have a cordova application in which i am using Cordova plugin (cordova-plugin-ms-adal)Active Directory Authentication Library (ADAL) .I want to authenticate the user using Single Sign On feature of Microsoft Azure.The scenario which is working fine for me now is :- Working Scenario:- using the plugin as :-

var authContext = new Microsoft.ADAL.AuthenticationContext("https://login.windows.net/common");

authContext.acquireTokenAsync("https://graph.windows.net",ClientID, 'msal9314af11-xxxx-4058-xxxx-9f7e60c3d9d5://auth', '', '')

And in Response I am getting Response in Token and token Expiry Date Successfully:-

 console.log("Token acquired: " + authResponse.accessToken);
         console.log("Token will expire on: " + authResponse.expiresOn);

From the Above I am able to access the web api`s which is also hosted in Azure Active Directory.

Scenario Failed :- Using Brokered Authentication for Android using MS Adal Cordova Plugin I will Set the Below code

Microsoft.ADAL.AuthenticationSettings.setUseBroker(true); 
var authContext = new Microsoft.ADAL.AuthenticationContext("https://login.windows.net/common");

authContext.acquireTokenAsync("https://graph.windows.net",ClientID, 'msauth://PackageName/base64EncodeString', '', '')

And in Response I am getting Response in Token and token Expiry Date Successfully:-

console.log("Token acquired: " + authResponse.accessToken);
         console.log("Token will expire on: " + authResponse.expiresOn);

Using Microsoft.ADAL.AuthenticationSettings.setUseBroker(true); I am getting Enroll Device when i sign in to my microsoft account because the User is set in Conditional Access policy for Device Compliance. I will enroll the Device and Microsoft Intune is installed in my phone. The Enrollment is SuccessFull And i get my account to select the next time i open the app but the Web Api`s are Called I get the response from the Web API as Microsoft Sign In HTML Page in return . API is not returning json DATA which is Expected.

Trying to update AD Connect due to the "high CPU utilization bug with .NET" met with UnauthorizedAccessException: Attempted to perform an unauthorized operation.

Steps taken:

1.) Verified AD Connect readiness requirements

2.) Checked that authorization users has AD Global Admin privileges

Trace:

