[Bug] WAM Error 3400073236 #5697
Description
Library version used
Visual Studio 2022
.NET version
.NET Framework 4.8
Scenario
PublicClient - desktop app
Is this a new or an existing app?
The app is in production, and I have upgraded to a new version of MSAL
Issue description and reproduction steps
Issue Summary
- Authentication to Azure DevOps Services (Org: SageDE‑SMB) fails on Windows 11 Enterprise 24H2 devices when not connected to VPN.
- Error: BrowserFlowException: SP324098 – Your browser could not complete the operation.
- Browser authentication works, but WAM / non‑browser authentication fails.
- Affected devices are Hybrid Azure AD Joined with TPM‑protected device keys.
- Devices using software‑based keys authenticate normally.
- Issue began around January 24, 2026.
Preliminary Observations
- The SP324098 error indicates a failure in the browser‑based flow invoked by WAM or other non‑browser sign‑in methods.
- The behavior reproduces on newly built Windows 11 VMs but not on upgraded ones, suggesting a possible interaction between TPM‑protected keys and the authentication flow. Windows 10 joined and upgraded machines work fine
Relevant code snippets
var tfsProjectCollection = Microsofto.TeamFoundation.Client.TfsTeamProjectCollectionFactory.GetTeamProjectCollection(serverUri);Expected behavior
Should sign in without any issues after completing the authentication dialog
Identity provider
Microsoft Entra ID (Work and School accounts and Personal Microsoft accounts)
Regression
No response
Solution and workarounds
No workaround found for the moment