From e8763c4771222ac3c06ea9d53a1af0a2b3cb99a8 Mon Sep 17 00:00:00 2001
From: Yeming Liu <yeliu@microsoft.com>
Date: Thu, 3 Jul 2025 18:02:20 +1000
Subject: [PATCH 1/2] Refine error message about MFA

---
 src/Accounts/Accounts/ChangeLog.md            |   1 +
 .../Accounts/CommonModule/ContextAdapter.cs   |   5 +-
 .../IClaimsChallengeProcessor.cs              |   2 +-
 .../Authentication/ClaimsChallengeHandler.cs  |  13 +-
 src/Accounts/Authentication/MFA.dgml          | 435 ++++++++++++++++++
 .../Utilities/ClaimsChallengeUtilities.cs     |  53 ++-
 .../Authenticators/MsalAccessToken.cs         |  12 +
 7 files changed, 506 insertions(+), 15 deletions(-)
 create mode 100644 src/Accounts/Authentication/MFA.dgml

diff --git a/src/Accounts/Accounts/ChangeLog.md b/src/Accounts/Accounts/ChangeLog.md
index 0a826675688b..24432ad4eaf2 100644
--- a/src/Accounts/Accounts/ChangeLog.md
+++ b/src/Accounts/Accounts/ChangeLog.md
@@ -19,6 +19,7 @@
 -->
 
 ## Upcoming Release
+* Refined the error message when a cmdlet fails because of policy violations about Multi-Factor Authentication (MFA) to provide more actionable guidance.
 
 ## Version 5.1.1
 * Updated the date in the message about multi-factor authentication (MFA). For more details, see https://go.microsoft.com/fwlink/?linkid=2276971
diff --git a/src/Accounts/Accounts/CommonModule/ContextAdapter.cs b/src/Accounts/Accounts/CommonModule/ContextAdapter.cs
index 281fc2dea145..fcd088d91932 100644
--- a/src/Accounts/Accounts/CommonModule/ContextAdapter.cs
+++ b/src/Accounts/Accounts/CommonModule/ContextAdapter.cs
@@ -200,14 +200,13 @@ internal async Task<HttpResponseMessage> AuthenticationHelper(IAzureContext cont
             {
                 var response = await next(request, cancelToken, cancelAction, signal);
 
-                if (response.MatchClaimsChallengePattern())
+                if (response.MatchClaimsChallengePattern(out var claimsChallenge))
                 {
                     //get token again with claims challenge
                     if (accessToken is IClaimsChallengeProcessor processor)
                     {
                         try
                         {
-                            var claimsChallenge = ClaimsChallengeUtilities.GetClaimsChallenge(response);
                             if (!string.IsNullOrEmpty(claimsChallenge))
                             {
                                 await processor.OnClaimsChallenageAsync(newRequest, claimsChallenge, cancelToken).ConfigureAwait(false);
@@ -219,7 +218,7 @@ internal async Task<HttpResponseMessage> AuthenticationHelper(IAzureContext cont
                         }
                         catch (AuthenticationFailedException e)
                         {
-                            throw e.WithAdditionalMessage(response?.GetWwwAuthenticateMessage());
+                            throw e.WithAdditionalMessage(ClaimsChallengeUtilities.FormatClaimsChallengeErrorMessage(claimsChallenge, await response?.Content?.ReadAsStringAsync()));
                         }
                     }
                 }
diff --git a/src/Accounts/Authentication/Authentication/IClaimsChallengeProcessor.cs b/src/Accounts/Authentication/Authentication/IClaimsChallengeProcessor.cs
index 635adffb5a47..b7eb0ff83abb 100644
--- a/src/Accounts/Authentication/Authentication/IClaimsChallengeProcessor.cs
+++ b/src/Accounts/Authentication/Authentication/IClaimsChallengeProcessor.cs
@@ -29,7 +29,7 @@ public interface IClaimsChallengeProcessor
         /// <param name="request">The origin request that responds with a claim challenge</param>
         /// <param name="claimsChallenge">Claims challenge string</param>
         /// <param name="cancellationToken">Cancellation token</param>
-        /// <returns>Successful or not</returns>
+        /// <returns>A boolean indicated whether the request should be retried</returns>
         ValueTask<bool> OnClaimsChallenageAsync(HttpRequestMessage request, string claimsChallenge, CancellationToken cancellationToken);
     }
 }
diff --git a/src/Accounts/Authentication/ClaimsChallengeHandler.cs b/src/Accounts/Authentication/ClaimsChallengeHandler.cs
index 5f2c93d3150d..0ed037a93275 100644
--- a/src/Accounts/Authentication/ClaimsChallengeHandler.cs
+++ b/src/Accounts/Authentication/ClaimsChallengeHandler.cs
@@ -14,7 +14,6 @@
 
