Hello @Pablo Robles,
Thank you for connecting offline.
I performed a repro and observed the same behavior. Based on test analysis, I understand that for CIAM (Microsoft Entra External ID) tenants, we should not use the "Accounts in any organizational directory and personal Microsoft accounts (e.g., Skype, Xbox)" option when registering applications.
As documented here: https://learn.microsoft.com/en-us/entra/external-id/customers/concept-supported-features-customers#application-registration
This is because External ID tenants authenticate through the CIAM gateway (https://{domain}.ciamlogin.com/...) rather than the standard login.microsoftonline.com endpoint. External ID tenants are purpose-built to support consumer and business customers accessing applications, particularly those federated with External Identity Providers like Facebook, Microsoft Accounts (MSA), and Gmail.
To support these scenarios, applications should:
- Be registered as single-tenant apps in the External ID tenant.
- Be used exclusively within CIAM-based sign-in flows.
Therefore, the intent to support sign-in for "all Microsoft account types" (multi-tenant and MSA) is not compatible with Entra External ID tenants.