deps: Bump Azure.Identity and 12 others

[dependabot]

⚠️ Dependabot is rebasing this PR ⚠️

Rebasing might not happen immediately, so don't worry if this takes some time.

Note: if you make any changes to this PR yourself, they will take precedence over the rebase.

---

Updated Azure.Identity from 1.16.0 to 1.19.0.

Release notes

Sourced from Azure.Identity's releases.

1.19.0

1.19.0 (2026-03-11)

Features Added

• Added support in ClientCertificateCredential to specify a path in the form of cert:/StoreLocation/StoreName/Thumbprint to refer to a certificate in the platform certificate store - such as the Windows Certificate Store on Windows, and the KeyChain on MacOS - instead of a file on disk. For example to load a certificate from the "My" store in the "CurrentUser" location use the path cert:/CurrentUser/My/E661583E8FABEF4C0BEF694CBC41C28FB81CD870 (A community contribution, courtesy of fowl2).

Other Changes

• Updated Microsoft.Identity.Client and Microsoft.Identity.Client.Extensions.Msal dependencies to version 4.83.1.

1.18.0

1.18.0 (2026-02-25)

Features Added

• Added experimental Microsoft.Extensions.Configuration and Microsoft.Extensions.DependencyInjection integration for Azure SDK clients. For details, see the Configuration and Dependency Injection documentation.

• The WorkloadIdentityCredentialOptions.IsAzureProxyEnabled property, which enables Azure Kubernetes token proxy mode, is only available in beta releases of this package.

• AzureDeveloperCliCredential now parses JSON error output from azd auth token to extract clean error messages instead of including raw JSON in exceptions. Error messages like {"type":"consoleMessage","data":{"message":"ERROR: fetching token: ..."}} are now displayed as ERROR: fetching token: ....

1.18.0-beta.3

1.18.0-beta.3 (2026-02-20)

Breaking Changes

• Renamed WorkloadIdentityCredentialOptions.IsAzureKubernetesTokenProxyEnabled to IsAzureProxyEnabled to follow .NET naming conventions for boolean properties.

Bugs Fixed

• Fixed a NullReferenceException that occurred during X509Chain validation on Linux when using the Identity Bindings feature.

• Disabled MSAL's internal retry logic for ConfidentialClientApplication and PublicClientApplication to prevent double retries when combined with Azure SDK's retry policy. Only the configured Azure SDK retry policy is applied, avoiding unexpected additional retry attempts.

Commits viewable in compare view.

Updated Azure.Identity from 1.17.1 to 1.19.0.

Release notes

Sourced from Azure.Identity's releases.

1.19.0

1.19.0 (2026-03-11)

Features Added

• Added support in ClientCertificateCredential to specify a path in the form of cert:/StoreLocation/StoreName/Thumbprint to refer to a certificate in the platform certificate store - such as the Windows Certificate Store on Windows, and the KeyChain on MacOS - instead of a file on disk. For example to load a certificate from the "My" store in the "CurrentUser" location use the path cert:/CurrentUser/My/E661583E8FABEF4C0BEF694CBC41C28FB81CD870 (A community contribution, courtesy of fowl2).

Other Changes

• Updated Microsoft.Identity.Client and Microsoft.Identity.Client.Extensions.Msal dependencies to version 4.83.1.

1.18.0

1.18.0 (2026-02-25)

Features Added

• Added experimental Microsoft.Extensions.Configuration and Microsoft.Extensions.DependencyInjection integration for Azure SDK clients. For details, see the Configuration and Dependency Injection documentation.

• The WorkloadIdentityCredentialOptions.IsAzureProxyEnabled property, which enables Azure Kubernetes token proxy mode, is only available in beta releases of this package.

• AzureDeveloperCliCredential now parses JSON error output from azd auth token to extract clean error messages instead of including raw JSON in exceptions. Error messages like {"type":"consoleMessage","data":{"message":"ERROR: fetching token: ..."}} are now displayed as ERROR: fetching token: ....

1.18.0-beta.3

1.18.0-beta.3 (2026-02-20)

Breaking Changes

• Renamed WorkloadIdentityCredentialOptions.IsAzureKubernetesTokenProxyEnabled to IsAzureProxyEnabled to follow .NET naming conventions for boolean properties.

Bugs Fixed

• Fixed a NullReferenceException that occurred during X509Chain validation on Linux when using the Identity Bindings feature.

• Disabled MSAL's internal retry logic for ConfidentialClientApplication and PublicClientApplication to prevent double retries when combined with Azure SDK's retry policy. Only the configured Azure SDK retry policy is applied, avoiding unexpected additional retry attempts.

Commits viewable in compare view.

Updated Azure.ResourceManager from 1.13.2 to 1.14.0.

Release notes

Sourced from Azure.ResourceManager's releases.

1.14.0

1.14.0 (2026-02-26)

Features Added

• Bumped api-version of ManagementGroup to 2023-04-01.

Bugs Fixed

• Fixed ArgumentNullException when deserializing ManagedServiceIdentity with null or empty type property value.

Commits viewable in compare view.

Updated Microsoft.Extensions.Configuration from 9.0.12 to 9.0.14.

Release notes

Sourced from Microsoft.Extensions.Configuration's releases.