 using Azure.Identity;
 using System;
-using System.Net;
 using System.Net.Http;
 using System.Threading;
 using System.Threading.Tasks;
@@ -34,18 +33,19 @@ public ClaimsChallengeHandler(IClaimsChallengeProcessor claimsChallengeProcessor
         protected override async Task<HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
         {
             var response = await base.SendAsync(request, cancellationToken);
-            if (response.MatchClaimsChallengePattern())
+            if (response.MatchClaimsChallengePattern(out var claimsChallenge))
             {
                 try
                 {
-                    if (await OnChallengeAsync(request, response, cancellationToken))
+                    if (await OnChallengeAsync(claimsChallenge, request, response, cancellationToken))
                     {
                         return await base.SendAsync(request, cancellationToken);
                     }
                 }
                 catch (AuthenticationFailedException e)
                 {
-                    throw e.WithAdditionalMessage(response?.GetWwwAuthenticateMessage());
+                    string additionalErrorMessage = ClaimsChallengeUtilities.FormatClaimsChallengeErrorMessage(claimsChallenge, await response?.Content?.ReadAsStringAsync());
+                    throw e.WithAdditionalMessage(additionalErrorMessage);
                 }
             }
             return response;
@@ -59,14 +59,13 @@ public virtual object Clone()
         /// Executed in the event a 401 response with a WWW-Authenticate authentication challenge header is received after the initial request.
         /// </summary>
         /// <remarks>This implementation handles common authentication challenges such as claims challenges. Service client libraries may derive from this and extend to handle service specific authentication challenges.</remarks>
+        /// <param name="claimsChallenge"></param>
         /// <param name="requestMessage">The HttpMessage to be authenticated.</param>
         /// <param name="cancellationToken">Cancellation token</param>
         /// <param name="responseMessage"></param>
         /// <returns>A boolean indicated whether the request should be retried</returns>
-        protected virtual async Task<bool> OnChallengeAsync(HttpRequestMessage requestMessage, HttpResponseMessage responseMessage, CancellationToken cancellationToken)
+        protected virtual async Task<bool> OnChallengeAsync(string claimsChallenge, HttpRequestMessage requestMessage, HttpResponseMessage responseMessage, CancellationToken cancellationToken)
         {
-            var claimsChallenge = ClaimsChallengeUtilities.GetClaimsChallenge(responseMessage);
-
             if (!string.IsNullOrEmpty(claimsChallenge))
             {
                 return await ClaimsChallengeProcessor.OnClaimsChallenageAsync(requestMessage, claimsChallenge, cancellationToken).ConfigureAwait(false);
diff --git a/src/Accounts/Authentication/MFA.dgml b/src/Accounts/Authentication/MFA.dgml
new file mode 100644
index 000000000000..f8d88c6ebdbf
--- /dev/null
+++ b/src/Accounts/Authentication/MFA.dgml
@@ -0,0 +1,435 @@
+<?xml version="1.0" encoding="utf-8"?>
+<DirectedGraph DataVirtualized="True" Layout="Sugiyama" ZoomLevel="-1" xmlns="http://schemas.microsoft.com/vs/2009/dgml">
+  <Nodes>
+    <Node Id="@11" Category="CodeSchema_Namespace" Bounds="261.465842239037,611.986055208053,460.413333333333,140.000378123803" CodeSchemaProperty_IsPublic="True" CodeSchemaProperty_IsStatic="True" CommonLabel="Microsoft.Azure.Commands.Common.Authentication" DelayedChildNodesState="Incomplete" DelayedCrossGroupLinksState="Fetched" Group="Expanded" Label="Microsoft.Azure.Commands.Common.Authentication" />
+    <Node Id="@12" Category="CodeSchema_Namespace" Bounds="299.450842239038,496.985833331856,384.443333333333,85.0002" CodeSchemaProperty_IsPublic="True" CodeSchemaProperty_IsStatic="True" CommonLabel="Microsoft.Azure.Commands.Common.Authentication.Factories" DelayedChildNodesState="Incomplete" DelayedCrossGroupLinksState="Fetched" Group="Expanded" Label="Microsoft.Azure.Commands.Common.Authentication.Factories" />
+    <Node Id="@14" Category="CodeSchema_Namespace" Bounds="351.319175572371,266.985233331856,280.706666666667,140.0003" CodeSchemaProperty_IsPublic="True" CodeSchemaProperty_IsStatic="True" CommonLabel="Microsoft.Azure.PowerShell.Authenticators" DelayedChildNodesState="Incomplete" DelayedCrossGroupLinksState="Fetched" Group="Expanded" Label="Microsoft.Azure.PowerShell.Authenticators" />
+    <Node Id="@15" Category="CodeSchema_Namespace" Bounds="391.815717735423,887.986833331856,200.716666666667,85.0001999999999" CodeSchemaProperty_IsExternal="True" CodeSchemaProperty_IsPublic="True" CodeSchemaProperty_IsStatic="True" CommonLabel="System.Net.Http" DelayedChildNodesState="Incomplete" DelayedCrossGroupLinksState="Fetched" Group="Expanded" Label="System.Net.Http" />
+    <Node Id="@16" Category="CodeSchema_Class" Bounds="281.465842239038,651.986155208053,190.17,25" CodeSchemaProperty_IsPublic="True" CommonLabel="ClaimsChallengeHandler" DelayedChildNodesState="NotFetched" DelayedCrossGroupLinksState="Fetched" Group="Collapsed" Icon="CodeSchema_Class" Label="ClaimsChallengeHandler" SourceLocation="(Assembly=file:///C:/Users/yeliu/code/azure-powershell/src/Accounts/Authentication/ClaimsChallengeHandler.cs StartLineNumber=23 StartCharacterOffset=17 EndLineNumber=23 EndCharacterOffset=39)" />
+    <Node Id="@17" Category="CodeSchema_Class" Bounds="426.895842239038,536.986155208053,129.553333333333,25" CodeSchemaProperty_IsPublic="True" CommonLabel="ClientFactory" DelayedChildNodesState="NotFetched" DelayedCrossGroupLinksState="Fetched" Group="Collapsed" Icon="CodeSchema_Class" Label="ClientFactory" SourceLocation="(Assembly=file:///C:/Users/yeliu/code/azure-powershell/src/Accounts/Authentication/Factories/ClientFactory.cs StartLineNumber=38 StartCharacterOffset=17 EndLineNumber=38 EndCharacterOffset=30)" />
+    <Node Id="@18" Category="CodeSchema_Class" Bounds="419.889273358871,91.9850333318556,144.65,25" CodeSchemaProperty_IsInternal="True" CommonLabel="ContextAdapter" DelayedChildNodesState="NotFetched" DelayedCrossGroupLinksState="Fetched" Group="Collapsed" Icon="CodeSchema_Class" Label="ContextAdapter" SourceLocation="(Assembly=file:///C:/Users/yeliu/code/azure-powershell/src/Accounts/Accounts/CommonModule/ContextAdapter.cs StartLineNumber=41 StartCharacterOffset=19 EndLineNumber=41 EndCharacterOffset=33)" />
+    <Node Id="@19" Category="CodeSchema_Class" Bounds="411.815717735423,927.984355208054,160.716666666667,25" CodeSchemaProperty_IsAbstract="True" CodeSchemaProperty_IsExternal="True" CodeSchemaProperty_IsPublic="True" CommonLabel="DelegatingHandler" DelayedChildNodesState="NotFetched" DelayedCrossGroupLinksState="Fetched" Group="Collapsed" Icon="CodeSchema_Class" Label="DelegatingHandler" />
+    <Node Id="@2" Category="CodeSchema_Assembly" Bounds="371.815717735423,847.986733331856,240.716666666667,145.0004" CodeSchemaProperty_IsExternal="True" CodeSchemaProperty_StrongName="netstandard, Version=2.0.0.0, Culture=neutral, PublicKeyToken=cc7b13ffcd2ddd51" CommonLabel="netstandard" DelayedChildNodesState="Incomplete" DelayedCrossGroupLinksState="Fetched" FilePath="Q:\.tools\.nuget\packages\netstandard.library\2.0.3\build\netstandard2.0\ref\netstandard.dll" Group="Expanded" Label="netstandard.dll" />
+    <Node Id="@20" Category="CodeSchema_Interface" Bounds="499.222508905704,706.986155208053,202.656666666667,25" CodeSchemaProperty_IsAbstract="True" CodeSchemaProperty_IsPublic="True" CommonLabel="IClaimsChallengeProcessor" DelayedChildNodesState="NotFetched" DelayedCrossGroupLinksState="Fetched" Group="Collapsed" Icon="CodeSchema_Interface" Label="IClaimsChallengeProcessor" SourceLocation="(Assembly=file:///C:/Users/yeliu/code/azure-powershell/src/Accounts/Authentication/Authentication/IClaimsChallengeProcessor.cs StartLineNumber=23 StartCharacterOffset=21 EndLineNumber=23 EndCharacterOffset=46)" />
+    <Node Id="@22" Category="CodeSchema_Class" Bounds="415.497508905705,361.986155208053,152.35,25" CodeSchemaProperty_IsPublic="True" CommonLabel="MsalAccessToken" DelayedChildNodesState="NotFetched" DelayedCrossGroupLinksState="Fetched" Group="Collapsed" Icon="CodeSchema_Class" Label="MsalAccessToken" SourceLocation="(Assembly=file:///C:/Users/yeliu/code/azure-powershell/src/Accounts/Authenticators/MsalAccessToken.cs StartLineNumber=30 StartCharacterOffset=17 EndLineNumber=30 EndCharacterOffset=32)" />
+    <Node Id="@23" Category="CodeSchema_Class" Bounds="501.659175572372,651.986155208053,197.783333333333,25" CodeSchemaProperty_IsPublic="True" CommonLabel="RenewingTokenCredential" DelayedChildNodesState="NotFetched" DelayedCrossGroupLinksState="Fetched" Group="Collapsed" Icon="CodeSchema_Class" Label="RenewingTokenCredential" SourceLocation="(Assembly=file:///C:/Users/yeliu/code/azure-powershell/src/Accounts/Authentication/Authentication/RenewingTokenCredential.cs StartLineNumber=22 StartCharacterOffset=17 EndLineNumber=22 EndCharacterOffset=40)" />
+    <Node Id="@24" Category="CodeSchema_Class" Bounds="410.339175572371,306.986155208053,162.666666666667,25" CodeSchemaProperty_IsPublic="True" CommonLabel="SilentAuthenticator" DelayedChildNodesState="NotFetched" DelayedCrossGroupLinksState="Fetched" Group="Collapsed" Icon="CodeSchema_Class" Label="SilentAuthenticator" SourceLocation="(Assembly=file:///C:/Users/yeliu/code/azure-powershell/src/Accounts/Authenticators/SilentAuthenticator.cs StartLineNumber=29 StartCharacterOffset=17 EndLineNumber=29 EndCharacterOffset=36)" />
+    <Node Id="@4" Category="CodeSchema_Assembly" AssemblyTimestamp="06/24/2025 01:32:36" Bounds="241.465842239037,456.985733331856,500.413333333333,315.0008" CodeSchemaProperty_StrongName="Microsoft.Azure.PowerShell.Authentication, Version=5.1.0.0, Culture=neutral, PublicKeyToken=null" CommonLabel="Microsoft.Azure.PowerShell.Authentication" DelayedChildNodesState="Incomplete" DelayedCrossGroupLinksState="Fetched" FilePath="$(e6180eb3-5b64-411c-8866-30c344e8307d.OutputPath)" Group="Expanded" Label="Microsoft.Azure.PowerShell.Authentication.dll" />
+    <Node Id="@6" Category="CodeSchema_Assembly" AssemblyTimestamp="06/24/2025 01:32:36" Bounds="331.319175572371,226.985133331856,320.706666666667,200.0005" CodeSchemaProperty_StrongName="Microsoft.Azure.PowerShell.Authenticators, Version=5.1.0.0, Culture=neutral, PublicKeyToken=null" CommonLabel="Microsoft.Azure.PowerShell.Authenticators" DelayedChildNodesState="Incomplete" DelayedCrossGroupLinksState="Fetched" FilePath="$(38fd16e6-8b3f-4c8d-805a-506ef7a60cf7.OutputPath)" Group="Expanded" Label="Microsoft.Azure.PowerShell.Authenticators.dll" />
