Logging in MSAL for Android

The Microsoft Authentication Library (MSAL) apps generate log messages that can help diagnose issues. An app can configure logging with a few lines of code, and have custom control over the level of detail and whether or not personal and organizational data is logged. We recommend you create an MSAL logging implementation and provide a way for users to submit logs when they have authentication issues.

Logging levels

MSAL provides several levels of logging detail:

  • LogAlways: No level filtering is done on this log level. Log messages of all levels will be logged.
  • Critical: Logs that describe an unrecoverable application or system crash, or a catastrophic failure that requires immediate attention.
  • Error: Indicates something has gone wrong and an error was generated. Used for debugging and identifying problems.
  • Warning: There hasn't necessarily been an error or failure, but are intended for diagnostics and pinpointing problems.
  • Informational: MSAL will log events intended for informational purposes not necessarily intended for debugging.
  • Verbose (Default): MSAL logs the full details of library behavior.


Not all log levels are available for all MSAL SDK's

Personal and organizational data

By default, the MSAL logger doesn't capture any highly sensitive personal or organizational data. The library provides the option to enable logging personal and organizational data if you decide to do so.

The following sections provide more details about MSAL error logging for your application.

Logging in MSAL for Android using Java

Turn logging on at app creation by creating a logging callback. The callback takes these parameters:

  • tag is a string passed to the callback by the library. It is associated with the log entry and can be used to sort logging messages.
  • logLevel enables you to decide which level of logging you want. The supported log levels are: Error, Warning, Info, and Verbose.
  • message is the content of the log entry.
  • containsPII specifies whether messages containing personal data, or organizational data are logged. By default, this is set to false, so that your application doesn't log personal data. If containsPII is true, this method will receive the messages twice: once with the containsPII parameter set to false and the message without personal data, and a second time with the containsPii parameter set to true and the message might contain personal data. In some cases (when the message does not contain personal data), the message will be the same.
private StringBuilder mLogs;

mLogs = new StringBuilder();
Logger.getInstance().setExternalLogger(new ILoggerCallback()
   public void log(String tag, Logger.LogLevel logLevel, String message, boolean containsPII)

By default, the MSAL logger will not capture any personal identifiable information or organizational identifiable information. To enable the logging of personal identifiable information or organizational identifiable information:


To disable logging personal data and organization data:


By default logging to logcat is disabled. To enable:


Next steps

For more code samples, refer to Microsoft identity platform code samples.