9.0.14

Release

9.0.13

Release

What's Changed

• [release/9.0] Update dependencies from dotnet/emsdk by @​dotnet-maestro[bot] in [release/9.0] Update dependencies from dotnet/emsdk dotnet/runtime#122508
• [release/9.0] Update dependencies from dotnet/emsdk by @​dotnet-maestro[bot] in [release/9.0] Update dependencies from dotnet/emsdk dotnet/runtime#122747
• Update branding to 9.0.13 by @​vseanreesermsft in Update branding to 9.0.13 dotnet/runtime#122888
• [release/9.0] Update dependencies from dotnet/emsdk by @​dotnet-maestro[bot] in [release/9.0] Update dependencies from dotnet/emsdk dotnet/runtime#122941
• [manual] Merge release/9.0-staging into release/9.0 by @​jeffhandley in [manual] Merge release/9.0-staging into release/9.0 dotnet/runtime#123113

Full Changelog: dotnet/runtime@v9.0.12...v9.0.13

Commits viewable in compare view.

Updated Microsoft.Extensions.Configuration.Abstractions from 9.0.12 to 10.0.3.

Release notes

Sourced from Microsoft.Extensions.Configuration.Abstractions's releases.

10.0.0-preview.6.25358.103

You can build .NET 10.0 Preview 6 from the repository by cloning the release tag v10.0.0-preview.6.25358.103 and following the build instructions in the main README.md.

Alternatively, you can build from the sources attached to this release directly.
More information on this process can be found in the dotnet/dotnet repository.

Attached are PGP signatures for the GitHub generated tarball and zipball. You can find the public key at https://dot.net/release-key-2023

10.0.0-preview.5.25277.114

You can build .NET 10.0 Preview 5 from the repository by cloning the release tag v10.0.0-preview.5.25277.114 and following the build instructions in the main README.md.

Alternatively, you can build from the sources attached to this release directly.
More information on this process can be found in the dotnet/dotnet repository.

Attached are PGP signatures for the GitHub generated tarball and zipball. You can find the public key at https://dot.net/release-key-2023

10.0.0-preview.4.25258.110

You can build .NET 10.0 Preview 4 from the repository by cloning the release tag v10.0.0-preview.4.25258.110 and following the build instructions in the main README.md.

Alternatively, you can build from the sources attached to this release directly.
More information on this process can be found in the dotnet/dotnet repository.

Attached are PGP signatures for the GitHub generated tarball and zipball. You can find the public key at https://dot.net/release-key-2023

10.0.0-preview.3.25171.5

You can build .NET 10.0 Preview 3 from the repository by cloning the release tag v10.0.0-preview.3.25171.5 and following the build instructions in the main README.md.

Alternatively, you can build from the sources attached to this release directly.
More information on this process can be found in the dotnet/dotnet repository.

Attached are PGP signatures for the GitHub generated tarball and zipball. You can find the public key at https://dot.net/release-key-2023

10.0.0-preview.2.25163.2

You can build .NET 10.0 Preview 2 from the repository by cloning the release tag v10.0.0-preview.2.25163.2 and following the build instructions in the main README.md.

Alternatively, you can build from the sources attached to this release directly.
More information on this process can be found in the dotnet/dotnet repository.

Attached are PGP signatures for the GitHub generated tarball and zipball. You can find the public key at https://dot.net/release-key-2023

10.0.0-preview.1.25080.5

You can build .NET 10.0 Preview 1 from the repository by cloning the release tag v10.0.0-preview.1.25080.5 and following the build instructions in the main README.md.

Alternatively, you can build from the sources attached to this release directly.
More information on this process can be found in the dotnet/dotnet repository.

Attached are PGP signatures for the GitHub generated tarball and zipball. You can find the public key at https://dot.net/release-key-2023

9.0.115

You can build .NET 9.0 from the repository by cloning the release tag v9.0.115 and following the build instructions in the main README.md.

Alternatively, you can build from the sources attached to this release directly.
More information on this process can be found in the dotnet/dotnet repository.

Attached are PGP signatures for the GitHub generated tarball and zipball. You can find the public key at https://dot.net/release-key-2023

9.0.114

You can build .NET 9.0 from the repository by cloning the release tag v9.0.114 and following the build instructions in the main README.md.

Alternatively, you can build from the sources attached to this release directly.
More information on this process can be found in the dotnet/dotnet repository.

Attached is the PGP signature for the GitHub generated tarball. You can find the public key at https://dot.net/release-key-2023

9.0.113

You can build .NET 9.0 from the repository by cloning the release tag v9.0.113 and following the build instructions in the main README.md.

Alternatively, you can build from the sources attached to this release directly.
More information on this process can be found in the dotnet/dotnet repository.

Attached are PGP signatures for the GitHub generated tarball and zipball. You can find the public key at https://dot.net/release-key-2023

9.0.112

You can build .NET 9.0 from the repository by cloning the release tag v9.0.112 and following the build instructions in the main README.md.

Alternatively, you can build from the sources attached to this release directly.
More information on this process can be found in the dotnet/dotnet repository.

Attached are PGP signatures for the GitHub generated tarball and zipball. You can find the public key at https://dot.net/release-key-2023

9.0.111

You can build .NET 9.0 from the repository by cloning the release tag v9.0.111 and following the build instructions in the main README.md.

