AzureAD · neha-bhargava · Jun 19, 2026 · Jun 19, 2026
@@ -11,6 +11,7 @@
 
 ### Behavior changes
 - **B2C OpenID Connect event handler: LRU cache for issuer address.** Issuer address lookups in the B2C OIDC event handler are now cached with an LRU cache, improving performance for repeated lookups. See [#3821](https://github.com/AzureAD/microsoft-identity-web/pull/3821).
+- **MSAL logs are now emitted as structured logs.** `TokenAcquisition` and `ManagedIdentityClientAssertion` now route MSAL's internal logging through `IdentityLoggerAdapter` (the `IIdentityLogger` overload) instead of the legacy `LogCallback`, so MSAL log entries flow through `ILogger` with their original log level instead of being flattened into a single unstructured message. See [#3820](https://github.com/AzureAD/microsoft-identity-web/issues/3820).
 
 ### Dependencies updates
 - Update MSAL.NET to 4.84.1. See [#3822](https://github.com/AzureAD/microsoft-identity-web/pull/3822).

@@ -12,6 +12,7 @@
 using Microsoft.Identity.Client.KeyAttestation;
 using Microsoft.Identity.Web.Certificateless;
 using Microsoft.Identity.Web.TestOnly;
+using Microsoft.IdentityModel.LoggingExtensions;
 
 namespace Microsoft.Identity.Web
 {
@@ -98,7 +99,7 @@ internal ManagedIdentityClientAssertion(
 
             if (_logger != null)
             {
-                builder = builder.WithLogging(Log, ConvertMicrosoftExtensionsLogLevelToMsal(_logger), enablePiiLogging: false);
+                builder = builder.WithLogging(new IdentityLoggerAdapter(_logger), enablePiiLogging: false);
                 _logger.LogInformation($"ManagedIdentityClientAssertion with tokenExchangeUrl={_tokenExchangeUrl}");
             }
 
@@ -195,61 +196,5 @@ private async Task<AuthenticationResult> AcquireManagedIdentityTokenAsync(
                 .ConfigureAwait(false);
         }
 
-        private void Log(
-          Client.LogLevel level,
-          string message,
-          bool containsPii)
-        {
-            if (_logger == null)
-            {
-                return;
-            }
-
-            switch (level)
-            {
-                case Client.LogLevel.Always:
-                    _logger.LogInformation(message);
-                    break;
-                case Client.LogLevel.Error:
-                    _logger.LogError(message);
-                    break;
-                case Client.LogLevel.Warning:
-                    _logger.LogWarning(message);
-                    break;
-                case Client.LogLevel.Info:
-                    _logger.LogInformation(message);
-                    break;
-                case Client.LogLevel.Verbose:
-                    _logger.LogDebug(message);
-                    break;
-            }
-        }
-
-        private Client.LogLevel? ConvertMicrosoftExtensionsLogLevelToMsal(ILogger logger)
-        {
-            if (logger.IsEnabled(Microsoft.Extensions.Logging.LogLevel.Debug)
-                || logger.IsEnabled(Microsoft.Extensions.Logging.LogLevel.Trace))
-            {
-                return Client.LogLevel.Verbose;
-            }
-            else if (logger.IsEnabled(Microsoft.Extensions.Logging.LogLevel.Information))
-            {
-                return Client.LogLevel.Info;
-            }
-            else if (logger.IsEnabled(Microsoft.Extensions.Logging.LogLevel.Warning))
-            {
-                return Client.LogLevel.Warning;
-            }
-            else if (logger.IsEnabled(Microsoft.Extensions.Logging.LogLevel.Error)
-                || logger.IsEnabled(Microsoft.Extensions.Logging.LogLevel.Critical))
-            {
-                return Client.LogLevel.Error;
-            }
-            else
-            {
-                return null;
-            }
-        }
-
     }
 }
@@ -21,6 +21,7 @@
   <ItemGroup>
     <PackageReference Include="Microsoft.Extensions.Logging.Abstractions" Version="$(MicrosoftExtensionsLoggingAbstractionsVersion)" />
     <PackageReference Include="Microsoft.IdentityModel.JsonWebTokens " Version="$(MicrosoftIdentityModelVersion)" />
+    <PackageReference Include="Microsoft.IdentityModel.LoggingExtensions" Version="$(MicrosoftIdentityModelVersion)" />
     <PackageReference Include="Microsoft.Identity.Client" Version="$(MicrosoftIdentityClientVersion)" />
     <PackageReference Include="Microsoft.Identity.Client.KeyAttestation" Version="$(MicrosoftIdentityClientKeyAttestationVersion)" />
   </ItemGroup>

