwtBearerOptions>, Action<MicrosoftIdentityOptions>, IConfigurationSection).")]
-#endif
+        [RequiresDynamicCode("Microsoft.Identity.Web.MicrosoftIdentityWebApiAuthenticationBuilder.MicrosoftIdentityWebApiAuthenticationBuilder(IServiceCollection, String, Action<JwtBearerOptions>, Action<MicrosoftIdentityOptions>, IConfigurationSection).")]
         public static MicrosoftIdentityWebApiAuthenticationBuilder AddMicrosoftIdentityWebApi(
             this AuthenticationBuilder builder,
             Action<JwtBearerOptions> configureJwtBearerOptions,
@@ -133,6 +130,8 @@ public static MicrosoftIdentityWebApiAuthenticationBuilder AddMicrosoftIdentityW
                 null);
         }
 
+        [RequiresUnreferencedCode("Calls Microsoft.Extensions.Configuration.ConfigurationBinder.GetValue")]
+        [RequiresDynamicCode("Calls Microsoft.Extensions.Configuration.ConfigurationBinder.GetValue")]
         private static void AddMicrosoftIdentityWebApiImplementation(
             AuthenticationBuilder builder,
             Action<JwtBearerOptions> configureJwtBearerOptions,
diff --git a/src/Microsoft.Identity.Web/WebApiExtensions/MicrosoftIdentityWebApiAuthenticationBuilderWithConfiguration.cs b/src/Microsoft.Identity.Web/WebApiExtensions/MicrosoftIdentityWebApiAuthenticationBuilderWithConfiguration.cs
index 1800bc844..8b7848e6c 100644
--- a/src/Microsoft.Identity.Web/WebApiExtensions/MicrosoftIdentityWebApiAuthenticationBuilderWithConfiguration.cs
+++ b/src/Microsoft.Identity.Web/WebApiExtensions/MicrosoftIdentityWebApiAuthenticationBuilderWithConfiguration.cs
@@ -12,9 +12,8 @@ namespace Microsoft.Identity.Web
     /// <summary>
     /// Builder for web API authentication with configuration.
     /// </summary>
-#if NET6_0_OR_GREATER && !NET8_0_OR_GREATER
     [RequiresUnreferencedCode("Microsoft.Identity.Web.MicrosoftIdentityWebApiAuthenticationBuilder.MicrosoftIdentityWebApiAuthenticationBuilder(IServiceCollection, String, Action<JwtBearerOptions>, Action<MicrosoftIdentityOptions>, IConfigurationSection).")]
-#endif
+    [RequiresDynamicCode("Microsoft.Identity.Web.MicrosoftIdentityWebApiAuthenticationBuilder.MicrosoftIdentityWebApiAuthenticationBuilder(IServiceCollection, String, Action<JwtBearerOptions>, Action<MicrosoftIdentityOptions>, IConfigurationSection).")]
     public class MicrosoftIdentityWebApiAuthenticationBuilderWithConfiguration : MicrosoftIdentityWebApiAuthenticationBuilder
     {
         internal MicrosoftIdentityWebApiAuthenticationBuilderWithConfiguration(
@@ -33,9 +32,8 @@ internal MicrosoftIdentityWebApiAuthenticationBuilderWithConfiguration(
         /// This method expects the configuration file will have a section, named "AzureAd" as default, with the necessary settings to initialize authentication options.
         /// </summary>
         /// <returns>The authentication builder to chain.</returns>
-#if NET6_0_OR_GREATER && !NET8_0_OR_GREATER
         [RequiresUnreferencedCode("Calls Microsoft.Extensions.Configuration.ConfigurationBinder.Bind(IConfiguration, Object).")]
-#endif
+        [RequiresDynamicCode("Calls Microsoft.Extensions.Configuration.ConfigurationBinder.Bind(IConfiguration, Object).")]