Alternatively, you can build from the sources attached to this release directly.
More information on this process can be found in the dotnet/dotnet repository.

Attached are PGP signatures for the GitHub generated tarball and zipball. You can find the public key at https://dot.net/release-key-2023

9.0.110

You can build .NET 9.0 from the repository by cloning the release tag v9.0.110 and following the build instructions in the main README.md.

Alternatively, you can build from the sources attached to this release directly.
More information on this process can be found in the dotnet/dotnet repository.

Attached are PGP signatures for the GitHub generated tarball and zipball. You can find the public key at https://dot.net/release-key-2023

9.0.109

You can build .NET 9.0 from the repository by cloning the release tag v9.0.109 and following the build instructions in the main README.md.

Alternatively, you can build from the sources attached to this release directly.
More information on this process can be found in the dotnet/dotnet repository.

Attached are PGP signatures for the GitHub generated tarball and zipball. You can find the public key at https://dot.net/release-key-2023

9.0.101

You can build .NET 9.0 from the repository by cloning the release tag v9.0.101 and following the build instructions in the main README.md.

Alternatively, you can build from the sources attached to this release directly.
More information on this process can be found in the dotnet/dotnet repository.

Attached are PGP signatures for the GitHub generated tarball and zipball. You can find the public key at https://dot.net/release-key-2023

Commits viewable in compare view.

Updated Microsoft.Extensions.Configuration.Abstractions from 10.0.3 to 10.0.5.

Release notes

Sourced from Microsoft.Extensions.Configuration.Abstractions's releases.

No release notes found for this version range.

Commits viewable in compare view.

Updated Microsoft.Extensions.Configuration.Json from 9.0.12 to 9.0.14.

Release notes

Sourced from Microsoft.Extensions.Configuration.Json's releases.

9.0.14

Release

9.0.13

Release

What's Changed

• [release/9.0] Update dependencies from dotnet/emsdk by @​dotnet-maestro[bot] in [release/9.0] Update dependencies from dotnet/emsdk dotnet/runtime#122508
• [release/9.0] Update dependencies from dotnet/emsdk by @​dotnet-maestro[bot] in [release/9.0] Update dependencies from dotnet/emsdk dotnet/runtime#122747
• Update branding to 9.0.13 by @​vseanreesermsft in Update branding to 9.0.13 dotnet/runtime#122888
• [release/9.0] Update dependencies from dotnet/emsdk by @​dotnet-maestro[bot] in [release/9.0] Update dependencies from dotnet/emsdk dotnet/runtime#122941
• [manual] Merge release/9.0-staging into release/9.0 by @​jeffhandley in [manual] Merge release/9.0-staging into release/9.0 dotnet/runtime#123113

Full Changelog: dotnet/runtime@v9.0.12...v9.0.13

Commits viewable in compare view.

Updated Microsoft.Extensions.DependencyInjection from 9.0.12 to 9.0.14.

Release notes

Sourced from Microsoft.Extensions.DependencyInjection's releases.

9.0.14

Release

9.0.13

Release

What's Changed

• [release/9.0] Update dependencies from dotnet/emsdk by @​dotnet-maestro[bot] in [release/9.0] Update dependencies from dotnet/emsdk dotnet/runtime#122508
• [release/9.0] Update dependencies from dotnet/emsdk by @​dotnet-maestro[bot] in [release/9.0] Update dependencies from dotnet/emsdk dotnet/runtime#122747
• Update branding to 9.0.13 by @​vseanreesermsft in Update branding to 9.0.13 dotnet/runtime#122888
• [release/9.0] Update dependencies from dotnet/emsdk by @​dotnet-maestro[bot] in [release/9.0] Update dependencies from dotnet/emsdk dotnet/runtime#122941
• [manual] Merge release/9.0-staging into release/9.0 by @​jeffhandley in [manual] Merge release/9.0-staging into release/9.0 dotnet/runtime#123113

Full Changelog: dotnet/runtime@v9.0.12...v9.0.13

Commits viewable in compare view.

Updated Microsoft.Extensions.DependencyInjection.Abstractions from 9.0.12 to 9.0.14.

Release notes

Sourced from Microsoft.Extensions.DependencyInjection.Abstractions's releases.

9.0.14

Release

9.0.13

Release

What's Changed

• [release/9.0] Update dependencies from dotnet/emsdk by @​dotnet-maestro[bot] in [release/9.0] Update dependencies from dotnet/emsdk dotnet/runtime#122508
• [release/9.0] Update dependencies from dotnet/emsdk by @​dotnet-maestro[bot] in [release/9.0] Update dependencies from dotnet/emsdk dotnet/runtime#122747
• Update branding to 9.0.13 by @​vseanreesermsft in Update branding to 9.0.13 dotnet/runtime#122888
• [release/9.0] Update dependencies from dotnet/emsdk by @​dotnet-maestro[bot] in [release/9.0] Update dependencies from dotnet/emsdk dotnet/runtime#122941
• [manual] Merge release/9.0-staging into release/9.0 by @​jeffhandley in [manual] Merge release/9.0-staging into release/9.0 dotnet/runtime#123113

Full Changelog: dotnet/runtime@v9.0.12...v9.0.13

Commits viewable in compare view.