+    <Node Id="@8" AssemblyTimestamp="07/02/2025 05:52:33" Bounds="329.654273358871,-59.9349666681445,325.12,216.92" CodeSchemaProperty_StrongName="Microsoft.Azure.PowerShell.Cmdlets.Accounts, Version=5.1.1.0, Culture=neutral, PublicKeyToken=null" CommonLabel="Microsoft.Azure.PowerShell.Cmdlets.Accounts" DelayedChildNodesState="Incomplete" DelayedCrossGroupLinksState="Fetched" ErrorLevel="Error" FilePath="$(142d7b0b-388a-4ceb-a228-7f6d423c5c2e.OutputPath)" Group="Expanded" Label="Microsoft.Azure.PowerShell.Cmdlets.Accounts.dll" />
+    <Node Id="@9" Category="CodeSchema_Namespace" Bounds="364.850940025538,-19.9349666681445,254.726666666667,156.92" CodeSchemaProperty_IsPublic="True" CodeSchemaProperty_IsStatic="True" CommonLabel="Microsoft.Azure.Commands.Common" DelayedChildNodesState="Incomplete" DelayedCrossGroupLinksState="Fetched" Group="Expanded" Label="Microsoft.Azure.Commands.Common" />
+    <Node Id="Accounts{FA39052A-8468-4E8F-8944-7C02AAE212FF}" Category="CodeMap_SolutionFolder" Bounds="221.465842239037,186.985033331856,540.413333333333,605.0016" Group="Expanded" Label="Accounts" />
+    <Node Id="HasSimilarLogicAsClaimsChallengeHandler" Category="Comment" Bounds="417.629273358871,20.0650333318555,149.17,41.92" Label="Has similar logic as ClaimsChallengeHandler" />
+    <Node Id="_standardGraphExternalsGroup" Category="Externals" Bounds="365.815717735423,821.986633331856,252.716666666667,177.0006" Group="Expanded" Label="Externals" LayoutSettings="List" />
+  </Nodes>
+  <Links>
+    <Link Source="@11" Target="@16" Category="Contains" FetchingParent="@11" />
+    <Link Source="@11" Target="@20" Category="Contains" FetchingParent="@11" />
+    <Link Source="@11" Target="@23" Category="Contains" FetchingParent="@11" />
+    <Link Source="@12" Target="@17" Category="Contains" FetchingParent="@12" />
+    <Link Source="@14" Target="@22" Category="Contains" FetchingParent="@14" />
+    <Link Source="@14" Target="@24" Category="Contains" FetchingParent="@14" />
+    <Link Source="@15" Target="@19" Category="Contains" FetchingParent="@15" />
+    <Link Source="@16" Target="@19" Category="InheritsFrom" Bounds="173.931037056723,665.000337499947,370.929400667542,246.026127105074" IsSourceVirtualized="True" IsTargetVirtualized="True" Weight="3">
+      <Category Ref="CodeSchema_Calls" />
+    </Link>
+    <Link Source="@16" Target="@20" Category="References" Bounds="427.459930419922,676.986145019531,113.441436767578,27.8539428710938" IsSourceVirtualized="True" IsTargetVirtualized="True" Weight="6">
+      <Category Ref="CodeSchema_Calls" />
+      <Category Ref="CodeSchema_ReturnTypeLink" />
+    </Link>
+    <Link Source="@17" Target="@16" Category="CodeSchema_Calls" Bounds="173.965505090573,550.000012499897,83.7279723017792,83.6397205243704" IsSourceVirtualized="True" IsTargetVirtualized="True" Weight="1" />
+    <Link Source="@17" Target="@19" Category="References" Bounds="279.829401743371,550.000012499897,276.264498708822,358.869511249495" IsSourceVirtualized="True" Weight="9">
+      <Category Ref="CodeSchema_ReturnTypeLink" />
+    </Link>
+    <Link Source="@18" Target="@20" Category="References" Bounds="385.673532555327,104.998837499947,181.628232346315,581.411016446984" IsSourceVirtualized="True" IsTargetVirtualized="True" Weight="2">
+      <Category Ref="CodeSchema_Calls" />
+    </Link>
+    <Link Source="@2" Target="@15" Category="Contains" FetchingParent="@2" />
+    <Link Source="@22" Target="@20" Category="Implements" Bounds="274.151523239635,374.999512499897,98.280006209729,311.418185908129" Weight="1" />
+    <Link Source="@23" Target="@20" Category="Implements" Bounds="600.550842285156,676.986145019531,0,21" IsSourceVirtualized="True" IsTargetVirtualized="True" Weight="2">
+      <Category Ref="CodeSchema_Calls" />
+    </Link>
+    <Link Source="@24" Target="@22" Category="CodeSchema_Calls" Bounds="491.672515869141,331.986145019531,0,21" IsSourceVirtualized="True" IsTargetVirtualized="True" Weight="1" />
+    <Link Source="@4" Target="@11" Category="Contains" FetchingParent="@4" />
+    <Link Source="@4" Target="@12" Category="Contains" FetchingParent="@4" />
+    <Link Source="@4" Target="@2" Category="CodeMap_ExternalReference" />
+    <Link Source="@6" Target="@14" Category="Contains" FetchingParent="@6" />
+    <Link Source="@6" Target="@2" Category="CodeMap_ExternalReference" />
+    <Link Source="@6" Target="@4" Category="CodeMap_ProjectReference" />
+    <Link Source="@8" Target="@2" Category="CodeMap_ExternalReference" />
+    <Link Source="@8" Target="@4" Category="CodeMap_ProjectReference" />
+    <Link Source="@8" Target="@6" Category="CodeMap_ProjectReference" />
+    <Link Source="@8" Target="@9" Category="Contains" FetchingParent="@8" />
+    <Link Source="@9" Target="@18" Category="Contains" FetchingParent="@9" />
+    <Link Source="@9" Target="HasSimilarLogicAsClaimsChallengeHandler" Category="Contains" />
+    <Link Source="Accounts{FA39052A-8468-4E8F-8944-7C02AAE212FF}" Target="@4" Category="Contains" FetchingParent="Accounts{FA39052A-8468-4E8F-8944-7C02AAE212FF}" />
+    <Link Source="Accounts{FA39052A-8468-4E8F-8944-7C02AAE212FF}" Target="@6" Category="Contains" FetchingParent="Accounts{FA39052A-8468-4E8F-8944-7C02AAE212FF}" />
+    <Link Source="HasSimilarLogicAsClaimsChallengeHandler" Target="@18" Bounds="492.214263916016,61.985034942627,0,20.9999961853027" />
+    <Link Source="_standardGraphExternalsGroup" Target="@2" Category="Contains" />
+  </Links>
+  <Categories>
+    <Category Id="CodeMap_ExternalReference" Label="External Reference" CanBeDataDriven="True" CanLinkedNodesBeDataDriven="True" IncomingActionLabel="Referenced By" OutgoingActionLabel="References" />
+    <Category Id="CodeMap_ProjectReference" Label="Project Reference" CanBeDataDriven="True" CanLinkedNodesBeDataDriven="True" IncomingActionLabel="Referenced By" OutgoingActionLabel="References" />
+    <Category Id="CodeMap_SolutionFolder" Label="Solution Folder" CanBeDataDriven="True" IsProviderRoot="False" NavigationActionLabel="Solution Folder" />
+    <Category Id="CodeSchema_Assembly" Label="Assembly" BasedOn="File" CanBeDataDriven="True" DefaultAction="Microsoft.Contains" Icon="CodeSchema_Assembly" NavigationActionLabel="Assemblies" />
+    <Category Id="CodeSchema_Calls" Label="Calls" CanBeDataDriven="True" CanLinkedNodesBeDataDriven="True" IncomingActionLabel="Called By" OutgoingActionLabel="Calls" />
+    <Category Id="CodeSchema_Class" Label="Class" BasedOn="CodeSchema_Type" CanBeDataDriven="True" DefaultAction="Node:Both:CodeSchema_Member" Icon="CodeSchema_Class" NavigationActionLabel="Classes" />
+    <Category Id="CodeSchema_Interface" Label="Interface" BasedOn="CodeSchema_Type" CanBeDataDriven="True" DefaultAction="Node:Both:CodeSchema_Member" Icon="CodeSchema_Interface" NavigationActionLabel="Interfaces" />
+    <Category Id="CodeSchema_Namespace" Label="Namespace" CanBeDataDriven="True" DefaultAction="Node:Both:CodeSchema_Type" Icon="CodeSchema_Namespace" NavigationActionLabel="Namespaces" />
+    <Category Id="CodeSchema_ReturnTypeLink" Label="Return" CanBeDataDriven="True" CanLinkedNodesBeDataDriven="True" IncomingActionLabel="Return types" OutgoingActionLabel="Return types" />
+    <Category Id="CodeSchema_Type" Label="Type" CanBeDataDriven="True" DefaultAction="Node:Both:CodeSchema_Member" Icon="CodeSchema_Class" NavigationActionLabel="Types" />
+    <Category Id="Comment" Label="Comment" Description="Represents a user defined comment on the diagram" CanBeDataDriven="True" IsProviderRoot="False" NavigationActionLabel="Comments" />
+    <Category Id="Contains" Label="Contains" Description="Whether the source of the link contains the target object" CanBeDataDriven="False" CanLinkedNodesBeDataDriven="True" IncomingActionLabel="Contained By" IsContainment="True" OutgoingActionLabel="Contains" />
+    <Category Id="Externals" Label="Externals" CanBeDataDriven="True" IsProviderRoot="False" NavigationActionLabel="Externals" />
+    <Category Id="File" Label="File" CanBeDataDriven="True" DefaultAction="Microsoft.Contains" Icon="File" NavigationActionLabel="Files" />
+    <Category Id="Implements" Label="Implements" CanBeDataDriven="True" CanLinkedNodesBeDataDriven="True" IncomingActionLabel="Implemented by" OutgoingActionLabel="Implements" />
+    <Category Id="InheritsFrom" Label="Inherits From" CanBeDataDriven="True" CanLinkedNodesBeDataDriven="True" IncomingActionLabel="Inherited By" OutgoingActionLabel="Inherits From" />
+    <Category Id="References" Label="References" CanBeDataDriven="True" CanLinkedNodesBeDataDriven="True" IncomingActionLabel="Referenced By" OutgoingActionLabel="References" />
+  </Categories>
+  <Properties>
+    <Property Id="AssemblyTimestamp" DataType="System.DateTime" />
+    <Property Id="Bounds" DataType="System.Windows.Rect" />
+    <Property Id="CanBeDataDriven" Label="CanBeDataDriven" Description="CanBeDataDriven" DataType="System.Boolean" />
+    <Property Id="CanLinkedNodesBeDataDriven" Label="CanLinkedNodesBeDataDriven" Description="CanLinkedNodesBeDataDriven" DataType="System.Boolean" />
+    <Property Id="CodeSchemaProperty_IsAbstract" Label="Is Abstract" Description="Flag to indicate member is 'Abstract' does not provide a full implementation" DataType="System.Boolean" />
+    <Property Id="CodeSchemaProperty_IsExternal" Label="Is External" Description="Flag indicating whether this node is considered external" DataType="System.Boolean" />
+    <Property Id="CodeSchemaProperty_IsInternal" Label="Is Internal" Description="Flag to indicate the method is 'Internal'" DataType="System.Boolean" />
+    <Property Id="CodeSchemaProperty_IsPublic" Label="Is Public" Description="Flag to indicate the scope is Public" DataType="System.Boolean" />
+    <Property Id="CodeSchemaProperty_IsStatic" Label="Is Static" Description="Flag to indicate the member is a static member" DataType="System.Boolean" />
+    <Property Id="CodeSchemaProperty_StrongName" Label="StrongName" Description="StrongName" DataType="System.String" />
+    <Property Id="CommonLabel" DataType="System.String" />
+    <Property Id="DataVirtualized" Label="Data Virtualized" Description="If true, the graph can contain nodes and links that represent data for virtualized nodes/links (i.e. not actually created in the graph)." DataType="System.Boolean" />
+    <Property Id="DefaultAction" Label="DefaultAction" Description="DefaultAction" DataType="System.String" />
+    <Property Id="DelayedChildNodesState" Label="Delayed Child Nodes State" Description="Unspecified if the delayed child nodes state is not specified. NotFetched if the group contains child nodes that are not fetched into the graph yet. Fetched if the group has all its delayed child nodes already fetched." DataType="Microsoft.VisualStudio.GraphModel.DelayedDataState" />
+    <Property Id="DelayedCrossGroupLinksState" Label="Delayed Cross-Group Links State" Description="Unspecified if the delayed cross-group links state is not specified. NotFetched if delayed cross-group links on this node are not fetched into the graph yet. Fetched if all delayed cross-group links have already fetched." DataType="Microsoft.VisualStudio.GraphModel.DelayedDataState" />
