This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(233.6, 67%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMB%3C/text%3E%3C/svg%3E)
Hi everyone,
when I upload a new version of a custom policy it takes a varying amount of time (from a few seconds to five minutes) until the new version is used. During development this is very frustrating and time-consuming since I either have to wait five minutes to be sure (which breaks the workflow) or I have to initiate the policy several times until I get the updated version. And if it was only a slight policy update I have to add some noticable "versioning" to figure out whether the change was applied or not. This wastes a lot of time and makes the development of B2C policies very cumbersome. I found a similar question which was posted a year ago: https://stackoverflow.com/questions/69321812/lag-in-getting-the-new-value-of-a-custom-attribute-after-updating-it
Is there still nothing that can be done about this? Either a flushing of policy caches or an indication on Azure Portal (of when the new policy is available) would be acceptable. But the current situation is very annoying.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(185.6, 11%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EK%3C/text%3E%3C/svg%3E)
We are also facing the same problem. even small fix in custom policy is taking lot of time due the delay in reflecting the chagnes, it would be great if you could suggest the proper solution for this.
We have already configured DeploymentMode = Development. still we are facing the same problem.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 11%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESR%3C/text%3E%3C/svg%3E)
Hi Team, could you please provide an update on this issue or at least provide a workaround?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(214.4, 81%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMT%3C/text%3E%3C/svg%3E)
This is expected behavior due to caching and is documented:
Best practices for Azure AD B2C - Azure AD B2C | Microsoft Learn
Deploy custom policy - Azure AD B2C relies on caching to deliver performance to your end users. When you deploy a custom policy using whatever method, expect a delay of up to 30 minutes for your users to see the changes. As a result of this behavior, consider the following practices when you deploy your custom policies.
You can set the DeploymentMode to Development in a production environment to bypass the caching behavior. However, we don't recommend this practice. If you Collect Azure AD B2C logs with Application Insights, all claims sent to and from identity providers are collected, which is a security and performance risk.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(134.4, 18%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESD%3C/text%3E%3C/svg%3E)
This is so painful to develop or debug anything! Please fix this!
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(262.40000000000003, 72%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERD%3C/text%3E%3C/svg%3E)
Ugh, this situation is excruciatingly painful and makes it virtually impossible to work with custom policies. I've been trying for two days now to figure out how to add an email attribute to my SAML responses. I've found several suggestions on Stack Overflow describing how to do this, but (unsurprisingly) they're not always clearly explained and often give somewhat contradictory advice.
Anyway, I've been trying all sorts of tweaks to my custom policy XML files, uploading the updated files, and testing it with the MS SAML test application. But none of my changes ever seemed to have any effect at all. Finally, after much frustration I realized that when I upload policy files those changes don't immediately take effect. As reported here it can take 5-15 minutes before the changes take effect. The problem is I have no way of knowing when they actually take effect, so I have no way of knowing whether or not the change I made simply was incorrect and therefore didn't work or if the change just hasn't gone into effect.
There has to be a better way! As others already suggested, either this lag time between policy updates taking effect needs to be dramatically shortened, or we need someway to manually flush the cache and know when our changes have gone into effect.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(288, 21%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ENC%3C/text%3E%3C/svg%3E)
Not being able to disable cache makes it virtually impossible to develop in this environment. Custom policies are hard enough as it is to understand and develop in. Every-time a change is made and has to be tested, the developer is basically clueless on if their changes had any effect because of this.
Hi @Maximilian Bürgi ,
I received an update from the product team that other customers are experiencing this due to some changes.
It seems that there was an increase in the TTL of policy Objects in the caches from 2 mins to 15 minutes. This means that if you make a change to a policy and overwrite it, there's a potential delay between the upload of that policy and that policy being served to the end user.
Thank you for the update.
At the moment it does indeed take up to 15 minutes to update.
Regarding my scenario:
We develop custom policies for a project and sometimes, if something doesn't work as expected, we have to upload several updates to a policy and try it out online since it can't be tested locally. But if it takes up to 15 minutes to get feedback on a one line change (where you also have to add some identifier to differentiate the used versions) that slows down the workflow immensely.
There was some issue for example, where we wanted to read userIdentities by email with an Azure Active Directory technical profile. It somehow didn't work until we added the metadata item <Item Key="api-version">1.6</Item>. We weren't able to find this information anywhere and had to figure it out by trial and error which is often the case with Azure AD B2C when the documentation is missing. But this process is hindered immensely by having to wait the 15 minute delay. We also waste a lot of time by continuously retrying the policy during the wait time since it might go faster sometimes.
Is there a reason why the TTL was increased? The link you sent only concerns session expiry but not "policy expiry" as far as I can tell.
I think there are three ways on how you could improve this:
Hm, I can't submit a comment with a link or which is this long somehow. Let's try again.
Azure Active Directory technical profile:
https://learn.microsoft.com/en-us/azure/active-directory-b2c/active-directory-technical-profile
I agree that this is not ideal and have created a bug for the product team. One suggestion from the PG is to upload the policy to be updated with a different policy name. If the uploaded file is okay after 15 minutes, there would be a way to switch the application's reference policy.
Thank you for the suggestion with a different policy name. This does indeed improve the workflow and we're able to get the feedback immediately this way. But it still introduces a lot of overhead such as changing the name and deleting the unused policies afterwards. And for productive releases this isn't any help and we have to plan longer release windows to properly test the changes.
Please keep us/me updated here if there's any development on this topic. I'd very much appreciate a fast resolution of this issue. And as it turns out this is also a pressing issue for other developers.
Hi @Marilee Turscak-MSFT
Is there any update on this topic? Can we expect any improvement?
It is still very cumbersome and complicates working with B2C by a lot.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 45%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EWC%3C/text%3E%3C/svg%3E)
This becomes a real nightmare, @Marilee Turscak-MSFT , as it unreasonably slows down the whole dev process so badly. Having an explicit button in the portal to invalidate the cache manually would be helpful. Otherwise, devs have no idea on when their changes would be available for trying, which is unacceptable and just wastes a lot of dev resources.