Updated Microsoft.Extensions.Hosting from 9.0.12 to 9.0.14.

Release notes

Sourced from Microsoft.Extensions.Hosting's releases.

9.0.14

Release

9.0.13

Release

What's Changed

• [release/9.0] Update dependencies from dotnet/emsdk by @​dotnet-maestro[bot] in [release/9.0] Update dependencies from dotnet/emsdk dotnet/runtime#122508
• [release/9.0] Update dependencies from dotnet/emsdk by @​dotnet-maestro[bot] in [release/9.0] Update dependencies from dotnet/emsdk dotnet/runtime#122747
• Update branding to 9.0.13 by @​vseanreesermsft in Update branding to 9.0.13 dotnet/runtime#122888
• [release/9.0] Update dependencies from dotnet/emsdk by @​dotnet-maestro[bot] in [release/9.0] Update dependencies from dotnet/emsdk dotnet/runtime#122941
• [manual] Merge release/9.0-staging into release/9.0 by @​jeffhandley in [manual] Merge release/9.0-staging into release/9.0 dotnet/runtime#123113

Full Changelog: dotnet/runtime@v9.0.12...v9.0.13

Commits viewable in compare view.

Updated Microsoft.Extensions.Logging from 9.0.12 to 9.0.14.

Release notes

Sourced from Microsoft.Extensions.Logging's releases.

9.0.14

Release

9.0.13

Release

What's Changed

• [release/9.0] Update dependencies from dotnet/emsdk by @​dotnet-maestro[bot] in [release/9.0] Update dependencies from dotnet/emsdk dotnet/runtime#122508
• [release/9.0] Update dependencies from dotnet/emsdk by @​dotnet-maestro[bot] in [release/9.0] Update dependencies from dotnet/emsdk dotnet/runtime#122747
• Update branding to 9.0.13 by @​vseanreesermsft in Update branding to 9.0.13 dotnet/runtime#122888
• [release/9.0] Update dependencies from dotnet/emsdk by @​dotnet-maestro[bot] in [release/9.0] Update dependencies from dotnet/emsdk dotnet/runtime#122941
• [manual] Merge release/9.0-staging into release/9.0 by @​jeffhandley in [manual] Merge release/9.0-staging into release/9.0 dotnet/runtime#123113

Full Changelog: dotnet/runtime@v9.0.12...v9.0.13

Commits viewable in compare view.

Updated Microsoft.Extensions.Logging.Abstractions from 9.0.12 to 9.0.14.

Release notes

Sourced from Microsoft.Extensions.Logging.Abstractions's releases.

9.0.14

Release

9.0.13

Release

What's Changed

• [release/9.0] Update dependencies from dotnet/emsdk by @​dotnet-maestro[bot] in [release/9.0] Update dependencies from dotnet/emsdk dotnet/runtime#122508
• [release/9.0] Update dependencies from dotnet/emsdk by @​dotnet-maestro[bot] in [release/9.0] Update dependencies from dotnet/emsdk dotnet/runtime#122747
• Update branding to 9.0.13 by @​vseanreesermsft in Update branding to 9.0.13 dotnet/runtime#122888
• [release/9.0] Update dependencies from dotnet/emsdk by @​dotnet-maestro[bot] in [release/9.0] Update dependencies from dotnet/emsdk dotnet/runtime#122941
• [manual] Merge release/9.0-staging into release/9.0 by @​jeffhandley in [manual] Merge release/9.0-staging into release/9.0 dotnet/runtime#123113

Full Changelog: dotnet/runtime@v9.0.12...v9.0.13

Commits viewable in compare view.

Updated Microsoft.Identity.Client from 4.77.1 to 4.83.1.

Release notes

Sourced from Microsoft.Identity.Client's releases.

4.83.1

Bug Fixes

• Fixed IMDS endpoint cache not being reset during test cleanup [Bug] ImdsManagedIdentitySource.s_cachedBaseEndpoint was never cleared by ApplicationBase.ResetStateForTest() AzureAD/microsoft-authentication-library-for-dotnet#5830

4.83.0

New Features

• Agent Skills: Added Agent Skills catalog with complete coverage of both Confidential Client Authentication and mTLS PoP flows #​5733
• mTLS PoP Skills Guide: Added comprehensive guide for GitHub Copilot Chat covering MSAL.NET authentication, mTLS Proof of Possession, and Federated Identity Credentials #​5790

Changes

• Credential Guard Attestation: Integrated native DLL handling for Credential Guard attestation with centralized versioning #​5674

Bug Fixes

• IMDSv2 mTLS Auto-Recovery: Implemented automatic recovery from SCHANNEL handshake failures by evicting cached certificates and re-minting #​5761
• Managed Identity Fallback Behavior: Restored classic fallback behavior in MSAL MI unless GetManagedIdentitySourceAsync() is explicitly invoked #​5815
• Attestation Token Expiration: Exposed expires_on field in attestation tokens for better token lifecycle management #​5741
• Service Fabric API Version: Updated Service Fabric managed identity API version from 2019-07-01-preview to 2020-05-01 #​5781
• Cached Token Validation: Enhanced ValidateCachedTokenAsync to work properly with multiple APIs beyond the initial scope #​5764
• Client Credentials Tenant ID: Updated result to properly pass tenant ID in client credentials flow #​5754
• Experimental Flag Removal: Removed experimental flag requirement from IAuthenticationOperation and WithAuthenticationExtension #​5699
• OpenTelemetry Exception Handling: Expanded OTel exception handling for Azure Functions compatibility #​5720
• ICustomWebUi Security Warning: Added security warnings to ICustomWebUi documentation #​5704