         public MicrosoftIdentityAppCallsWebApiAuthenticationBuilder EnableTokenAcquisitionToCallDownstreamApi()
         {
             return EnableTokenAcquisitionToCallDownstreamApi(options => ConfigurationSection?.Bind(options));
diff --git a/src/Microsoft.Identity.Web/WebApiExtensions/MicrosoftIdentityWebApiServiceCollectionExtensions.cs b/src/Microsoft.Identity.Web/WebApiExtensions/MicrosoftIdentityWebApiServiceCollectionExtensions.cs
index 02c59ba4f..e9b6d101b 100644
--- a/src/Microsoft.Identity.Web/WebApiExtensions/MicrosoftIdentityWebApiServiceCollectionExtensions.cs
+++ b/src/Microsoft.Identity.Web/WebApiExtensions/MicrosoftIdentityWebApiServiceCollectionExtensions.cs
@@ -25,9 +25,8 @@ public static partial class MicrosoftIdentityWebApiServiceCollectionExtensions
         /// <param name="subscribeToJwtBearerMiddlewareDiagnosticsEvents">
         /// Set to true if you want to debug, or just understand the JwtBearer events.</param>
         /// <returns>The authentication builder to chain extension methods.</returns>
-#if NET6_0_OR_GREATER && !NET8_0_OR_GREATER
         [RequiresUnreferencedCode("Microsoft.Identity.Web.MicrosoftIdentityWebApiAuthenticationBuilderExtensions.AddMicrosoftIdentityWebApi(AuthenticationBuilder, IConfiguration, String, String, Boolean).")]
-#endif
+        [RequiresDynamicCode("Microsoft.Identity.Web.MicrosoftIdentityWebApiAuthenticationBuilderExtensions.AddMicrosoftIdentityWebApi(AuthenticationBuilder, IConfiguration, String, String, Boolean).")]
         public static MicrosoftIdentityWebApiAuthenticationBuilderWithConfiguration AddMicrosoftIdentityWebApiAuthentication(
             this IServiceCollection services,
             IConfiguration configuration,
diff --git a/src/Microsoft.Identity.Web/WebAppExtensions/MicrosoftIdentityAppCallingWebApiAuthenticationBuilderExt.cs b/src/Microsoft.Identity.Web/WebAppExtensions/MicrosoftIdentityAppCallingWebApiAuthenticationBuilderExt.cs
index 79ec15d34..84401118b 100644
--- a/src/Microsoft.Identity.Web/WebAppExtensions/MicrosoftIdentityAppCallingWebApiAuthenticationBuilderExt.cs
+++ b/src/Microsoft.Identity.Web/WebAppExtensions/MicrosoftIdentityAppCallingWebApiAuthenticationBuilderExt.cs
@@ -2,6 +2,7 @@
 // Licensed under the MIT License.
 
 using System;
+using System.Diagnostics.CodeAnalysis;
 using System.Linq;
 using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.Http;
@@ -23,6 +24,8 @@ public static class MicrosoftIdentityAppCallsWebApiAuthenticationBuilderExtensio
         /// </summary>
         /// <param name="builder"></param>
         /// <returns>The service collection</returns>
+        [RequiresUnreferencedCode("Session State middleware does not currently support trimming or native AOT. https://aka.ms/aspnet/trimming")]
+        [RequiresDynamicCode("Session State middleware does not currently support trimming or native AOT. https://aka.ms/aspnet/trimming")]
         public static IServiceCollection AddSessionTokenCaches(this MicrosoftIdentityAppCallsWebApiAuthenticationBuilder builder)
         {
             _ = Throws.IfNull(builder);
diff --git a/src/Microsoft.Identity.Web/WebAppExtensions/MicrosoftIdentityWebAppAuthenticationBuilder.cs b/src/Microsoft.Identity.Web/WebAppExtensions/MicrosoftIdentityWebAppAuthenticationBuilder.cs
index dafd1d250..13844e7d5 100644
--- a/src/Microsoft.Identity.Web/WebAppExtensions/MicrosoftIdentityWebAppAuthenticationBuilder.cs
+++ b/src/Microsoft.Identity.Web/WebAppExtensions/MicrosoftIdentityWebAppAuthenticationBuilder.cs
@@ -32,9 +32,8 @@ public class MicrosoftIdentityWebAppAuthenticationBuilder : MicrosoftIdentityBas
         /// <param name="configureMicrosoftIdentityOptions">Action called to configure
         /// the <see cref="MicrosoftIdentityOptions"/>Microsoft identity options.</param>
         /// <param name="configurationSection">Optional configuration section.</param>
-#if NET6_0_OR_GREATER && !NET8_0_OR_GREATER
         [RequiresUnreferencedCode("Calls Microsoft.Identity.Web.MicrosoftIdentityBaseAuthenticationBuilder.MicrosoftIdentityBaseAuthenticationBuilder(IServiceCollection, IConfigurationSection).")]