[10:03:33.517] [  1] [INFO ]
[10:03:33.533] [  1] [INFO ] ================================================================================
[10:03:33.533] [  1] [INFO ] Application starting
[10:03:33.533] [  1] [INFO ] ================================================================================
[10:03:33.533] [  1] [INFO ] Start Time (Local): Fri, 12 Oct 2018 10:03:33 GMT
[10:03:33.533] [  1] [INFO ] Start Time (UTC): Fri, 12 Oct 2018 14:03:33 GMT
[10:03:33.549] [  1] [INFO ] Application Version: 1.1.882.0
[10:03:33.549] [  1] [INFO ] Application Build Date: 2018-08-31 22:50:05Z
[10:03:36.142] [  1] [INFO ] Telemetry session identifier: {aa4d10f5-8549-49ab-bbeb-f44a85a3e40a}
[10:03:36.142] [  1] [INFO ] Telemetry device identifier: ihlWC1zb0KcA8AsoJLSJDXFzE2OCStb4QFh0nTO/zAw=
[10:03:36.142] [  1] [INFO ] Application Build Identifier: AD-IAM-HybridSync master (0eb4240d4)
[10:03:36.502] [  1] [INFO ] machine.config path: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Config\machine.config.
[10:03:36.502] [  1] [INFO ] Default Proxy [ProxyAddress]: <Unspecified>
[10:03:36.502] [  1] [INFO ] Default Proxy [UseSystemDefault]: Unspecified
[10:03:36.502] [  1] [INFO ] Default Proxy [BypassOnLocal]: Unspecified
[10:03:36.502] [  1] [INFO ] Default Proxy [Enabled]: True
[10:03:36.502] [  1] [INFO ] Default Proxy [AutoDetect]: Unspecified
[10:03:36.517] [  1] [VERB ] Scheduler wizard mutex wait timeout: 00:00:05
[10:03:36.517] [  1] [INFO ] AADConnect changes ALLOWED: Successfully acquired the configuration change mutex.
[10:03:36.564] [  1] [INFO ] RootPageViewModel.GetInitialPages: Beginning detection for creating initial pages.
[10:03:36.580] [  1] [INFO ] Loading the persisted settings .
[10:03:36.627] [  1] [INFO ] Checking if machine version is 6.1.7601 or higher
[10:03:36.830] [  1] [INFO ] The current operating system version is 6.3.9600, the requirement is 6.1.7601.
[10:03:36.830] [  1] [INFO ] Password Hash Sync supported: 'True'
[10:03:37.049] [  1] [INFO ] DetectInstalledComponents stage: The installed OS SKU is 7
[10:03:37.049] [  1] [INFO ] DetectInstalledComponents stage: Checking install context.
[10:03:37.049] [  1] [INFO ] Performing direct lookup of upgrade codes for: Microsoft Visual C++ 2013 Redistributable Package
[10:03:37.064] [  1] [VERB ] Getting list of installed packages by upgrade code
[10:03:37.064] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {20400cf0-de7c-327e-9ae4-f0f38d9085f8}: verified product code {a749d8e6-b613-3be3-8f5f-045c84eba29b}.
[10:03:37.064] [  1] [VERB ] Package=Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005, Version=12.0.21005, ProductCode=a749d8e6-b613-3be3-8f5f-045c84eba29b, UpgradeCode=20400cf0-de7c-327e-9ae4-f0f38d9085f8
[10:03:37.064] [  1] [INFO ] Determining installation action for Microsoft Visual C++ 2013 Redistributable Package (20400cf0-de7c-327e-9ae4-f0f38d9085f8)
[10:03:37.064] [  1] [INFO ] Product Microsoft Visual C++ 2013 Redistributable Package (version 12.0.21005) is installed.
[10:03:37.064] [  1] [INFO ] Performing direct lookup of upgrade codes for: Microsoft Directory Sync Tool
[10:03:37.064] [  1] [VERB ] Getting list of installed packages by upgrade code
[10:03:37.064] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {bef7e7d9-2ac2-44b9-abfc-3335222b92a7}: no registered products found.
[10:03:37.064] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {dc9e604e-37b0-4efc-b429-21721cf49d0d}: no registered products found.
[10:03:37.064] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {545334d7-13cd-4bab-8da1-2775fa8cf7c2}: verified product code {526b2e61-721f-4a22-9034-474ed46b1727}.
[10:03:37.064] [  1] [VERB ] Package=Microsoft Azure AD Connect synchronization services, Version=1.1.882.0, ProductCode=526b2e61-721f-4a22-9034-474ed46b1727, UpgradeCode=545334d7-13cd-4bab-8da1-2775fa8cf7c2