Infrastructure & Dependencies

• GitHub Actions Workflow: Added GitHub Actions workflow for Managed Identity WebAPI automated build and deployment to Azure #​5751
• .NET SDK Security Update: Updated .NET SDK from version 8.0.415 to 8.0.418 to address high severity security vulnerabilities #​5779 #​5783

4.82.1

Bug Fixes

• Remove experimental flag requirement from IAuthenticationOperation #​5699
• Add security warning to ICustomWebUi documentation #​5704

Changes

• Adds support for implicit mTLS (Mutual TLS) transport for client assertion delegates #​5670

4.82.0

4.82.0

Highlights

This release expands extensibility for confidential-client authentication (certificates + client assertions), adds additional sovereign cloud environments, and hardens security-sensitive flows (mTLS PoP and system browser auth) with clearer validation and safer defaults.

Features

• Certificate-based confidential client extensibility: Introduced CertificateOptions and updated WithCertificate extensibility APIs to accept it, including support for passing sendX5C configuration through the options model. (#​5655)
• Sovereign cloud support: Added instance discovery / authority validation support for Bleu (France), Delos (Germany), and GovSG (Singapore) cloud environments. (#​5671)
• Client assertion customization: Added WithExtraClientAssertionClaims on AcquireTokenForClientParameterBuilder to enable supplying additional signed claims in client assertions (intended for advanced scenarios and higher-level libraries). (#​5650)
• mTLS PoP guardrails: Added validation and explicit error handling when mTLS PoP is requested for unsupported environments and/or non-login.* hosts. (#​5684)
• System browser hardening: Added response_mode=form_post support for the default system browser (loopback) flow. MSAL will enforce form_post and process the authorization response from POST data. (#​5678)

Changes

• Key Attestation packaging rename: Microsoft.Identity.Client.MtlsPop renamed to Microsoft.Identity.Client.KeyAttestation (assembly/package naming update). (#​5653)

4.81.0

What's Changed

• Expose API SendX5C from ROPC CCA flow by @​neha-bhargava in Expose API SendX5C from ROPC CCA flow AzureAD/microsoft-authentication-library-for-dotnet#5635
• Refactor and simplify Microsoft.Identity.Test.LabInfrastructure by @​Avery-Dunn in Refactor and simplify Microsoft.Identity.Test.LabInfrastructure AzureAD/microsoft-authentication-library-for-dotnet#5631
• Remove Headers from MsalServiceException.ToString() to prevent logging sensitive data by @​Copilot in Remove Headers from MsalServiceException.ToString() to prevent logging sensitive data AzureAD/microsoft-authentication-library-for-dotnet#5642

Full Changelog: AzureAD/microsoft-authentication-library-for-dotnet@4.80.0...4.81.0

4.80.0

Features

• Added extensibility APIs—WithCertificate, OnMsalServiceFailure, and OnCompletion—to enable callback handling for certificate injection, retry on MSAL service failure events, and completion notifications #​5573
• Extend IAuthenticationOperation interface with Async methods in IAuthenticationOperation2 #​5376
• Enable IAuthenticationOperation2 to reject MSAL cached tokens and fetch new ones from ESTS #​5567

Changes

• IMDS Source Detection Logic Improvement #​5602
• Update DesktopOsHelper.IsMac to work properly on .NET 10 + macOS 26 #​5541

Bug Fixes

• Fix KeyNotFoundException during retry when headers lack correlation ID #​5617
• Implement Service Exception for IMDS Probe #​5615

4.79.2

What's Changed

• Bump winsdk dependency by @​bgavrilMS in Bump winsdk dependency AzureAD/microsoft-authentication-library-for-dotnet#5575
• ImdsV2 probe does not fire when .WithMtlsProofOfPossesstion is not used by @​Robbie-Microsoft in ImdsV2 probe does not fire when .WithMtlsProofOfPossesstion is not used AzureAD/microsoft-authentication-library-for-dotnet#5579
• Downgrade System.Formats.Asn1 to match ID web by @​Avery-Dunn in Downgrade System.Formats.Asn1 to match ID web AzureAD/microsoft-authentication-library-for-dotnet#5583

Full Changelog: AzureAD/microsoft-authentication-library-for-dotnet@4.79.0...4.79.2