@@ -10,6 +10,7 @@
 using Microsoft.Identity.Client;
 using Microsoft.Identity.Client.AppConfig;
 using Microsoft.Identity.Web.TestOnly;
+using Microsoft.IdentityModel.LoggingExtensions;
 using Microsoft.IdentityModel.Tokens;
 
 namespace Microsoft.Identity.Web
@@ -101,8 +102,7 @@ private IManagedIdentityApplication BuildManagedIdentityApplication(
             ManagedIdentityApplicationBuilder miBuilder = ManagedIdentityApplicationBuilder
                 .Create(managedIdentityId)
                 .WithLogging(
-                    Log,
-                    ConvertMicrosoftExtensionsLogLevelToMsal(_logger),
+                    new IdentityLoggerAdapter(_logger),
                     enablePiiLogging: enablePiiLogging);
 
             if (capabilities?.Any() == true)

@@ -27,6 +27,7 @@
 using Microsoft.Identity.Web.TokenCacheProviders;
 using Microsoft.Identity.Web.TokenCacheProviders.InMemory;
 using Microsoft.IdentityModel.JsonWebTokens;
+using Microsoft.IdentityModel.LoggingExtensions;
 using Microsoft.IdentityModel.Tokens;
 
 namespace Microsoft.Identity.Web
@@ -1124,8 +1125,7 @@ private async Task<IConfidentialClientApplication> BuildConfidentialClientApplic
                         .CreateWithApplicationOptions(mergedOptions.ConfidentialClientApplicationOptions)
                         .WithHttpClientFactory(_httpClientFactory)
                         .WithLogging(
-                            Log,
-                            ConvertMicrosoftExtensionsLogLevelToMsal(_logger),
+                            new IdentityLoggerAdapter(_logger),
                             enablePiiLogging: mergedOptions.ConfidentialClientApplicationOptions.EnablePiiLogging)
                         .WithExperimentalFeatures();
 
@@ -1673,57 +1673,6 @@ public string GetEffectiveAuthenticationScheme(string? authenticationScheme)
             return _tokenAcquisitionHost.GetEffectiveAuthenticationScheme(authenticationScheme);
         }
 
-        private void Log(
-          Client.LogLevel level,
-          string message,
-          bool containsPii)
-        {
-            switch (level)
-            {
-                case Client.LogLevel.Always:
-                    _logger.LogInformation(message);
-                    break;
-                case Client.LogLevel.Error:
-                    _logger.LogError(message);
-                    break;
-                case Client.LogLevel.Warning:
-                    _logger.LogWarning(message);
-                    break;
-                case Client.LogLevel.Info:
-                    _logger.LogInformation(message);
-                    break;
-                case Client.LogLevel.Verbose:
-                    _logger.LogDebug(message);
-                    break;
-            }
-        }
-
-        private Client.LogLevel? ConvertMicrosoftExtensionsLogLevelToMsal(ILogger logger)
-        {
-            if (logger.IsEnabled(Microsoft.Extensions.Logging.LogLevel.Debug)
-                || logger.IsEnabled(Microsoft.Extensions.Logging.LogLevel.Trace))
-            {
-                return Client.LogLevel.Verbose;
-            }
-            else if (logger.IsEnabled(Microsoft.Extensions.Logging.LogLevel.Information))
-            {
-                return Client.LogLevel.Info;
-            }
-            else if (logger.IsEnabled(Microsoft.Extensions.Logging.LogLevel.Warning))
-            {
-                return Client.LogLevel.Warning;
-            }
-            else if (logger.IsEnabled(Microsoft.Extensions.Logging.LogLevel.Error)
-                || logger.IsEnabled(Microsoft.Extensions.Logging.LogLevel.Critical))
-            {
-                return Client.LogLevel.Error;
-            }
-            else
-            {
-                return null;
-            }
-        }
-
         /// <summary>
         /// Temporary. Replace with Builder.WithClientAssertion when MSAL.NET supports it.
         /// </summary>