-#endif
+        [RequiresDynamicCode("Calls Microsoft.Identity.Web.MicrosoftIdentityBaseAuthenticationBuilder.MicrosoftIdentityBaseAuthenticationBuilder(IServiceCollection, IConfigurationSection).")]
         internal MicrosoftIdentityWebAppAuthenticationBuilder(
             IServiceCollection services,
             string openIdConnectScheme,
@@ -58,9 +57,8 @@ internal MicrosoftIdentityWebAppAuthenticationBuilder(
         /// </summary>
         /// <param name="initialScopes">Initial scopes.</param>
         /// <returns>The builder itself for chaining.</returns>
-#if NET6_0_OR_GREATER && !NET8_0_OR_GREATER
         [RequiresUnreferencedCode("Calls Microsoft.Identity.Web.MicrosoftIdentityBaseAuthenticationBuilder.MicrosoftIdentityBaseAuthenticationBuilder(IServiceCollection, IConfigurationSection).")]
-#endif
+        [RequiresDynamicCode("Calls Microsoft.Identity.Web.MicrosoftIdentityBaseAuthenticationBuilder.MicrosoftIdentityBaseAuthenticationBuilder(IServiceCollection, IConfigurationSection).")]
         public MicrosoftIdentityAppCallsWebApiAuthenticationBuilder EnableTokenAcquisitionToCallDownstreamApi(
             IEnumerable<string>? initialScopes = null)
         {
@@ -75,9 +73,8 @@ public MicrosoftIdentityAppCallsWebApiAuthenticationBuilder EnableTokenAcquisiti
         /// MSAL.NET confidential client application options.</param>
         /// <param name="initialScopes">Initial scopes.</param>
         /// <returns>The builder itself for chaining.</returns>
-#if NET6_0_OR_GREATER && !NET8_0_OR_GREATER
         [RequiresUnreferencedCode("Calls Microsoft.Identity.Web.MicrosoftIdentityWebAppAuthenticationBuilder.WebAppCallsWebApiImplementation(IServiceCollection, IEnumerable<string>, Action<MicrosoftIdentityOptions>, string, Action<ConfidentialClientApplicationOptions>.")]
-#endif
+        [RequiresDynamicCode("Calls Microsoft.Identity.Web.MicrosoftIdentityWebAppAuthenticationBuilder.WebAppCallsWebApiImplementation(IServiceCollection, IEnumerable<string>, Action<MicrosoftIdentityOptions>, string, Action<ConfidentialClientApplicationOptions>.")]
         public MicrosoftIdentityAppCallsWebApiAuthenticationBuilder EnableTokenAcquisitionToCallDownstreamApi(
             Action<ConfidentialClientApplicationOptions>? configureConfidentialClientApplicationOptions,
             IEnumerable<string>? initialScopes = null)
@@ -93,9 +90,8 @@ public MicrosoftIdentityAppCallsWebApiAuthenticationBuilder EnableTokenAcquisiti
                 ConfigurationSection);
         }
 
-#if NET6_0_OR_GREATER
         [RequiresUnreferencedCode("Calls Microsoft.Identity.Web.ClientInfo.CreateFromJson(string).")]
-#endif
+        [RequiresDynamicCode("Calls Microsoft.Identity.Web.ClientInfo.CreateFromJson(string).")]
         internal static void WebAppCallsWebApiImplementation(
             IServiceCollection services,
             IEnumerable<string>? initialScopes,
diff --git a/src/Microsoft.Identity.Web/WebAppExtensions/MicrosoftIdentityWebAppAuthenticationBuilderExtensions.cs b/src/Microsoft.Identity.Web/WebAppExtensions/MicrosoftIdentityWebAppAuthenticationBuilderExtensions.cs
index 1e731d0c0..3b7f64f01 100644
--- a/src/Microsoft.Identity.Web/WebAppExtensions/MicrosoftIdentityWebAppAuthenticationBuilderExtensions.cs
+++ b/src/Microsoft.Identity.Web/WebAppExtensions/MicrosoftIdentityWebAppAuthenticationBuilderExtensions.cs
@@ -37,9 +37,8 @@ public static class MicrosoftIdentityWebAppAuthenticationBuilderExtensions
         /// <param name="subscribeToOpenIdConnectMiddlewareDiagnosticsEvents">Set to true if you want to debug, or just understand the OpenID Connect events.</param>
         /// <param name="displayName">A display name for the authentication handler.</param>
         /// <returns>The <see cref="MicrosoftIdentityWebAppAuthenticationBuilderWithConfiguration"/> builder for chaining.</returns>
-#if NET6_0_OR_GREATER
         [RequiresUnreferencedCode("Calls a trim-incompatible AddMicrosoftIdentityWebApp.")]