4.79.0

What's Changed

• Fix instance discovery bug 5546 by @​bgavrilMS in Fix instance discovery bug 5546 AzureAD/microsoft-authentication-library-for-dotnet#5549
• Managed Identity IMDSv2 and new support APIs (ResetForTest, GetSourceAsync) by @​Robbie-Microsoft in Managed Identity IMDSv2 and new support APIs (ResetForTest, GetSourceAsync) AzureAD/microsoft-authentication-library-for-dotnet#5501
• Bearer Requests should Fallback to IMDS in Preview by @​gladjohn in Bearer Requests should Fallback to IMDS in Preview  AzureAD/microsoft-authentication-library-for-dotnet#5562
• Updating MSAL to send client info = 2 on client credential flow by @​trwalke in Updating MSAL to send client info = 2 on client credential flow AzureAD/microsoft-authentication-library-for-dotnet#5529
• Make IMsalMtlsHttpClientFactory interface public by @​cpp11nullptr in Make IMsalMtlsHttpClientFactory interface public AzureAD/microsoft-authentication-library-for-dotnet#5559
• Mark WithClientAssertion API as experimental by @​gladjohn in Mark WithClientAssertion API as experimental AzureAD/microsoft-authentication-library-for-dotnet#5551
• Adjust WithExtraQueryParameters APIs and cache key behavior by @​Avery-Dunn in Adjust WithExtraQueryParameters APIs and cache key behavior AzureAD/microsoft-authentication-library-for-dotnet#5536

Full Changelog: AzureAD/microsoft-authentication-library-for-dotnet@4.78.0...4.79.0

4.78.0

Changes

• Update SDK version from 8.0.404 to 8.0.415. #​5543
• Hide / deprecate some obscure APIs. #​5484

Bug Fixes

• Support Android edge-to-edge. #​5499
• Android broker does not support ADFS authority. #​5522

Commits viewable in compare view.

Updated Microsoft.Identity.Client from 4.78.0 to 4.83.1.

Release notes

Sourced from Microsoft.Identity.Client's releases.

4.83.1

Bug Fixes

• Fixed IMDS endpoint cache not being reset during test cleanup [Bug] ImdsManagedIdentitySource.s_cachedBaseEndpoint was never cleared by ApplicationBase.ResetStateForTest() AzureAD/microsoft-authentication-library-for-dotnet#5830

4.83.0

New Features

• Agent Skills: Added Agent Skills catalog with complete coverage of both Confidential Client Authentication and mTLS PoP flows #​5733
• mTLS PoP Skills Guide: Added comprehensive guide for GitHub Copilot Chat covering MSAL.NET authentication, mTLS Proof of Possession, and Federated Identity Credentials #​5790

Changes

• Credential Guard Attestation: Integrated native DLL handling for Credential Guard attestation with centralized versioning #​5674

Bug Fixes

• IMDSv2 mTLS Auto-Recovery: Implemented automatic recovery from SCHANNEL handshake failures by evicting cached certificates and re-minting #​5761
• Managed Identity Fallback Behavior: Restored classic fallback behavior in MSAL MI unless GetManagedIdentitySourceAsync() is explicitly invoked #​5815
• Attestation Token Expiration: Exposed expires_on field in attestation tokens for better token lifecycle management #​5741
• Service Fabric API Version: Updated Service Fabric managed identity API version from 2019-07-01-preview to 2020-05-01 #​5781
• Cached Token Validation: Enhanced ValidateCachedTokenAsync to work properly with multiple APIs beyond the initial scope #​5764
• Client Credentials Tenant ID: Updated result to properly pass tenant ID in client credentials flow #​5754
• Experimental Flag Removal: Removed experimental flag requirement from IAuthenticationOperation and WithAuthenticationExtension #​5699
• OpenTelemetry Exception Handling: Expanded OTel exception handling for Azure Functions compatibility #​5720
• ICustomWebUi Security Warning: Added security warnings to ICustomWebUi documentation #​5704

Infrastructure & Dependencies

• GitHub Actions Workflow: Added GitHub Actions workflow for Managed Identity WebAPI automated build and deployment to Azure #​5751
• .NET SDK Security Update: Updated .NET SDK from version 8.0.415 to 8.0.418 to address high severity security vulnerabilities #​5779 #​5783

4.82.1

Bug Fixes

• Remove experimental flag requirement from IAuthenticationOperation #​5699
• Add security warning to ICustomWebUi documentation #​5704

Changes

• Adds support for implicit mTLS (Mutual TLS) transport for client assertion delegates #​5670

4.82.0

4.82.0

Highlights

This release expands extensibility for confidential-client authentication (certificates + client assertions), adds additional sovereign cloud environments, and hardens security-sensitive flows (mTLS PoP and system browser auth) with clearer validation and safer defaults.

Features

• Certificate-based confidential client extensibility: Introduced CertificateOptions and updated WithCertificate extensibility APIs to accept it, including support for passing sendX5C configuration through the options model. (#​5655)
• Sovereign cloud support: Added instance discovery / authority validation support for Bleu (France), Delos (Germany), and GovSG (Singapore) cloud environments. (#​5671)
• Client assertion customization: Added WithExtraClientAssertionClaims on AcquireTokenForClientParameterBuilder to enable supplying additional signed claims in client assertions (intended for advanced scenarios and higher-level libraries). (#​5650)
• mTLS PoP guardrails: Added validation and explicit error handling when mTLS PoP is requested for unsupported environments and/or non-login.* hosts. (#​5684)
• System browser hardening: Added response_mode=form_post support for the default system browser (loopback) flow. MSAL will enforce form_post and process the authorization response from POST data. (#​5678)

Changes

• Key Attestation packaging rename: Microsoft.Identity.Client.MtlsPop renamed to Microsoft.Identity.Client.KeyAttestation (assembly/package naming update). (#​5653)