[10:03:37.080] [  1] [INFO ] Determining installation action for Microsoft Directory Sync Tool UpgradeCodes {bef7e7d9-2ac2-44b9-abfc-3335222b92a7}, {dc9e604e-37b0-4efc-b429-21721cf49d0d}
[10:03:37.080] [  1] [INFO ] DirectorySyncComponent: Product Microsoft Directory Sync Tool is not installed.
[10:03:37.236] [  1] [INFO ] Performing direct lookup of upgrade codes for: Azure AD Sync Engine
[10:03:37.236] [  1] [VERB ] Getting list of installed packages by upgrade code
[10:03:37.236] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {545334d7-13cd-4bab-8da1-2775fa8cf7c2}: verified product code {526b2e61-721f-4a22-9034-474ed46b1727}.
[10:03:37.236] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {dc9e604e-37b0-4efc-b429-21721cf49d0d}: no registered products found.
[10:03:37.236] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {bef7e7d9-2ac2-44b9-abfc-3335222b92a7}: no registered products found.
[10:03:37.236] [  1] [VERB ] Package=Microsoft Azure AD Connect synchronization services, Version=1.1.882.0, ProductCode=526b2e61-721f-4a22-9034-474ed46b1727, UpgradeCode=545334d7-13cd-4bab-8da1-2775fa8cf7c2
[10:03:37.236] [  1] [INFO ] Determining installation action for Azure AD Sync Engine (545334d7-13cd-4bab-8da1-2775fa8cf7c2)
[10:03:37.830] [  1] [VERB ] Check product code installed: {4e67cad2-d71b-4f06-a7ae-bb49c566bb93}
[10:03:37.830] [  1] [INFO ] GetProductInfoProperty({4e67cad2-d71b-4f06-a7ae-bb49c566bb93}, VersionString): unknown product
[10:03:37.924] [  1] [INFO ] TryGetPersistedMarker: upgrade marker registry key found UpgradeFromAADConnect,1.1.647.0
[10:03:37.939] [  1] [INFO ] AzureADSyncEngineComponent: Product Azure AD Sync Engine (version 1.1.882.0) is installed.
[10:03:37.939] [  1] [INFO ] AzureADSyncEngineComponent: Configuration is still pending completion.
[10:03:37.939] [  1] [INFO ] Performing direct lookup of upgrade codes for: Azure AD Connect Synchronization Agent
[10:03:37.939] [  1] [VERB ] Getting list of installed packages by upgrade code
[10:03:37.939] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {3cd653e3-5195-4ff2-9d6c-db3dacc82c25}: no registered products found.
[10:03:37.939] [  1] [INFO ] Determining installation action for Azure AD Connect Synchronization Agent (3cd653e3-5195-4ff2-9d6c-db3dacc82c25)
[10:03:37.939] [  1] [INFO ] Product Azure AD Connect Synchronization Agent is not installed.
[10:03:37.939] [  1] [INFO ] Performing direct lookup of upgrade codes for: Azure AD Connect Health agent for sync
[10:03:37.939] [  1] [VERB ] Getting list of installed packages by upgrade code
[10:03:37.939] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {114fb294-8aa6-43db-9e5c-4ede5e32886f}: verified product code {eca633f0-02e9-466d-91e2-1c56b79b8f01}.
[10:03:37.939] [  1] [VERB ] Package=Microsoft Azure AD Connect Health agent for sync, Version=3.0.103.0, ProductCode=eca633f0-02e9-466d-91e2-1c56b79b8f01, UpgradeCode=114fb294-8aa6-43db-9e5c-4ede5e32886f
[10:03:37.939] [  1] [INFO ] Determining installation action for Azure AD Connect Health agent for sync (114fb294-8aa6-43db-9e5c-4ede5e32886f)
[10:03:37.939] [  1] [INFO ] Product Azure AD Connect Health agent for sync (version 3.0.103.0) is installed.
[10:03:37.939] [  1] [INFO ] Performing direct lookup of upgrade codes for: Microsoft Azure AD Connect Authentication Agent
[10:03:37.939] [  1] [VERB ] Getting list of installed packages by upgrade code
[10:03:37.939] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {0c06f9df-c56b-42c4-a41b-f5f64d01a35c}: no registered products found.
[10:03:37.939] [  1] [INFO ] Determining installation action for Microsoft Azure AD Connect Authentication Agent (0c06f9df-c56b-42c4-a41b-f5f64d01a35c)