-#endif
+        [RequiresDynamicCode("Calls a trim-incompatible AddMicrosoftIdentityWebApp.")]
         public static MicrosoftIdentityWebAppAuthenticationBuilderWithConfiguration AddMicrosoftIdentityWebApp(
             this AuthenticationBuilder builder,
             IConfiguration configuration,
@@ -80,9 +79,8 @@ public static MicrosoftIdentityWebAppAuthenticationBuilderWithConfiguration AddM
         /// <param name="subscribeToOpenIdConnectMiddlewareDiagnosticsEvents">Set to true if you want to debug, or just understand the OpenID Connect events.</param>
         /// <param name="displayName">A display name for the authentication handler.</param>
         /// <returns>The authentication builder for chaining.</returns>
-#if NET6_0_OR_GREATER && !NET8_0_OR_GREATER
         [RequiresUnreferencedCode("Calls Microsoft.Extensions.Configuration.ConfigurationBinder.Bind(IConfiguration, Object).")]
-#endif
+        [RequiresDynamicCode("Calls Microsoft.Extensions.Configuration.ConfigurationBinder.Bind(IConfiguration, Object).")]
         public static MicrosoftIdentityWebAppAuthenticationBuilderWithConfiguration AddMicrosoftIdentityWebApp(
             this AuthenticationBuilder builder,
             IConfigurationSection configurationSection,
@@ -115,9 +113,8 @@ public static MicrosoftIdentityWebAppAuthenticationBuilderWithConfiguration AddM
         /// <param name="subscribeToOpenIdConnectMiddlewareDiagnosticsEvents">Set to true if you want to debug, or just understand the OpenID Connect events.</param>
         /// <param name="displayName">A display name for the authentication handler.</param>
         /// <returns>The authentication builder for chaining.</returns>
-#if NET6_0_OR_GREATER && !NET8_0_OR_GREATER
         [RequiresUnreferencedCode("Microsoft.Identity.Web.MicrosoftIdentityWebAppAuthenticationBuilderExtensions.AddMicrosoftWebAppWithoutConfiguration(AuthenticationBuilder, Action<MicrosoftIdentityOptions>, Action<CookieAuthenticationOptions>, String, String, Boolean, String).")]
-#endif
+        [RequiresDynamicCode("Microsoft.Identity.Web.MicrosoftIdentityWebAppAuthenticationBuilderExtensions.AddMicrosoftWebAppWithoutConfiguration(AuthenticationBuilder, Action<MicrosoftIdentityOptions>, Action<CookieAuthenticationOptions>, String, String, Boolean, String).")]
         public static MicrosoftIdentityWebAppAuthenticationBuilder AddMicrosoftIdentityWebApp(
             this AuthenticationBuilder builder,
             Action<MicrosoftIdentityOptions> configureMicrosoftIdentityOptions,
@@ -150,9 +147,8 @@ public static MicrosoftIdentityWebAppAuthenticationBuilder AddMicrosoftIdentityW
         /// <param name="displayName">A display name for the authentication handler.</param>
         /// <param name="configurationSection">Configuration section.</param>
         /// <returns>The authentication builder for chaining.</returns>
-#if NET6_0_OR_GREATER && !NET8_0_OR_GREATER
         [RequiresUnreferencedCode("Calls Microsoft.Identity.Web.MicrosoftIdentityWebAppAuthenticationBuilderWithConfiguration.MicrosoftIdentityWebAppAuthenticationBuilderWithConfiguration(IServiceCollection, String, Action<MicrosoftIdentityOptions>, IConfigurationSection)")]
-#endif
+        [RequiresDynamicCode("Calls Microsoft.Identity.Web.MicrosoftIdentityWebAppAuthenticationBuilderWithConfiguration.MicrosoftIdentityWebAppAuthenticationBuilderWithConfiguration(IServiceCollection, String, Action<MicrosoftIdentityOptions>, IConfigurationSection)")]
         private static MicrosoftIdentityWebAppAuthenticationBuilderWithConfiguration AddMicrosoftIdentityWebAppWithConfiguration(
                 this AuthenticationBuilder builder,
                 Action<MicrosoftIdentityOptions> configureMicrosoftIdentityOptions,