4.81.0

What's Changed

• Expose API SendX5C from ROPC CCA flow by @​neha-bhargava in Expose API SendX5C from ROPC CCA flow AzureAD/microsoft-authentication-library-for-dotnet#5635
• Refactor and simplify Microsoft.Identity.Test.LabInfrastructure by @​Avery-Dunn in Refactor and simplify Microsoft.Identity.Test.LabInfrastructure AzureAD/microsoft-authentication-library-for-dotnet#5631
• Remove Headers from MsalServiceException.ToString() to prevent logging sensitive data by @​Copilot in Remove Headers from MsalServiceException.ToString() to prevent logging sensitive data AzureAD/microsoft-authentication-library-for-dotnet#5642

Full Changelog: AzureAD/microsoft-authentication-library-for-dotnet@4.80.0...4.81.0

4.80.0

Features

• Added extensibility APIs—WithCertificate, OnMsalServiceFailure, and OnCompletion—to enable callback handling for certificate injection, retry on MSAL service failure events, and completion notifications #​5573
• Extend IAuthenticationOperation interface with Async methods in IAuthenticationOperation2 #​5376
• Enable IAuthenticationOperation2 to reject MSAL cached tokens and fetch new ones from ESTS #​5567

Changes

• IMDS Source Detection Logic Improvement #​5602
• Update DesktopOsHelper.IsMac to work properly on .NET 10 + macOS 26 #​5541

Bug Fixes

• Fix KeyNotFoundException during retry when headers lack correlation ID #​5617
• Implement Service Exception for IMDS Probe #​5615

4.79.2

What's Changed

• Bump winsdk dependency by @​bgavrilMS in Bump winsdk dependency AzureAD/microsoft-authentication-library-for-dotnet#5575
• ImdsV2 probe does not fire when .WithMtlsProofOfPossesstion is not used by @​Robbie-Microsoft in ImdsV2 probe does not fire when .WithMtlsProofOfPossesstion is not used AzureAD/microsoft-authentication-library-for-dotnet#5579
• Downgrade System.Formats.Asn1 to match ID web by @​Avery-Dunn in Downgrade System.Formats.Asn1 to match ID web AzureAD/microsoft-authentication-library-for-dotnet#5583

Full Changelog: AzureAD/microsoft-authentication-library-for-dotnet@4.79.0...4.79.2

4.79.0

What's Changed

• Fix instance discovery bug 5546 by @​bgavrilMS in Fix instance discovery bug 5546 AzureAD/microsoft-authentication-library-for-dotnet#5549
• Managed Identity IMDSv2 and new support APIs (ResetForTest, GetSourceAsync) by @​Robbie-Microsoft in Managed Identity IMDSv2 and new support APIs (ResetForTest, GetSourceAsync) AzureAD/microsoft-authentication-library-for-dotnet#5501
• Bearer Requests should Fallback to IMDS in Preview by @​gladjohn in Bearer Requests should Fallback to IMDS in Preview  AzureAD/microsoft-authentication-library-for-dotnet#5562
• Updating MSAL to send client info = 2 on client credential flow by @​trwalke in Updating MSAL to send client info = 2 on client credential flow AzureAD/microsoft-authentication-library-for-dotnet#5529
• Make IMsalMtlsHttpClientFactory interface public by @​cpp11nullptr in Make IMsalMtlsHttpClientFactory interface public AzureAD/microsoft-authentication-library-for-dotnet#5559
• Mark WithClientAssertion API as experimental by @​gladjohn in Mark WithClientAssertion API as experimental AzureAD/microsoft-authentication-library-for-dotnet#5551
• Adjust WithExtraQueryParameters APIs and cache key behavior by @​Avery-Dunn in Adjust WithExtraQueryParameters APIs and cache key behavior AzureAD/microsoft-authentication-library-for-dotnet#5536

Full Changelog: AzureAD/microsoft-authentication-library-for-dotnet@4.78.0...4.79.0

Commits viewable in compare view.

Updated Microsoft.NET.ILLink.Tasks from 8.0.23 to 8.0.25.

Release notes

Sourced from Microsoft.NET.ILLink.Tasks's releases.

8.0.25

Release

8.0.24

Release

What's Changed

• [release/8.0] Update dependencies from dotnet/arcade by @​dotnet-maestro[bot] in [release/8.0] Update dependencies from dotnet/arcade dotnet/runtime#122558
• [release/8.0] Update dependencies from dotnet/cecil by @​dotnet-maestro[bot] in [release/8.0] Update dependencies from dotnet/cecil dotnet/runtime#122089
• [release/8.0] Update dependencies from dotnet/emsdk by @​dotnet-maestro[bot] in [release/8.0] Update dependencies from dotnet/emsdk dotnet/runtime#122507
• Update branding to 8.0.24 by @​vseanreesermsft in Update branding to 8.0.24 dotnet/runtime#122887
• Revert "[release/8.0] Update dependencies from dotnet/arcade" by @​jozkee in Revert "[release/8.0] Update dependencies from dotnet/arcade" dotnet/runtime#122943
• [release/8.0] Update dependencies from dotnet/emsdk by @​dotnet-maestro[bot] in [release/8.0] Update dependencies from dotnet/emsdk dotnet/runtime#122746
• Merging internal commits for release/8.0 by @​vseanreesermsft in Merging internal commits for release/8.0 dotnet/runtime#123150
• [manual] Merge release/8.0-staging into release/8.0 by @​jeffhandley in [manual] Merge release/8.0-staging into release/8.0 dotnet/runtime#123114
• [release/8.0] Update dependencies from dotnet/emsdk by @​dotnet-maestro[bot] in [release/8.0] Update dependencies from dotnet/emsdk dotnet/runtime#123185

Full Changelog: dotnet/runtime@v8.0.23...v8.0.24

Commits viewable in compare view.

