Best practices for enterprises

To build robust, enterprise-ready applications, you will need to ensure that you implement a few additional guardrails. We recommend developers to:

• Handle exceptions, both when acquiring a token, but also when calling a protected web API. In particular, if an application runs in a Microsoft Entra tenant where the tenant admins have set Conditional Access policies to enforce Multiple Factor Authentication (MFA), you will need to handle a claim challenge which is described in Exceptions.
• Enable Logging to troubleshoot applications, while respecting user privacy and remain compliant with privacy regulations, such as GDPR.