+    <Property Id="ErrorLevel" Label="Error Level" Description="Used to associate an error level with a node or link in the graph" Group="Analysis" DataType="Microsoft.VisualStudio.Progression.ErrorLevel" />
+    <Property Id="Expression" DataType="System.String" />
+    <Property Id="FetchingParent" DataType="Microsoft.VisualStudio.GraphModel.GraphNodeId" />
+    <Property Id="FilePath" Label="File Path" Description="File Path" DataType="System.String" />
+    <Property Id="Group" Label="Group" Description="Display the node as a group" DataType="Microsoft.VisualStudio.GraphModel.GraphGroupStyle" />
+    <Property Id="GroupLabel" DataType="System.String" />
+    <Property Id="Icon" Label="Icon" Description="Icon" DataType="System.String" />
+    <Property Id="IncomingActionLabel" Label="IncomingActionLabel" Description="IncomingActionLabel" DataType="System.String" />
+    <Property Id="IsContainment" DataType="System.Boolean" />
+    <Property Id="IsEnabled" DataType="System.Boolean" />
+    <Property Id="IsProviderRoot" Label="IsProviderRoot" Description="IsProviderRoot" DataType="System.Boolean" />
+    <Property Id="IsSourceVirtualized" Label="Link Source Virtualized" Description="If true, the link source end contains data for virtualized nodes/links (i.e. not actually created in the graph)." DataType="System.Boolean" />
+    <Property Id="IsTargetVirtualized" Label="Link Target Virtualized" Description="If true, the link target end contains data for virtualized nodes/links (i.e. not actually created in the graph)." DataType="System.Boolean" />
+    <Property Id="Label" Label="Label" Description="Displayable label of an Annotatable object" DataType="System.String" />
+    <Property Id="Layout" DataType="System.String" />
+    <Property Id="LayoutSettings" DataType="Microsoft.VisualStudio.Diagrams.View.GroupLayoutStyle" />
+    <Property Id="NavigationActionLabel" Label="NavigationActionLabel" Description="NavigationActionLabel" DataType="System.String" />
+    <Property Id="OutgoingActionLabel" Label="OutgoingActionLabel" Description="OutgoingActionLabel" DataType="System.String" />
+    <Property Id="SourceLocation" Label="Start Line Number" DataType="Microsoft.VisualStudio.GraphModel.CodeSchema.SourceLocation" />
+    <Property Id="TargetType" DataType="System.Type" />
+    <Property Id="Value" DataType="System.String" />
+    <Property Id="ValueLabel" DataType="System.String" />
+    <Property Id="Visibility" Label="Visibility" Description="Defines whether a node in the graph is visible or not" DataType="System.Windows.Visibility" />
+    <Property Id="Weight" Label="Weight" Description="Weight" DataType="System.Double" />
+    <Property Id="ZoomLevel" DataType="System.String" />
+  </Properties>
+  <QualifiedNames>
+    <Name Id="Assembly" Label="Assembly" ValueType="Uri" />
+    <Name Id="Namespace" Label="Namespace" ValueType="System.String" />
+    <Name Id="Type" Label="Type" ValueType="System.Object" />
+  </QualifiedNames>
+  <IdentifierAliases>
+    <Alias n="1" Uri="Assembly=file:///Q:/.tools/.nuget/packages/netstandard.library/2.0.3/build/netstandard2.0/ref/netstandard.dll" />
+    <Alias n="2" Id="(@1)" />
+    <Alias n="3" Uri="Assembly=$(e6180eb3-5b64-411c-8866-30c344e8307d.OutputPathUri)" />
+    <Alias n="4" Id="(@3)" />
+    <Alias n="5" Uri="Assembly=$(38fd16e6-8b3f-4c8d-805a-506ef7a60cf7.OutputPathUri)" />
+    <Alias n="6" Id="(@5)" />
+    <Alias n="7" Uri="Assembly=$(142d7b0b-388a-4ceb-a228-7f6d423c5c2e.OutputPathUri)" />
+    <Alias n="8" Id="(@7)" />
+    <Alias n="9" Id="(@7 Namespace=Microsoft.Azure.Commands.Common)" />
+    <Alias n="10" Id="Namespace=Microsoft.Azure.Commands.Common.Authentication" />
+    <Alias n="11" Id="(@3 @10)" />
+    <Alias n="12" Id="(@3 Namespace=Microsoft.Azure.Commands.Common.Authentication.Factories)" />
+    <Alias n="13" Id="Namespace=Microsoft.Azure.PowerShell.Authenticators" />
+    <Alias n="14" Id="(@5 @13)" />
+    <Alias n="15" Id="(@1 Namespace=System.Net.Http)" />
+    <Alias n="16" Id="(@3 @10 Type=ClaimsChallengeHandler)" />
+    <Alias n="17" Id="(@3 Namespace=Microsoft.Azure.Commands.Common.Authentication.Factories Type=ClientFactory)" />
+    <Alias n="18" Id="(@7 Namespace=Microsoft.Azure.Commands.Common Type=ContextAdapter)" />
+    <Alias n="19" Id="(@1 Namespace=System.Net.Http Type=DelegatingHandler)" />
+    <Alias n="20" Id="(@3 @10 Type=IClaimsChallengeProcessor)" />
+    <Alias n="22" Id="(@5 @13 Type=MsalAccessToken)" />
+    <Alias n="23" Id="(@3 @10 Type=RenewingTokenCredential)" />
+    <Alias n="24" Id="(@5 @13 Type=SilentAuthenticator)" />
+  </IdentifierAliases>
+  <Styles>
+    <Style TargetType="Node" GroupLabel="Error" ValueLabel="Error Level">
+      <Condition Expression="HasValue('ErrorLevel')" />
+      <Setter Property="Icon" Value="Node.Error" />
+    </Style>
+    <Style TargetType="Link" GroupLabel="Current Call Stack Link" ValueLabel="True" Visibility="Hidden">
+      <Condition Expression="HasCategory('CurrentCallStackCall')" />
+      <Setter Property="Stroke" Value="#FFD93701" />
+      <Setter Property="Weight" Value="1" />
+    </Style>
+    <Style TargetType="Link" GroupLabel="Call Stack Indirect Link" ValueLabel="True" Visibility="Hidden">
+      <Condition Expression="HasCategory('CallStackIndirectCall')" />
+      <Setter Property="Stroke" Value="#FFB8B8B8" />
+      <Setter Property="StrokeDashArray" Value="4 1" />
+    </Style>
+    <Style TargetType="Link" GroupLabel="Call Stack Direct Link" ValueLabel="True" Visibility="Hidden">
+      <Condition Expression="HasCategory('CallStackDirectCall')" />
+      <Setter Property="Stroke" Value="#FFB8B8B8" />
+    </Style>
+    <Style TargetType="Node" GroupLabel="Current Call Stack (no source)" ValueLabel="True">
+      <Condition Expression="HasCategory('CurrentCallStackEntry') And !HasCategory('CodeSchema_SourceLocation')" />
+      <Setter Property="Background" Value="Transparent" />
+      <Setter Property="Foreground" Value="#FFA5A5A5" />
+      <Setter Property="Stroke" Value="#FF0072C6" />
+    </Style>
+    <Style TargetType="Node" GroupLabel="External And Current" ValueLabel="True" Visibility="Hidden">
+      <Condition Expression="HasCategory('ExternalCallStackEntry') And HasCategory('CurrentCallStackEntry')" />
+      <Setter Property="Background" Value="#FFFFF8F0" />
+      <Setter Property="Stroke" Value="#FFCE5100" />
+    </Style>
+    <Style TargetType="Node" GroupLabel="Current Call Stack (source)" ValueLabel="True">
+      <Condition Expression="HasCategory('CurrentCallStackEntry') And !HasCategory('QueryResult')" />
+      <Setter Property="Background" Value="#FFFFE3C6" />
+      <Setter Property="Stroke" Value="#FFD93701" />
+    </Style>
+    <Style TargetType="Node" GroupLabel="External Call Stack" ValueLabel="True">
+      <Condition Expression="HasCategory('ExternalCallStackEntry')" />
+      <Setter Property="Background" Value="#FFF7F7F7" />
+      <Setter Property="StrokeDashArray" Value="1 3" />
+      <Setter Property="Foreground" Value="#FF717171" />
+      <Setter Property="Stroke" Value="#FFA5A5A5" />
+    </Style>
+    <Style TargetType="Node" GroupLabel="Results" ValueLabel="True">
+      <Condition Expression="HasCategory('QueryResult')" />
+      <Setter Property="Background" Value="#FFBCFFBE" />
+    </Style>
+    <Style TargetType="Node" GroupLabel="Test Project" ValueLabel="Test Project">
+      <Condition Expression="HasCategory('CodeMap_TestProject')" />
+      <Setter Property="Icon" Value="CodeMap_TestProject" />
+      <Setter Property="Background" Value="#FF307A69" />
+    </Style>
+    <Style TargetType="Node" GroupLabel="Web Project" ValueLabel="Web Project">
+      <Condition Expression="HasCategory('CodeMap_WebProject')" />
+      <Setter Property="Icon" Value="CodeMap_WebProject" />
+    </Style>
+    <Style TargetType="Node" GroupLabel="Windows Store Project" ValueLabel="Windows Store Project">
+      <Condition Expression="HasCategory('CodeMap_WindowsStoreProject')" />
+      <Setter Property="Icon" Value="CodeMap_WindowsStoreProject" />
+    </Style>
+    <Style TargetType="Node" GroupLabel="Phone Project" ValueLabel="Phone Project">
+      <Condition Expression="HasCategory('CodeMap_PhoneProject')" />
+      <Setter Property="Icon" Value="CodeMap_PhoneProject" />
+    </Style>
+    <Style TargetType="Node" GroupLabel="Portable Library" ValueLabel="Portable Library">
+      <Condition Expression="HasCategory('CodeMap_PortableLibraryProject')" />
+      <Setter Property="Icon" Value="CodeMap_PortableLibraryProject" />
+    </Style>
+    <Style TargetType="Node" GroupLabel="WPF Project" ValueLabel="WPF Project">
+      <Condition Expression="HasCategory('CodeMap_WpfProject')" />
+      <Setter Property="Icon" Value="CodeMap_WpfProject" />
+    </Style>
+    <Style TargetType="Node" GroupLabel="VSIX Project" ValueLabel="VSIX Project">
+      <Condition Expression="HasCategory('CodeMap_VsixProject')" />
+      <Setter Property="Icon" Value="CodeMap_VsixProject" />
+    </Style>
+    <Style TargetType="Node" GroupLabel="Modeling Project" ValueLabel="Modeling Project">
+      <Condition Expression="HasCategory('CodeMap_ModelingProject')" />
+      <Setter Property="Icon" Value="CodeMap_ModelingProject" />
+    </Style>
+    <Style TargetType="Node" GroupLabel="Assembly" ValueLabel="Has category">
+      <Condition Expression="HasCategory('CodeSchema_Assembly')" />
+      <Setter Property="Background" Value="#FF094167" />
+      <Setter Property="Stroke" Value="#FF094167" />
+      <Setter Property="Icon" Value="CodeSchema_Assembly" />
+    </Style>
+    <Style TargetType="Node" GroupLabel="Namespace" ValueLabel="Has category">
+      <Condition Expression="HasCategory('CodeSchema_Namespace')" />
+      <Setter Property="Background" Value="#FF0E619A" />
+      <Setter Property="Stroke" Value="#FF0E619A" />
+      <Setter Property="Icon" Value="CodeSchema_Namespace" />
+    </Style>
+    <Style TargetType="Node" GroupLabel="Interface" ValueLabel="Has category">
+      <Condition Expression="HasCategory('CodeSchema_Interface')" />
+      <Setter Property="Background" Value="#FF1382CE" />
+      <Setter Property="Stroke" Value="#FF1382CE" />
+      <Setter Property="Icon" Value="CodeSchema_Interface" />
+    </Style>
+    <Style TargetType="Node" GroupLabel="Struct" ValueLabel="Has category">
+      <Condition Expression="HasCategory('CodeSchema_Struct')" />
+      <Setter Property="Background" Value="#FF1382CE" />
+      <Setter Property="Stroke" Value="#FF1382CE" />
+      <Setter Property="Icon" Value="CodeSchema_Struct" />
+    </Style>
+    <Style TargetType="Node" GroupLabel="Enumeration" ValueLabel="Has category">
+      <Condition Expression="HasCategory('CodeSchema_Enum')" />
+      <Setter Property="Background" Value="#FF1382CE" />
