We use an AD tenant to allow partners access to our application. We have enabled self service to allow users to register themselves.
The application is a React Application, using the MSAL packages: @azure/msal-browser and @azure/msal-react.
When the user (with an existing Microsoft account that doesn't already exist in our tenant) clicks to sign in, they are redirected to the login.microsoftonline.com login page where they authenticate.
They then get the message "This account does not exist in this organisation. Enter a different account or create a new one". They click 'Create a new one', then 'Sign up with email'
They provide their email address and password, then accept the permissions for the application, after which they provide personal details (City, Region, Display name, Given name and Surname).
They then get the message: "Help us to protect your account Microsoft has enabled Security Defaults to keep your account secure . . .". Click Next and they are redirected to the broken page below (https://account.activedirectory.windowsazure.com/securityinfo?isOobe=False&brkr=&brkrVer=2.16.1&clientSku=msal.js.browser):
Page content:
)]}',
{"CID":"e158000e-4d57-4fa2-84f4-6eeed7d02d32","Date":"2021-10-12T13:54:41.9631039Z","Exception":null}
At this point, the user can be seen in our Active Directory. If the user refreshes the page and resubmits their form data, the MFA Authenticator process is invoked and the sign up can be completed successfully.
Any thoughts on what may be causing this? Users with accounts already registered with our tenant can login without issue. It appears to be a bug specifically around creating new accounts and MFA.