Updated Microsoft.NET.Test.Sdk from 18.0.1 to 18.3.0.

Release notes

Sourced from Microsoft.NET.Test.Sdk's releases.

18.3.0

What's Changed

• Fix answer file splitting by @​nohwnd in Fix answer file splitting microsoft/vstest#15306

Internal fixes and updates

• Bump branding to 18.1 by @​nohwnd in Bump branding to 18.1 microsoft/vstest#15286
• Remove stale copy of S.ComponentModel.Composition from testplatform packages by @​ViktorHofer in Remove stale copy of S.ComponentModel.Composition from testplatform packages microsoft/vstest#15287
• Update codeflow metadata to fix backflow by @​premun in Update codeflow metadata to fix backflow microsoft/vstest#15291
• [main] Update dependencies from devdiv/DevDiv/vs-code-coverage by @​dotnet-maestro[bot] in [main] Update dependencies from devdiv/DevDiv/vs-code-coverage microsoft/vstest#15283
• Update Microsoft.Build.Utilities.Core by @​Youssef1313 in Update Microsoft.Build.Utilities.Core microsoft/vstest#15300
• Disable DynamicNative instrumentation by default by @​nohwnd in Disable DynamicNative instrumentation by default microsoft/vstest#15299
• [main] Source code updates from dotnet/dotnet by @​dotnet-maestro[bot] in [main] Source code updates from dotnet/dotnet microsoft/vstest#15293
• [main] Source code updates from dotnet/dotnet by @​dotnet-maestro[bot] in [main] Source code updates from dotnet/dotnet microsoft/vstest#15302
• [main] Source code updates from dotnet/dotnet by @​dotnet-maestro[bot] in [main] Source code updates from dotnet/dotnet microsoft/vstest#15314
• Delete sha1 custom implementation we are not using for a long time by @​nohwnd in Delete sha1 custom implementation we are not using for a long time microsoft/vstest#15313
• [main] Source code updates from dotnet/dotnet by @​dotnet-maestro[bot] in [main] Source code updates from dotnet/dotnet microsoft/vstest#15315
• Update branding to 18.3.0 by @​nohwnd in Update branding to 18.3.0 microsoft/vstest#15321
• [main] Update dependencies from devdiv/DevDiv/vs-code-coverage by @​dotnet-maestro[bot] in [main] Update dependencies from devdiv/DevDiv/vs-code-coverage microsoft/vstest#15325
• [main] Update dependencies from dotnet/arcade by @​dotnet-maestro[bot] in [main] Update dependencies from dotnet/arcade microsoft/vstest#15264
• Revert adding dotnet_host_path workaround by @​nohwnd in Revert adding dotnet_host_path workaround microsoft/vstest#15328
• [main] Update dependencies from dotnet/arcade by @​dotnet-maestro[bot] in [main] Update dependencies from dotnet/arcade microsoft/vstest#15338
• [main] Source code updates from dotnet/dotnet by @​dotnet-maestro[bot] in [main] Source code updates from dotnet/dotnet microsoft/vstest#15322
• [main] Update dependencies from dotnet/arcade by @​dotnet-maestro[bot] in [main] Update dependencies from dotnet/arcade microsoft/vstest#15343
• Change PreReleaseVersionLabel from 'preview' to 'release' by @​nohwnd in Change PreReleaseVersionLabel from 'preview' to 'release' microsoft/vstest#15352
• [rel/18.3] Update dependencies from devdiv/DevDiv/vs-code-coverage by @​dotnet-maestro[bot] in [rel/18.3] Update dependencies from devdiv/DevDiv/vs-code-coverage microsoft/vstest#15354
• [rel/18.3] Update dependencies from dotnet/arcade by @​dotnet-maestro[bot] in [rel/18.3] Update dependencies from dotnet/arcade microsoft/vstest#15389
• [rel/18.3] Update dependencies from dotnet/arcade by @​dotnet-maestro[bot] in [rel/18.3] Update dependencies from dotnet/arcade microsoft/vstest#15400
• Update build tools to 17.11.48 to be source buildable by @​nohwnd in Update build tools to 17.11.48 to be source buildable microsoft/vstest#15310
• Disable publishing on RTM by @​nohwnd in Disable publishing on RTM microsoft/vstest#15296
• Don't access nuget.org for package feeds by @​nohwnd in Don't access nuget.org for package feeds microsoft/vstest#15316
• No nuget access fix tests by @​nohwnd in No nuget access fix tests microsoft/vstest#15317
• Disable Dependabot updates in dependabot.yml by @​mmitche in Disable Dependabot updates in dependabot.yml microsoft/vstest#15324

New Contributors

• @​premun made their first contribution in Update codeflow metadata to fix backflow microsoft/vstest#15291

Commits viewable in compare view.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions