![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(294.40000000000003, 3%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAC%3C/text%3E%3C/svg%3E)
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,629 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(246.4, 20%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESM%3C/text%3E%3C/svg%3E)
Hi @Abhay Chandramouli ,
Thanks for reaching out.
The sts.windows.net and login.microsoftonline.com are both Security Token Services (STS) that issue tokens for Azure Active Directory (Azure AD). The sts.windows.net is the original STS for Azure AD v1, while login.microsoftonline.com is a newer STS that was introduced to support newer authentication protocols like OpenID Connect. Both issuers can issue tokens for Azure AD, but the tokens issued by login.microsoftonline.com are generally newer and support more features.
Both the sample tokens have been provided here - https://learn.microsoft.com/en-us/entra/identity-platform/access-tokens#token-formats
You can decode those tokens using jwt.ms and then compare the slightly varying claims of the tokens.
Hope this will help.
Thanks,
Shweta
Please remember to "Accept Answer" if answer helped you.