[10:03:37.939] [  1] [INFO ] Product Microsoft Azure AD Connect Authentication Agent is not installed.
[10:03:37.939] [  1] [INFO ] Performing direct lookup of upgrade codes for: Microsoft SQL Server 2012 Command Line Utilities
[10:03:37.939] [  1] [VERB ] Getting list of installed packages by upgrade code
[10:03:37.939] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {52446750-c08e-49ef-8c2e-1e0662791e7b}: verified product code {89ca7913-f891-4546-8f55-355338677fe6}.
[10:03:37.939] [  1] [VERB ] Package=Microsoft SQL Server 2012 Command Line Utilities , Version=11.4.7001.0, ProductCode=89ca7913-f891-4546-8f55-355338677fe6, UpgradeCode=52446750-c08e-49ef-8c2e-1e0662791e7b
[10:03:37.939] [  1] [INFO ] Determining installation action for Microsoft SQL Server 2012 Command Line Utilities (52446750-c08e-49ef-8c2e-1e0662791e7b)
[10:03:37.939] [  1] [INFO ] Product Microsoft SQL Server 2012 Command Line Utilities (version 11.4.7001.0) is installed.
[10:03:37.939] [  1] [INFO ] Performing direct lookup of upgrade codes for: Microsoft SQL Server 2012 Express LocalDB
[10:03:37.939] [  1] [VERB ] Getting list of installed packages by upgrade code
[10:03:37.939] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {c3593f78-0f11-4d8d-8d82-55460308e261}: verified product code {72b030ed-b1e3-45e5-ba33-a1f5625f2b93}.
[10:03:37.939] [  1] [VERB ] Package=Microsoft SQL Server 2012 Express LocalDB , Version=11.4.7469.6, ProductCode=72b030ed-b1e3-45e5-ba33-a1f5625f2b93, UpgradeCode=c3593f78-0f11-4d8d-8d82-55460308e261
[10:03:37.939] [  1] [INFO ] Determining installation action for Microsoft SQL Server 2012 Express LocalDB (c3593f78-0f11-4d8d-8d82-55460308e261)
[10:03:37.939] [  1] [INFO ] Product Microsoft SQL Server 2012 Express LocalDB (version 11.4.7469.6) is installed.
[10:03:37.939] [  1] [INFO ] Performing direct lookup of upgrade codes for: Microsoft SQL Server 2012 Native Client
[10:03:37.939] [  1] [VERB ] Getting list of installed packages by upgrade code
[10:03:37.939] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {1d2d1fa0-e158-4798-98c6-a296f55414f9}: verified product code {b9274744-8bae-4874-8e59-2610919cd419}.
[10:03:37.939] [  1] [VERB ] Package=Microsoft SQL Server 2012 Native Client , Version=11.4.7001.0, ProductCode=b9274744-8bae-4874-8e59-2610919cd419, UpgradeCode=1d2d1fa0-e158-4798-98c6-a296f55414f9
[10:03:37.939] [  1] [INFO ] Determining installation action for Microsoft SQL Server 2012 Native Client (1d2d1fa0-e158-4798-98c6-a296f55414f9)
[10:03:37.939] [  1] [INFO ] Product Microsoft SQL Server 2012 Native Client (version 11.4.7001.0) is installed.
[10:03:37.939] [  1] [INFO ] Performing direct lookup of upgrade codes for: Microsoft Azure AD Connect Authentication Agent
[10:03:37.939] [  1] [VERB ] Getting list of installed packages by upgrade code
[10:03:37.939] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {fb3feca7-5190-43e7-8d4b-5eec88ed9455}: no registered products found.
[10:03:37.939] [  1] [INFO ] Determining installation action for Microsoft Azure AD Connect Authentication Agent (fb3feca7-5190-43e7-8d4b-5eec88ed9455)
[10:03:37.939] [  1] [INFO ] Product Microsoft Azure AD Connect Authentication Agent is not installed.
[10:03:37.939] [  1] [INFO ] Determining installation action for Microsoft Azure AD Connection Tool.
[10:03:38.033] [  1] [WARN ] Failed to read DisplayName registry key: An error occurred while executing the 'Get-ItemProperty' command. Cannot find path 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MicrosoftAzureADConnectionTool' because it does not exist.
[10:03:38.033] [  1] [INFO ] Product Microsoft Azure AD Connection Tool is not installed.
[10:03:38.033] [  1] [INFO ] Performing direct lookup of upgrade codes for: Azure Active Directory Connect
