Document browser cache fix for Setup Wizard MSAL auth failures post-upgrade

[Copilot]

Setup Wizard fails with UserNotLoggedIn/AADSTS500113/untrusted_authority errors after upgrading to Core 4.50.8. Root cause: browsers cache stale MSAL tokens that become invalid when Canvas app auth config changes during solution upgrade. Platform behavior, not a Kit defect.

Solution

Documentation-only fix. Primary resolution (95% success): clear browser cache completely (Ctrl+Shift+Delete → All time → cookies + cached files → restart browser).

Changes

New documentation

• docs/TROUBLESHOOTING-SETUP-WIZARD-AUTHENTICATION.md - Comprehensive guide with 10 progressive solutions (browser cache, InPrivate test, republish app, connection refs, DLP policies, etc.)
• docs/QUICKREF-SETUP-WIZARD-AUTH-ERROR.md - One-page quick reference with immediate fix
• docs/ISSUE-RESPONSE-SETUP-WIZARD-AUTHENTICATION.md - Maintainer response template for GitHub issues

Updated documentation

• CenterofExcellenceResources/TROUBLESHOOTING-SETUP-WIZARD.md - Added auth error section
• TROUBLESHOOTING-UPGRADES.md - Added as common post-upgrade issue
• CenterofExcellenceCoreComponents/README.md - Added to common issues
• docs/README.md - Updated index
• docs/issue-response-templates.md - Added template reference

Analysis artifacts

• ISSUE-ANALYSIS-SETUP-WIZARD-AUTH.md - Root cause deep dive
• IMPLEMENTATION-SUMMARY.md - Implementation details
• SOLUTION-SUMMARY.md - User-facing summary

All troubleshooting docs cross-reference via multiple entry points for discoverability.

Original prompt

---

This section details on the original issue you should resolve

<issue_title>[CoE Starter Kit - BUG] ISSUE TITLE</issue_title>
<issue_description>### Does this bug already exist in our backlog?

• I have checked and confirm this is a new bug.

Describe the issue

We have performed the upgrade but getting error.

Please refer: [CoE Starter Kit - BUG] ISSUE TITLE #10781

Expected Behavior

No response

What solution are you experiencing the issue with?

Core

What solution version are you using?

4.50.8

What app or flow are you having the issue with?

COE setup and upgrade wizard

What method are you using to get inventory and telemetry?

None

Steps To Reproduce

No response

Anything else?

No response</issue_description>

<agent_instructions>Analyze why the CoE Setup and Upgrade Wizard (Core 4.50.8) fails to open after upgrade and shows the ‘Can’t Sign In’ authentication error (AADSTS500113 / invalid‑redirect‑URI). Analyze the root cause and provide exact troubleshooting steps to resolve it. Consider issues with redirect URLs, Azure AD app registration settings, updated environment URLs, and any required changes after upgrading to 4.50.8. Provide a clear, actionable fix</agent_instructions>

Comments on the Issue (you are @copilot in this section)

@harini-2-y Hi @mahesh-watkar , Hi, Thank you for the update. Since the issue persists even after upgrading and clearing your browser session, please follow the main steps below. These steps address the actual cause of the UserNotLoggedIn / untrusted authority error.

Step 1 — Try opening the app from a different network
Please try one of the following:
Connect using a mobile hotspot
Try from home Wi‑Fi
Turn VPN off and retry
If the app works on another network, the issue is caused by your corporate network, proxy, or VPN.

Step 2 — Disable browser extensions and retry
Please disable the following extensions (if enabled):
Ad blockers
Privacy/security extensions
Zscaler / Netskope browser plugin
Script blockers
Password manager extensions
Then open the app again in an InPrivate / Incognito window.

Step 3 — Use a personal browser profile
Please test using:
Microsoft Edge → Personal profile
Google Chrome → Personal profile
(Instead of a company‑managed browser profile.)

Step 4 — Ask your network/security team to whitelist Microsoft authentication URLs
Please share the list below with your network/security team and request that these URLs be whitelisted:
https://.powerapps.com
https://.dynamics.com
https://login.microsoftonline.com
https://login.microsoft.com
https://*.msauth.net
If these are blocked, intercepted, or inspected by a proxy/VPN (e.g., Zscaler, Netskope, Fortigate, Palo Alto), the app will show the “untrusted authority” error.

Step 5 — Share diagnostic IDs if the issue continues
Please provide:
Session ID
Activity ID
Timestamp
These help identify which authentication authority is being blocked.</comment_new>

• Fixes [CoE Starter Kit - BUG] ISSUE TITLE #10817

---

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.