+      <Setter Property="Stroke" Value="#FF1382CE" />
+      <Setter Property="Icon" Value="CodeSchema_Enum" />
+      <Setter Property="LayoutSettings" Value="List" />
+    </Style>
+    <Style TargetType="Node" GroupLabel="Delegate" ValueLabel="Has category">
+      <Condition Expression="HasCategory('CodeSchema_Delegate')" />
+      <Setter Property="Background" Value="#FF1382CE" />
+      <Setter Property="Stroke" Value="#FF1382CE" />
+      <Setter Property="Icon" Value="CodeSchema_Delegate" />
+    </Style>
+    <Style TargetType="Node" GroupLabel="Class" ValueLabel="Has category">
+      <Condition Expression="HasCategory('CodeSchema_Type')" />
+      <Setter Property="Background" Value="#FF0E70C0" />
+      <Setter Property="Stroke" Value="#FF0E70C0" />
+      <Setter Property="Icon" Value="CodeSchema_Class" />
+    </Style>
+    <Style TargetType="Node" GroupLabel="Property" ValueLabel="Has category">
+      <Condition Expression="HasCategory('CodeSchema_Property')" />
+      <Setter Property="Background" Value="#FFE0E0E0" />
+      <Setter Property="Stroke" Value="#FFE0E0E0" />
+      <Setter Property="Icon" Value="CodeSchema_Property" />
+    </Style>
+    <Style TargetType="Node" GroupLabel="Method" ValueLabel="Has category">
+      <Condition Expression="HasCategory('CodeSchema_Method') Or HasCategory('CodeSchema_CallStackUnresolvedMethod')" />
+      <Setter Property="Background" Value="#FFE0E0E0" />
+      <Setter Property="Stroke" Value="#FFE0E0E0" />
+      <Setter Property="Icon" Value="CodeSchema_Method" />
+      <Setter Property="LayoutSettings" Value="List" />
+    </Style>
+    <Style TargetType="Node" GroupLabel="Event" ValueLabel="Has category">
+      <Condition Expression="HasCategory('CodeSchema_Event')" />
+      <Setter Property="Background" Value="#FFE0E0E0" />
+      <Setter Property="Stroke" Value="#FFE0E0E0" />
+      <Setter Property="Icon" Value="CodeSchema_Event" />
+    </Style>
+    <Style TargetType="Node" GroupLabel="Field" ValueLabel="Has category">
+      <Condition Expression="HasCategory('CodeSchema_Field')" />
+      <Setter Property="Background" Value="#FFE0E0E0" />
+      <Setter Property="Stroke" Value="#FFE0E0E0" />
+      <Setter Property="Icon" Value="CodeSchema_Field" />
+    </Style>
+    <Style TargetType="Node" GroupLabel="Out Parameter" ValueLabel="Has category">
+      <Condition Expression="CodeSchemaProperty_IsOut = 'True'" />
+      <Setter Property="Icon" Value="CodeSchema_OutParameter" />
+    </Style>
+    <Style TargetType="Node" GroupLabel="Parameter" ValueLabel="Has category">
+      <Condition Expression="HasCategory('CodeSchema_Parameter')" />
+      <Setter Property="Icon" Value="CodeSchema_Parameter" />
+    </Style>
+    <Style TargetType="Node" GroupLabel="Local Variable" ValueLabel="Has category">
+      <Condition Expression="HasCategory('CodeSchema_LocalExpression')" />
+      <Setter Property="Icon" Value="CodeSchema_LocalExpression" />
+    </Style>
+    <Style TargetType="Node" GroupLabel="Externals" ValueLabel="Has category">
+      <Condition Expression="HasCategory('Externals')" />
+      <Setter Property="Background" Value="#FF424242" />
+      <Setter Property="Stroke" Value="#FF424242" />
+    </Style>
+    <Style TargetType="Link" GroupLabel="Inherits From" ValueLabel="True">
+      <Condition Expression="HasCategory('InheritsFrom')" />
+      <Setter Property="Stroke" Value="#FF00A600" />
+      <Setter Property="StrokeDashArray" Value="2 0" />
+      <Setter Property="DrawArrow" Value="true" />
+    </Style>
+    <Style TargetType="Link" GroupLabel="Implements" ValueLabel="True">
+      <Condition Expression="HasCategory('Implements')" />
+      <Setter Property="Stroke" Value="#8000A600" />
+      <Setter Property="StrokeDashArray" Value="2 2" />
+      <Setter Property="DrawArrow" Value="true" />
+    </Style>
+    <Style TargetType="Link" GroupLabel="Calls" ValueLabel="True">
+      <Condition Expression="HasCategory('CodeSchema_Calls')" />
+      <Setter Property="Stroke" Value="#FFFF00FF" />
+      <Setter Property="StrokeDashArray" Value="2 0" />
+      <Setter Property="DrawArrow" Value="true" />
+    </Style>
+    <Style TargetType="Link" GroupLabel="Function Pointer" ValueLabel="True">
+      <Condition Expression="HasCategory('CodeSchema_FunctionPointer')" />
+      <Setter Property="Stroke" Value="#FFFF00FF" />
+      <Setter Property="StrokeDashArray" Value="2 2" />
+      <Setter Property="DrawArrow" Value="true" />
+    </Style>
+    <Style TargetType="Link" GroupLabel="Field Read" ValueLabel="True">
+      <Condition Expression="HasCategory('CodeSchema_FieldRead')" />
+      <Setter Property="Stroke" Value="#FF00AEEF" />
+      <Setter Property="StrokeDashArray" Value="2 2" />
+      <Setter Property="DrawArrow" Value="true" />
+    </Style>
+    <Style TargetType="Link" GroupLabel="Field Write" ValueLabel="True">
+      <Condition Expression="HasCategory('CodeSchema_FieldWrite')" />
+      <Setter Property="Stroke" Value="#FF00AEEF" />
+      <Setter Property="DrawArrow" Value="true" />
+      <Setter Property="IsHidden" Value="false" />
+    </Style>
+    <Style TargetType="Link" GroupLabel="Inherits From" ValueLabel="True" Visibility="Hidden">
+      <Condition Expression="HasCategory('InheritsFrom') And Target.HasCategory('CodeSchema_Class')" />
+      <Setter Property="TargetDecorator" Value="OpenArrow" />
+    </Style>
+    <Style TargetType="Link" GroupLabel="Implements" ValueLabel="True" Visibility="Hidden">
+      <Condition Expression="HasCategory('Implements') And Target.HasCategory('CodeSchema_Interface')" />
+      <Setter Property="TargetDecorator" Value="OpenArrow" />
+    </Style>
+    <Style TargetType="Link" GroupLabel="Comment Link" ValueLabel="True" Visibility="Hidden">
+      <Condition Expression="Source.HasCategory('Comment')" />
+      <Setter Property="Stroke" Value="#FFE5C365" />
+    </Style>
+    <Style TargetType="Node" GroupLabel="Cursor Location Changed" ValueLabel="True" Visibility="Hidden">
+      <Condition Expression="IsCursorLocation" />
+      <Setter Property="IndicatorWest" Value="WestIndicator" />
+    </Style>
+    <Style TargetType="Node" GroupLabel="Disabled Breakpoint Location Changed" ValueLabel="True" Visibility="Hidden">
+      <Condition Expression="DisabledBreakpointCount" />
+      <Setter Property="IndicatorWest" Value="WestIndicator" />
+    </Style>
+    <Style TargetType="Node" GroupLabel="Enabled Breakpoint Location Changed" ValueLabel="True" Visibility="Hidden">
+      <Condition Expression="EnabledBreakpointCount" />
+      <Setter Property="IndicatorWest" Value="WestIndicator" />
+    </Style>
+    <Style TargetType="Node" GroupLabel="Instruction Pointer Location Changed" ValueLabel="True" Visibility="Hidden">
+      <Condition Expression="IsInstructionPointerLocation" />
+      <Setter Property="IndicatorWest" Value="WestIndicator" />
+    </Style>
+    <Style TargetType="Node" GroupLabel="Current Callstack Changed" ValueLabel="True" Visibility="Hidden">
+      <Condition Expression="IsCurrentCallstackFrame" />
+      <Setter Property="IndicatorWest" Value="WestIndicator" />
+    </Style>
+    <Style TargetType="Link" GroupLabel="Return" ValueLabel="True" Visibility="Hidden">
+      <Condition Expression="HasCategory('CodeSchema_ReturnTypeLink')" />
+    </Style>
+    <Style TargetType="Link" GroupLabel="References" ValueLabel="True" Visibility="Hidden">
+      <Condition Expression="HasCategory('References')" />
+    </Style>
+    <Style TargetType="Link" GroupLabel="Uses Attribute" ValueLabel="True" Visibility="Hidden">
+      <Condition Expression="HasCategory('CodeSchema_AttributeUse')" />
+    </Style>
+    <Style TargetType="Node" GroupLabel="Solution Folder" ValueLabel="True" Visibility="Hidden">
+      <Condition Expression="HasCategory('CodeMap_SolutionFolder')" />
+      <Setter Property="Background" Value="#FFDEBA83" />
+    </Style>
+    <Style TargetType="Link" GroupLabel="Project Reference" ValueLabel="Project Reference">
+      <Condition Expression="HasCategory('CodeMap_ProjectReference')" />
+      <Setter Property="Stroke" Value="#9A9A9A" />
+      <Setter Property="StrokeDashArray" Value="2 2" />
+      <Setter Property="DrawArrow" Value="true" />
+    </Style>
+    <Style TargetType="Link" GroupLabel="External Reference" ValueLabel="External Reference">
+      <Condition Expression="HasCategory('CodeMap_ExternalReference')" />
+      <Setter Property="Stroke" Value="#9A9A9A" />
+      <Setter Property="StrokeDashArray" Value="2 2" />
+      <Setter Property="DrawArrow" Value="true" />
+    </Style>
+    <Style TargetType="Node" GroupLabel="Comment" ValueLabel="Has comment">
+      <Condition Expression="HasCategory('Comment')" />
+      <Setter Property="Background" Value="#FFFFFACD" />
+      <Setter Property="Stroke" Value="#FFE5C365" />
+      <Setter Property="StrokeThickness" Value="1" />
+      <Setter Property="NodeRadius" Value="2" />
+      <Setter Property="MaxWidth" Value="250" />
+    </Style>
+  </Styles>
+  <Paths>
+    <Path Id="142d7b0b-388a-4ceb-a228-7f6d423c5c2e.OutputPath" Value="C:\Users\yeliu\code\azure-powershell\artifacts\Debug\Az.Accounts\Microsoft.Azure.PowerShell.Cmdlets.Accounts.dll" />
+    <Path Id="142d7b0b-388a-4ceb-a228-7f6d423c5c2e.OutputPathUri" Value="file:///C:/Users/yeliu/code/azure-powershell/artifacts/Debug/Az.Accounts/Microsoft.Azure.PowerShell.Cmdlets.Accounts.dll" />
+    <Path Id="38fd16e6-8b3f-4c8d-805a-506ef7a60cf7.OutputPath" Value="C:\Users\yeliu\code\azure-powershell\src\Accounts\Authenticators\bin\Debug\Microsoft.Azure.PowerShell.Authenticators.dll" />
+    <Path Id="38fd16e6-8b3f-4c8d-805a-506ef7a60cf7.OutputPathUri" Value="file:///C:/Users/yeliu/code/azure-powershell/src/Accounts/Authenticators/bin/Debug/Microsoft.Azure.PowerShell.Authenticators.dll" />
+    <Path Id="e6180eb3-5b64-411c-8866-30c344e8307d.OutputPath" Value="C:\Users\yeliu\code\azure-powershell\artifacts\Debug\Az.Accounts\Microsoft.Azure.PowerShell.Authentication.dll" />
+    <Path Id="e6180eb3-5b64-411c-8866-30c344e8307d.OutputPathUri" Value="file:///C:/Users/yeliu/code/azure-powershell/artifacts/Debug/Az.Accounts/Microsoft.Azure.PowerShell.Authentication.dll" />
+  </Paths>
+</DirectedGraph>
\ No newline at end of file
diff --git a/src/Accounts/Authentication/Utilities/ClaimsChallengeUtilities.cs b/src/Accounts/Authentication/Utilities/ClaimsChallengeUtilities.cs
index 0a387a0f97a7..53422380f1eb 100644
--- a/src/Accounts/Authentication/Utilities/ClaimsChallengeUtilities.cs
+++ b/src/Accounts/Authentication/Utilities/ClaimsChallengeUtilities.cs
@@ -33,7 +33,7 @@ static public class ClaimsChallengeUtilities
         private static readonly Regex AuthenticationChallengeRegex = new Regex(AuthenticationChallengePattern);
         private static readonly Regex ChallengeParameterRegex = new Regex(ChallengeParameterPattern);
 
-        public static string GetClaimsChallenge(HttpResponseMessage response)
+        private static string GetClaimsChallenge(HttpResponseMessage response)
         {
             return ParseWwwAuthenticate(response)?
                 .Where((p) => string.Equals(p.Item1, "claims", StringComparison.OrdinalIgnoreCase))
@@ -46,15 +46,21 @@ public static string GetWwwAuthenticateMessage(this HttpResponseMessage response
             return string.Join(string.Empty, ParseWwwAuthenticate(response)?.Select(p => $"{p.Item1}: {p.Item2}{Environment.NewLine}"));
         }
 
-        public static bool MatchClaimsChallengePattern(this HttpResponseMessage response)
+        public static bool MatchClaimsChallengePattern(this HttpResponseMessage response, out string claimsChallenge)
         {
-            return response.StatusCode == System.Net.HttpStatusCode.Unauthorized && response.Headers.WwwAuthenticate?.Count > 0;
+            if (response.StatusCode == System.Net.HttpStatusCode.Unauthorized && response.Headers.WwwAuthenticate?.Count > 0)
+            {
+                claimsChallenge = GetClaimsChallenge(response);
+                return true;
+            }
+
+            claimsChallenge = null;
+            return false;
         }
 
         private static IEnumerable<(string, string)> ParseWwwAuthenticate(HttpResponseMessage response)
         {
             return Enumerable.Repeat(response, 1)
-                .Where(r => r.MatchClaimsChallengePattern())
                 .Select(r => r.Headers.WwwAuthenticate.FirstOrDefault().ToString())
                 .SelectMany(h => ParseChallenges(h))
                 .Where(c => string.Equals(c.Item1, "Bearer", StringComparison.OrdinalIgnoreCase))
@@ -80,5 +86,44 @@ public static bool MatchClaimsChallengePattern(this HttpResponseMessage response
                 yield return (paramMatches[i].Groups[1].Value, paramMatches[i].Groups[2].Value);
             }
         }
+
+        /// <summary>
+        /// Format the error message from the response content of the original failed request.
+        /// If the error is caused by CAE (continuous Access Evaluation), this will include why the request failed, and which policy was violated.
+        /// </summary>
+        /// <param name="claimsChallenge"></param>
+        /// <param name="responseContent"></param>
+        /// <returns></returns>
+        public static string FormatClaimsChallengeErrorMessage(string claimsChallenge, string responseContent)
+        {
+            var errorMessage = TryGetErrorMessageFromOriginalResponse(responseContent);
+            // Convert claimsChallenge to base64
+            var claimsChallengeBase64 = Convert.ToBase64String(Encoding.UTF8.GetBytes(claimsChallenge ?? string.Empty));
+            // todo: use resource string
+            return $@"[This message needs review] Interactive authentication is required. Please run the following cmdlet and add additional parameters as needed:
+Connect-AzAccount -ClaimsChallenge ""{claimsChallengeBase64}""
+
+Error details:
+{errorMessage}";
+        }
+
+        private static string TryGetErrorMessageFromOriginalResponse(string content)
+        {
+            if (string.IsNullOrWhiteSpace(content))
+            {
+                return content;
+            }
+
+            try
+            {
+                var parsedJson = Newtonsoft.Json.Linq.JToken.Parse(content);
+                return parsedJson["error"].Value<string>("message");
+            }
+            catch
+            {
+                // If parsing fails, return the original content
+                return content;
+            }
+        }
     }
 }
diff --git a/src/Accounts/Authenticators/MsalAccessToken.cs b/src/Accounts/Authenticators/MsalAccessToken.cs
index 8c5676feeafc..f4591741b33d 100644
--- a/src/Accounts/Authenticators/MsalAccessToken.cs
+++ b/src/Accounts/Authenticators/MsalAccessToken.cs
@@ -28,6 +28,10 @@
 
 namespace Microsoft.Azure.PowerShell.Authenticators
 {
+    /// <summary>
+    /// Represents an access token obtained from Entra ID using MSAL (Microsoft Authentication Library).
+    /// Holds the access token, metadata about the user and tenant, and the context needed to renew the token.
+    /// </summary>
     public class MsalAccessToken : IAccessToken, IClaimsChallengeProcessor
     {
         public string AccessToken { get; private set; }
@@ -121,6 +125,14 @@ private bool IsNearExpiration()
             return timeUntilExpiration < ExpirationThreshold;
         }
 
+        /// <summary>
+        /// Receives a claims challenge from the server and processes it to obtain a new access token.
+        /// Then updates the request with the new access token.
+        /// </summary>
+        /// <param name="request"></param>
+        /// <param name="claimsChallenge"></param>
+        /// <param name="cancellationToken"></param>
+        /// <returns>A boolean indicated whether the request should be retried. Throws if the reauth fails.</returns>
         public async ValueTask<bool> OnClaimsChallenageAsync(HttpRequestMessage request, string claimsChallenge, CancellationToken cancellationToken)
         {
             TracingAdapter.Information($"{DateTime.Now:T} - [ClaimsChallengeProcessor] Calling {TokenCredential.GetType().Name}.GetTokenAsync- claimsChallenge:'{claimsChallenge}'");

