AAD B2C - "Lag" after custom policy upload

Maximilian Bürgi 106 Reputation points

Hi everyone,

when I upload a new version of a custom policy it takes a varying amount of time (from a few seconds to five minutes) until the new version is used. During development this is very frustrating and time-consuming since I either have to wait five minutes to be sure (which breaks the workflow) or I have to initiate the policy several times until I get the updated version. And if it was only a slight policy update I have to add some noticable "versioning" to figure out whether the change was applied or not. This wastes a lot of time and makes the development of B2C policies very cumbersome. I found a similar question which was posted a year ago: https://stackoverflow.com/questions/69321812/lag-in-getting-the-new-value-of-a-custom-attribute-after-updating-it

Is there still nothing that can be done about this? Either a flushing of policy caches or an indication on Azure Portal (of when the new policy is available) would be acceptable. But the current situation is very annoying.

Microsoft Entra External ID
Microsoft Entra External ID
A modern identity solution for securing access to customer, citizen and partner-facing apps and services. It is the converged platform of Azure AD External Identities B2B and B2C. Replaces Azure Active Directory External Identities.
2,466 questions
{count} votes

13 answers

Sort by: Most helpful
  1. Sebastien Dicaire 26 Reputation points

    This is so painful to develop or debug anything! Please fix this!

    5 people found this answer helpful.
    0 comments No comments

  2. Richard Davies 11 Reputation points

    Ugh, this situation is excruciatingly painful and makes it virtually impossible to work with custom policies. I've been trying for two days now to figure out how to add an email attribute to my SAML responses. I've found several suggestions on Stack Overflow describing how to do this, but (unsurprisingly) they're not always clearly explained and often give somewhat contradictory advice.

    Anyway, I've been trying all sorts of tweaks to my custom policy XML files, uploading the updated files, and testing it with the MS SAML test application. But none of my changes ever seemed to have any effect at all. Finally, after much frustration I realized that when I upload policy files those changes don't immediately take effect. As reported here it can take 5-15 minutes before the changes take effect. The problem is I have no way of knowing when they actually take effect, so I have no way of knowing whether or not the change I made simply was incorrect and therefore didn't work or if the change just hasn't gone into effect.

    There has to be a better way! As others already suggested, either this lag time between policy updates taking effect needs to be dramatically shortened, or we need someway to manually flush the cache and know when our changes have gone into effect.

    2 people found this answer helpful.
    0 comments No comments

  3. Nitish Chauhan 71 Reputation points

    Not being able to disable cache makes it virtually impossible to develop in this environment. Custom policies are hard enough as it is to understand and develop in. Every-time a change is made and has to be tested, the developer is basically clueless on if their changes had any effect because of this.

    2 people found this answer helpful.
    0 comments No comments

  4. Marilee Turscak-MSFT 29,856 Reputation points Microsoft Employee

    Hi @Maximilian Bürgi ,

    I received an update from the product team that other customers are experiencing this due to some changes.

    It seems that there was an increase in the TTL of policy Objects in the caches from 2 mins to 15 minutes. This means that if you make a change to a policy and overwrite it, there's a potential delay between the upload of that policy and that policy being served to the end user.


    1 person found this answer helpful.

  5. Who Cares 5 Reputation points

    This becomes a real nightmare, @Marilee Turscak-MSFT , as it unreasonably slows down the whole dev process so badly. Having an explicit button in the portal to invalidate the cache manually would be helpful. Otherwise, devs have no idea on when their changes would be available for trying, which is unacceptable and just wastes a lot of dev resources.

    1 person found this answer helpful.
    0 comments No comments