@@ -190,9 +186,8 @@ private static MicrosoftIdentityWebAppAuthenticationBuilderWithConfiguration Add
         /// <param name="subscribeToOpenIdConnectMiddlewareDiagnosticsEvents">Set to true if you want to debug, or just understand the OpenID Connect events.</param>
         /// <param name="displayName">A display name for the authentication handler.</param>
         /// <returns>The authentication builder for chaining.</returns>
-#if NET6_0_OR_GREATER && !NET8_0_OR_GREATER
         [RequiresUnreferencedCode("Calls Microsoft.Identity.Web.MicrosoftIdentityWebAppAuthenticationBuilder.MicrosoftIdentityWebAppAuthenticationBuilder(IServiceCollection, String, Action<MicrosoftIdentityOptions>, IConfigurationSection)")]
-#endif
+        [RequiresDynamicCode("Calls Microsoft.Identity.Web.MicrosoftIdentityWebAppAuthenticationBuilder.MicrosoftIdentityWebAppAuthenticationBuilder(IServiceCollection, String, Action<MicrosoftIdentityOptions>, IConfigurationSection)")]
         private static MicrosoftIdentityWebAppAuthenticationBuilder AddMicrosoftWebAppWithoutConfiguration(
         this AuthenticationBuilder builder,
         Action<MicrosoftIdentityOptions> configureMicrosoftIdentityOptions,
@@ -226,6 +221,8 @@ private static MicrosoftIdentityWebAppAuthenticationBuilder AddMicrosoftWebAppWi
                 null);
         }
 
+        [RequiresUnreferencedCode("Calls Microsoft.Extensions.Configuration.ConfigurationBinder.GetValue")]
+        [RequiresDynamicCode("Calls Microsoft.Extensions.Configuration.ConfigurationBinder.GetValue")]
         private static void AddMicrosoftIdentityWebAppInternal(
             AuthenticationBuilder builder,
             Action<MicrosoftIdentityOptions> configureMicrosoftIdentityOptions,
diff --git a/src/Microsoft.Identity.Web/WebAppExtensions/MicrosoftIdentityWebAppAuthenticationBuilderWithConfiguration.cs b/src/Microsoft.Identity.Web/WebAppExtensions/MicrosoftIdentityWebAppAuthenticationBuilderWithConfiguration.cs
index df58161bc..7d8fcc4af 100644
--- a/src/Microsoft.Identity.Web/WebAppExtensions/MicrosoftIdentityWebAppAuthenticationBuilderWithConfiguration.cs
+++ b/src/Microsoft.Identity.Web/WebAppExtensions/MicrosoftIdentityWebAppAuthenticationBuilderWithConfiguration.cs
@@ -23,9 +23,8 @@ public class MicrosoftIdentityWebAppAuthenticationBuilderWithConfiguration : Mic
         /// <param name="configureMicrosoftIdentityOptions">Action called to configure
         /// the <see cref="MicrosoftIdentityOptions"/>Microsoft identity options.</param>
         /// <param name="configurationSection">Optional configuration section.</param>
-#if NET6_0_OR_GREATER && !NET8_0_OR_GREATER
         [RequiresUnreferencedCode("Calls Microsoft.Identity.Web.MicrosoftIdentityWebAppAuthenticationBuilder.MicrosoftIdentityWebAppAuthenticationBuilder(IServiceCollection, String, Action<MicrosoftIdentityOptions>, IConfigurationSection)")]
-#endif
+        [RequiresDynamicCode("Calls Microsoft.Identity.Web.MicrosoftIdentityWebAppAuthenticationBuilder.MicrosoftIdentityWebAppAuthenticationBuilder(IServiceCollection, String, Action<MicrosoftIdentityOptions>, IConfigurationSection)")]
         internal MicrosoftIdentityWebAppAuthenticationBuilderWithConfiguration(
             IServiceCollection services,
             string openIdConnectScheme,
@@ -41,9 +40,8 @@ internal MicrosoftIdentityWebAppAuthenticationBuilderWithConfiguration(
         /// </summary>
         /// <param name="initialScopes">Optional initial scopes to request.</param>
         /// <returns>The authentication builder for chaining.</returns>
-#if NET6_0_OR_GREATER && !NET8_0_OR_GREATER
         [RequiresUnreferencedCode("Calls Microsoft.Extensions.Configuration.ConfigurationBinder.Bind(IConfiguration, Object).")]
