This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(233.6, 67%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMB%3C/text%3E%3C/svg%3E)
Hi everyone,
when I upload a new version of a custom policy it takes a varying amount of time (from a few seconds to five minutes) until the new version is used. During development this is very frustrating and time-consuming since I either have to wait five minutes to be sure (which breaks the workflow) or I have to initiate the policy several times until I get the updated version. And if it was only a slight policy update I have to add some noticable "versioning" to figure out whether the change was applied or not. This wastes a lot of time and makes the development of B2C policies very cumbersome. I found a similar question which was posted a year ago: https://stackoverflow.com/questions/69321812/lag-in-getting-the-new-value-of-a-custom-attribute-after-updating-it
Is there still nothing that can be done about this? Either a flushing of policy caches or an indication on Azure Portal (of when the new policy is available) would be acceptable. But the current situation is very annoying.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(185.6, 11%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EK%3C/text%3E%3C/svg%3E)
We are also facing the same problem. even small fix in custom policy is taking lot of time due the delay in reflecting the chagnes, it would be great if you could suggest the proper solution for this.
We have already configured DeploymentMode = Development. still we are facing the same problem.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 11%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESR%3C/text%3E%3C/svg%3E)
Hi Team, could you please provide an update on this issue or at least provide a workaround?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(214.4, 81%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMT%3C/text%3E%3C/svg%3E)
This is expected behavior due to caching and is documented:
Best practices for Azure AD B2C - Azure AD B2C | Microsoft Learn
Deploy custom policy - Azure AD B2C relies on caching to deliver performance to your end users. When you deploy a custom policy using whatever method, expect a delay of up to 30 minutes for your users to see the changes. As a result of this behavior, consider the following practices when you deploy your custom policies.
You can set the DeploymentMode to Development in a production environment to bypass the caching behavior. However, we don't recommend this practice. If you Collect Azure AD B2C logs with Application Insights, all claims sent to and from identity providers are collected, which is a security and performance risk.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(172.8, 78%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKF%3C/text%3E%3C/svg%3E)
So we are supposed to accept that if you create a bad policy, you might not be able to create the resource you need for 30 minutes?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(118.4, 9%, 21%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJ7%3C/text%3E%3C/svg%3E)
The TTL of 15 minutes can be bypassed by setting DeploymentMode to "Development":
<TrustFrameworkPolicy xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns="http://schemas.microsoft.com/online/cpim/schemas/2013/06" PolicySchemaVersion="0.3.0.0"
TenantId="yourtenant.onmicrosoft.com"
PolicyId="B2C_1A_YourPolicy"
PublicPolicyUri="http://yourtenant.onmicrosoft.com/B2C_1A_YourPolicy"
DeploymentMode="Development">
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(6.4, 1%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERK%3C/text%3E%3C/svg%3E)
Sorry but i am running the policy in development mode and still no lock. Can you please confirm that with that setting on you are not experiencing any lag?
Thanks, @JohannesGross-7919
For me the approach with DeploymentMode does indeed work. It has to be added to all deployed files though and it took some time (a few hours) to be noticable with new deployments.
But there's the drawback that errors (e.g. user is unauthenticated) that B2C sends to the calling application don't lead to a redirect but end in a static page containing the error description.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(236.8, 78%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBR%3C/text%3E%3C/svg%3E)
I have been experiencing the same issues but already had been using DeploymentMode=Development and I am still experiencing the ~15 minute lag. So I am not convinced the last comment is accurate.
Update: Although I have just realised I only have that setting on the top level Relying Party file :(
I will update the others and try again
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(134.4, 18%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESD%3C/text%3E%3C/svg%3E)
Does adding that to the other files fixed the issue? I got in touch with the Support team and according to them, there is zero way to bypass that.
For me the approach with DeploymentMode does indeed work. It has to be added to all deployed files though and it took some time (a few hours) to be noticable with new deployments.
But there's the drawback that errors (e.g. user is unauthenticated) that B2C sends to the calling application don't lead to a redirect but end in a static page containing the error description.
This is really becoming a pain to do custom policy development. They should allow users to disable cache al together. We all know the benefit of caching so it's upto the users to keep it disabled in lower environment where as enable it in PROD.
I had a similar expirience. It's horrible.
Deleted policies are also still there for a long time..
Make sure your policy is correct, in case of incorrectness b2c behave realy strange - it seems like it picks an old one that worked. But you can't be sure it's the last one.
My only helper is to change a string message in the policy (version increment) to really make sure it's the one I think it's using.
Hi @Maximilian Bürgi ,
Thanks for your post! As Jas Suri mentioned, this appears to be part of the internal design due to replication delay in the regionally replicated domain controller infrastructure.
That said, I have created an internal work item based on your feedback to address this issue and improve the performance. If you provide more details about your scenario it will help in providing a business justification and adding details to the work item.
I have reached out internally to see if there are any updates about steps that can be taken to mitigate the issue, and will share the team's response as well.
In the meantime you are also welcome to create your own feedback in the Ideas portal where the product team can directly reply. https://feedback.azure.com/
-
If the information was helpful to you, please Accept the answer. This will help us and other community members as well.
This question is quite old in the meantime but it appears that it's a pain to a lot of developers according to all the comments here. You promised to share the team's response to your internal query. Can you share this with us?