From ba41be0749a09d9110e6da7a61059584c030f8d8 Mon Sep 17 00:00:00 2001
From: Yeming Liu <yeliu@microsoft.com>
Date: Fri, 4 Jul 2025 13:50:20 +1000
Subject: [PATCH 2/2] Fix tests; add Tenant to parameters

---
 .../SilentReAuthByTenantCmdletTest.cs            | 16 ++++++++++------
 .../Utilities/ClaimsChallengeUtilities.cs        |  5 +----
 2 files changed, 11 insertions(+), 10 deletions(-)

diff --git a/src/Accounts/Accounts.Test/SilentReAuthByTenantCmdletTest.cs b/src/Accounts/Accounts.Test/SilentReAuthByTenantCmdletTest.cs
index 0d16a82ab2f3..2854ef09f061 100644
--- a/src/Accounts/Accounts.Test/SilentReAuthByTenantCmdletTest.cs
+++ b/src/Accounts/Accounts.Test/SilentReAuthByTenantCmdletTest.cs
@@ -55,9 +55,11 @@ public class SilentReAuthByTenantCmdletTest
         private const string fakeToken = "fakertoken";
 
         private const string body200 = @"{{""value"":[{{""id"":""/tenants/{0}"",""tenantId"":""{0}"",""countryCode"":""US"",""displayName"":""AzureSDKTeam"",""domains"":[""AzureSDKTeam.onmicrosoft.com"",""azdevextest.com""],""tenantCategory"":""Home""}}]}}";
-        private const string body401 = @"{""error"":{""code"":""AuthenticationFailed"",""message"":""Authentication failed.""}}";
-        private const string WwwAuthenticateIP = @"Bearer authorization_uri=""https://login.windows.net/"", error=""invalid_token"", error_description=""Tenant IP Policy validate failed."", claims=""eyJhY2Nlc3NfdG9rZW4iOnsibmJmIjp7ImVzc2VudGlhbCI6dHJ1ZSwidmFsdWUiOiIxNjEzOTgyNjA2In0sInhtc19ycF9pcGFkZHIiOnsidmFsdWUiOiIxNjcuMjIwLjI1NS40MSJ9fX0=""";
-
+        private const string bodyErrorMessage401 = "Authentication failed.";
+        private const string body401 = @"{""error"":{""code"":""AuthenticationFailed"",""message"":"""+bodyErrorMessage401+@"""}}";
+        private const string claimsChallengeBase64 = "eyJhY2Nlc3NfdG9rZW4iOnsibmJmIjp7ImVzc2VudGlhbCI6dHJ1ZSwidmFsdWUiOiIxNjEzOTgyNjA2In0sInhtc19ycF9pcGFkZHIiOnsidmFsdWUiOiIxNjcuMjIwLjI1NS40MSJ9fX0=";
+        private const string WwwAuthenticateIP = @"Bearer authorization_uri=""https://login.windows.net/"", error=""invalid_token"", error_description=""Tenant IP Policy validate failed."", claims="""+ claimsChallengeBase64+@"""";
+        private const string identityExceptionMessage = "Exception from Azure Identity.";
         XunitTracingInterceptor xunitLogger;
 
         public class GetAzureRMTenantCommandMock : GetAzureRMTenantCommand
@@ -171,7 +173,7 @@ public void SilentReauthenticateFailure()
                         {
                             return new ValueTask<AccessToken>(new AccessToken(fakeToken, DateTimeOffset.Now.AddHours(1)));
                         }
-                        throw new CredentialUnavailableException("Exception from Azure Identity.");
+                        throw new CredentialUnavailableException(identityExceptionMessage);
                     }
                     ));
                 AzureSession.Instance.RegisterComponent(nameof(AzureCredentialFactory), () => mockAzureCredentialFactory.Object, true);
@@ -191,8 +193,10 @@ public void SilentReauthenticateFailure()
                 // Act
                 cmdlet.InvokeBeginProcessing();
                 AuthenticationFailedException e = Assert.Throws<AuthenticationFailedException>(() => cmdlet.ExecuteCmdlet());
-                string errorMessage = $"Exception from Azure Identity.{Environment.NewLine}authorization_uri: https://login.windows.net/{Environment.NewLine}error: invalid_token{Environment.NewLine}error_description: Tenant IP Policy validate failed.{Environment.NewLine}claims: eyJhY2Nlc3NfdG9rZW4iOnsibmJmIjp7ImVzc2VudGlhbCI6dHJ1ZSwidmFsdWUiOiIxNjEzOTgyNjA2In0sInhtc19ycF9pcGFkZHIiOnsidmFsdWUiOiIxNjcuMjIwLjI1NS40MSJ9fX0={Environment.NewLine}";
-                Assert.Equal(errorMessage, e.Message);
+                Assert.Contains(identityExceptionMessage, e.Message);
+                Assert.Contains(bodyErrorMessage401, e.Message);
+                Assert.Contains("Connect-AzAccount", e.Message);
+                Assert.Contains(claimsChallengeBase64, e.Message);
                 cmdlet.InvokeEndProcessing();
             }
             finally
diff --git a/src/Accounts/Authentication/Utilities/ClaimsChallengeUtilities.cs b/src/Accounts/Authentication/Utilities/ClaimsChallengeUtilities.cs
index 53422380f1eb..a6d73e43e6c6 100644
--- a/src/Accounts/Authentication/Utilities/ClaimsChallengeUtilities.cs
+++ b/src/Accounts/Authentication/Utilities/ClaimsChallengeUtilities.cs
@@ -16,13 +16,10 @@
 using System;
 using System.Collections.Generic;
 using System.Linq;
-using System.Net;
 using System.Net.Http;
 using System.Text;
 using System.Text.RegularExpressions;
 
-using Microsoft.Azure.Commands.Profile.Utilities;
-
 namespace Microsoft.Azure.Commands.Common.Authentication
 {
     static public class ClaimsChallengeUtilities
@@ -101,7 +98,7 @@ public static string FormatClaimsChallengeErrorMessage(string claimsChallenge, s
             var claimsChallengeBase64 = Convert.ToBase64String(Encoding.UTF8.GetBytes(claimsChallenge ?? string.Empty));
             // todo: use resource string
             return $@"[This message needs review] Interactive authentication is required. Please run the following cmdlet and add additional parameters as needed:
-Connect-AzAccount -ClaimsChallenge ""{claimsChallengeBase64}""
+Connect-AzAccount -Tenant (Get-AzContext).Tenant.Id -ClaimsChallenge ""{claimsChallengeBase64}""
 
 Error details:
 {errorMessage}";