-#endif
+        [RequiresDynamicCode("Calls Microsoft.Extensions.Configuration.ConfigurationBinder.Bind(IConfiguration, Object).")]
         public new MicrosoftIdentityAppCallsWebApiAuthenticationBuilder EnableTokenAcquisitionToCallDownstreamApi(
             IEnumerable<string>? initialScopes = null)
         {
diff --git a/src/Microsoft.Identity.Web/WebAppExtensions/MicrosoftIdentityWebAppServiceCollectionExtensions.cs b/src/Microsoft.Identity.Web/WebAppExtensions/MicrosoftIdentityWebAppServiceCollectionExtensions.cs
index a4d4f03da..e5eaedf02 100644
--- a/src/Microsoft.Identity.Web/WebAppExtensions/MicrosoftIdentityWebAppServiceCollectionExtensions.cs
+++ b/src/Microsoft.Identity.Web/WebAppExtensions/MicrosoftIdentityWebAppServiceCollectionExtensions.cs
@@ -32,10 +32,8 @@ public static partial class MicrosoftIdentityWebAppServiceCollectionExtensions
         /// <param name="subscribeToOpenIdConnectMiddlewareDiagnosticsEvents">Set to true if you want to debug, or just understand the OpenIdConnect events.</param>
         /// <param name="displayName">A display name for the authentication handler.</param>
         /// <returns>The authentication builder to chain extension methods.</returns>
-#if NET6_0_OR_GREATER && !NET8_0_OR_GREATER
         [RequiresUnreferencedCode("Microsoft.Identity.Web.MicrosoftIdentityWebAppAuthenticationBuilderExtensions.AddMicrosoftIdentityWebApp(AuthenticationBuilder, IConfiguration, String, String, String, Boolean, String).")]
-#endif
-
+        [RequiresDynamicCode("Microsoft.Identity.Web.MicrosoftIdentityWebAppAuthenticationBuilderExtensions.AddMicrosoftIdentityWebApp(AuthenticationBuilder, IConfiguration, String, String, String, Boolean, String).")]
         public static MicrosoftIdentityWebAppAuthenticationBuilderWithConfiguration AddMicrosoftIdentityWebAppAuthentication(
             this IServiceCollection services,
             IConfiguration configuration,
diff --git a/src/Shared/CodeAnalysisAttributes.cs b/src/Shared/CodeAnalysisAttributes.cs
new file mode 100644
index 000000000..cf1b2475c
--- /dev/null
+++ b/src/Shared/CodeAnalysisAttributes.cs
@@ -0,0 +1,175 @@
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License.
+
+// This file provides polyfills for AOT-related attributes on older target frameworks
+// that don't have them built-in. It is shared across multiple projects via MSBuild linking.
+
+// Suppress public API analyzer warnings for these internal polyfill types
+#pragma warning disable RS0016 // Symbol is not part of the declared public API
+#pragma warning disable RS0036 // Symbol is not part of the declared internal API
+#pragma warning disable RS0051 // Symbol is not part of the declared API
+
+// These attributes are available in .NET 5.0+ but need polyfills for netstandard2.0 and .NET Framework
+#if NETSTANDARD2_0 || NETFRAMEWORK
+
+namespace System.Diagnostics.CodeAnalysis
+{
+    /// <summary>
+    /// Indicates that the specified method requires dynamic access to code that is not referenced statically.
+    /// </summary>
+    [AttributeUsage(AttributeTargets.Class | AttributeTargets.Constructor | AttributeTargets.Method, Inherited = false)]
+    internal sealed class RequiresDynamicCodeAttribute : Attribute
+    {
+        /// <summary>
+        /// Initializes a new instance of the <see cref="RequiresDynamicCodeAttribute"/> class.
+        /// </summary>
+        /// <param name="message">A message that contains information about the usage of dynamic code.</param>
+        public RequiresDynamicCodeAttribute(string message)
+        {
+            Message = message;
+        }
+
+        /// <summary>
+        /// Gets a message that contains information about the usage of dynamic code.
+        /// </summary>
+        public string Message { get; }
+
+        /// <summary>
+        /// Gets or sets an optional URL that contains more information about the method.
+        /// </summary>
+        public string? Url { get; set; }
+    }
+
+    /// <summary>
+    /// Indicates that the specified method requires the ability to generate new code at runtime.
+    /// </summary>
+    [AttributeUsage(AttributeTargets.Class | AttributeTargets.Constructor | AttributeTargets.Method, Inherited = false)]
+    internal sealed class RequiresUnreferencedCodeAttribute : Attribute
+    {
+        /// <summary>
+        /// Initializes a new instance of the <see cref="RequiresUnreferencedCodeAttribute"/> class.
+        /// </summary>
+        /// <param name="message">A message that contains information about the usage of unreferenced code.</param>
+        public RequiresUnreferencedCodeAttribute(string message)
+        {
+            Message = message;
+        }
+
+        /// <summary>
+        /// Gets a message that contains information about the usage of unreferenced code.
+        /// </summary>
+        public string Message { get; }
+
+        /// <summary>
+        /// Gets or sets an optional URL that contains more information about the method.
+        /// </summary>
+        public string? Url { get; set; }
+    }
+
+    /// <summary>
+    /// Specifies the types of members that are dynamically accessed.
+    /// </summary>
+    [Flags]
+    internal enum DynamicallyAccessedMemberTypes
+    {
+        /// <summary>Specifies no members.</summary>
+        None = 0,
+        /// <summary>Specifies the default, parameterless public constructor.</summary>
+        PublicParameterlessConstructor = 1,
+        /// <summary>Specifies all public constructors.</summary>
+        PublicConstructors = 3,
+        /// <summary>Specifies all non-public constructors.</summary>
+        NonPublicConstructors = 4,
+        /// <summary>Specifies all public methods.</summary>
+        PublicMethods = 8,
+        /// <summary>Specifies all non-public methods.</summary>
+        NonPublicMethods = 16,
+        /// <summary>Specifies all public fields.</summary>
+        PublicFields = 32,
+        /// <summary>Specifies all non-public fields.</summary>
+        NonPublicFields = 64,
+        /// <summary>Specifies all public nested types.</summary>
+        PublicNestedTypes = 128,
+        /// <summary>Specifies all non-public nested types.</summary>
+        NonPublicNestedTypes = 256,
+        /// <summary>Specifies all public properties.</summary>
+        PublicProperties = 512,
+        /// <summary>Specifies all non-public properties.</summary>
+        NonPublicProperties = 1024,
+        /// <summary>Specifies all public events.</summary>
+        PublicEvents = 2048,
+        /// <summary>Specifies all non-public events.</summary>
+        NonPublicEvents = 4096,
+        /// <summary>Specifies all interfaces implemented by the type.</summary>
+        Interfaces = 8192,
+        /// <summary>Specifies all members.</summary>
+        All = -1
+    }
+
+    /// <summary>
+    /// Indicates that certain members on a specified Type are accessed dynamically.
+    /// </summary>
+    [AttributeUsage(
+        AttributeTargets.Field | AttributeTargets.ReturnValue | AttributeTargets.GenericParameter |
+        AttributeTargets.Parameter | AttributeTargets.Property | AttributeTargets.Method |
+        AttributeTargets.Class | AttributeTargets.Interface | AttributeTargets.Struct,
+        Inherited = false)]
+    internal sealed class DynamicallyAccessedMembersAttribute : Attribute
+    {
+        /// <summary>
+        /// Initializes a new instance of the <see cref="DynamicallyAccessedMembersAttribute"/> class.
+        /// </summary>
+        /// <param name="memberTypes">The types of members dynamically accessed.</param>
+        public DynamicallyAccessedMembersAttribute(DynamicallyAccessedMemberTypes memberTypes)
+        {
+            MemberTypes = memberTypes;
+        }
+
+        /// <summary>
+        /// Gets the <see cref="DynamicallyAccessedMemberTypes"/> which specifies the type of members dynamically accessed.
+        /// </summary>
+        public DynamicallyAccessedMemberTypes MemberTypes { get; }
+    }
+
+    /// <summary>
+    /// Suppresses reporting of a specific rule violation, allowing multiple suppressions on a single code artifact.
+    /// </summary>
+    [AttributeUsage(AttributeTargets.All, Inherited = false, AllowMultiple = true)]
+    internal sealed class UnconditionalSuppressMessageAttribute : Attribute
+    {
+        /// <summary>
+        /// Initializes a new instance of the <see cref="UnconditionalSuppressMessageAttribute"/> class.
+        /// </summary>
+        /// <param name="category">The category for the attribute.</param>
+        /// <param name="checkId">The identifier of the analysis tool rule to be suppressed.</param>
+        public UnconditionalSuppressMessageAttribute(string category, string checkId)
+        {
+            Category = category;
+            CheckId = checkId;
+        }
+
+        /// <summary>Gets the category identifying the classification of the attribute.</summary>
+        public string Category { get; }
+
+        /// <summary>Gets the identifier of the analysis tool rule to be suppressed.</summary>
+        public string CheckId { get; }
+
+        /// <summary>Gets or sets the scope of the code that is relevant for the attribute.</summary>
+        public string? Scope { get; set; }
+
+        /// <summary>Gets or sets a fully qualified path that represents the target of the attribute.</summary>
+        public string? Target { get; set; }
+
+        /// <summary>Gets or sets an optional argument expanding on exclusion criteria.</summary>
+        public string? MessageId { get; set; }
+
+        /// <summary>Gets or sets the justification for suppressing the code analysis message.</summary>
+        public string? Justification { get; set; }
+    }
+}
+
+#pragma warning restore RS0016
+#pragma warning restore RS0036
+#pragma warning restore RS0051
+
+#endif
diff --git a/tests/Microsoft.Identity.Web.AotCompatibility.TestApp/Microsoft.Identity.Web.AotCompatibility.TestApp.csproj b/tests/Microsoft.Identity.Web.AotCompatibility.TestApp/Microsoft.Identity.Web.AotCompatibility.TestApp.csproj
index 8c5d74a53..cd3c7e41b 100644
--- a/tests/Microsoft.Identity.Web.AotCompatibility.TestApp/Microsoft.Identity.Web.AotCompatibility.TestApp.csproj
+++ b/tests/Microsoft.Identity.Web.AotCompatibility.TestApp/Microsoft.Identity.Web.AotCompatibility.TestApp.csproj
@@ -1,5 +1,5 @@
 <Project Sdk="Microsoft.NET.Sdk">
-  
+
   <PropertyGroup>
     <TargetFrameworks>net9.0</TargetFrameworks>
     <TargetFrameworks Condition="'$(TargetNetNext)'== 'True'">$(TargetFrameworks); net10.0</TargetFrameworks>
@@ -11,6 +11,12 @@
     <IsPackable>false</IsPackable>
   </PropertyGroup>
 
+  <!-- Generates extra info for https://github.com/MichalStrehovsky/sizoscope to read. Useful for debugging warnings since it tells you where each item came from.-->
+  <PropertyGroup>
+    <IlcGenerateMstatFile>true</IlcGenerateMstatFile>
+    <IlcGenerateDgmlFile>true</IlcGenerateDgmlFile>
+  </PropertyGroup>
+
   <ItemGroup>
 
     <TrimmerRootAssembly Include="Microsoft.Identity.Web"/>
@@ -23,14 +29,16 @@
     <TrimmerRootAssembly Include="Microsoft.Identity.Web.GraphServiceClientBeta"/>
 
     <!--
-    <TrimmerRootAssembly Include="Microsoft.Identity.Web.MicrosoftGraph"/>    
+    <TrimmerRootAssembly Include="Microsoft.Identity.Web.MicrosoftGraph"/>
     <TrimmerRootAssembly Include="Microsoft.Identity.Web.MicrosoftGraphBeta"/>
     <TrimmerRootAssembly Include="Microsoft.Identity.Web.OWIN"/>-->
 
     <TrimmerRootAssembly Include="Microsoft.Identity.Web.TokenAcquisition"/>
     <TrimmerRootAssembly Include="Microsoft.Identity.Web.TokenCache"/>
-    <TrimmerRootAssembly Include="Microsoft.Identity.Web.UI"/>
-    
+
+    <!-- This library references Razor + ASP.NET MVC, which are not AOT-compatible. -->
+    <!-- <TrimmerRootAssembly Include="Microsoft.Identity.Web.UI"/> -->
+
     <TrimmerRootAssembly Update="@(TrimmerRootAssembly)" Path="..\..\src\%(Identity)\%(Identity).csproj" />
     <ProjectReference Include="@(TrimmerRootAssembly->'%(Path)')" />
   </ItemGroup>