[10:03:38.033] [  1] [VERB ] Getting list of installed packages by upgrade code
[10:03:38.033] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {d61eb959-f2d1-4170-be64-4dc367f451ea}: verified product code {786f1270-e605-4b12-80a1-6dde0de09323}.
[10:03:38.033] [  1] [VERB ] Package=Microsoft Azure AD Connect, Version=1.1.882.0, ProductCode=786f1270-e605-4b12-80a1-6dde0de09323, UpgradeCode=d61eb959-f2d1-4170-be64-4dc367f451ea
[10:03:38.033] [  1] [INFO ] Determining installation action for Azure Active Directory Connect (d61eb959-f2d1-4170-be64-4dc367f451ea)
[10:03:38.033] [  1] [INFO ] Product Azure Active Directory Connect (version 1.1.882.0) is installed.
[10:03:39.533] [  1] [INFO ] ServiceControllerProvider: GetServiceStartMode(seclogon) is 'Manual'.
[10:03:39.533] [  1] [INFO ] ServiceControllerProvider: verifying EventLog is in state (Running)
[10:03:39.533] [  1] [INFO ] ServiceControllerProvider: current service status: Running
[10:03:39.533] [  1] [INFO ] DetectInstalledComponents stage: Sync engine upgrade required.
[10:03:39.533] [  1] [INFO ] MicrosoftOnlinePersistedStateProvider.Backup: backing up the persisted state file
[10:03:39.533] [  1] [INFO ]      - Current: C:\ProgramData\AADConnect\PersistedState.xml
[10:03:39.533] [  1] [INFO ]      - New backup: C:\ProgramData\AADConnect\Backup-PersistedState-20181012-100339.xml
[10:03:39.533] [  1] [INFO ] MicrosoftOnlinePersistedStateProvider.UpdateFileProtection: updating file protection from the persisted state file: C:\ProgramData\AADConnect\Backup-PersistedState-20181012-100339.xml, isAddProtection: True
[10:03:39.674] [  1] [INFO ] CallExportSyncConfig: launching ExportSyncConfig.exe.
[10:03:43.111] [  1] [INFO ] ServiceControllerProvider: verifying ADSync is in state (Running)
[10:03:43.111] [  1] [INFO ] ServiceControllerProvider: current service status: Running
[10:03:43.111] [  1] [INFO ] IsExistingScenarioCompleted: open existing persisted state file to check if GA/QFE version
[10:03:43.111] [  1] [INFO ] IsExistingScenarioCompleted: No ScenarioIds were found
[10:03:43.111] [  1] [INFO ] IsExistingScenarioCompleted: IsConfigurationComplete=False, userSignInMethodType=PasswordHashSync
[10:03:43.205] [  1] [INFO ] TryGetPersistedMarker: upgrade marker registry key found UpgradeFromAADConnect,1.1.647.0
[10:03:43.205] [  1] [INFO ] Called SetWizardMode(UpgradeFromAADConnect, True)
[10:03:43.205] [  1] [INFO ] DetectInstalledComponents stage: Wizard mode is now set to UpgradeFromAADConnect.
[10:03:43.205] [  1] [INFO ] Persist: Setting upgrade marker (UpgradeFromAADConnect,1.1.647.0).
[10:03:43.299] [  1] [INFO ] ExistingUserSignInMethodType=PasswordHashSync
[10:03:43.299] [  1] [INFO ] Checking for DirSync conditions.
[10:03:43.299] [  1] [INFO ] DirSync not detected. Checking for AADSync/AADConnect upgrade conditions.
[10:03:43.299] [  1] [INFO ] AADSync/AADConnect is present. App.WizardMode=UpgradeFromAADConnect
[10:03:45.080] [  1] [INFO ] ExecuteInstalledADSyncPowerShell: Got back success:true for "" IsEligibleForEaCredentials.
[10:03:45.080] [  1] [INFO ] IsEligibleForEaCredentials [True]: received exit code: 97
[10:03:45.080] [  1] [INFO ] IsEligibleForEaCredentials: Express Mode re-provisioning is NOT required.
[10:03:45.095] [  1] [INFO ] MicrosoftOnlinePersistedStateProvider.Save: saving the persisted state file
[10:03:45.095] [  1] [INFO ] MicrosoftOnlinePersistedStateProvider.UpdateFileProtection: updating file protection from the persisted state file: C:\ProgramData\AADConnect\PersistedState.xml, isAddProtection: False
[10:03:45.095] [  1] [ERROR] PerformConfigurationPageViewModel: Caught exception when connecting to persisted state store.
Exception Data (Raw): System.UnauthorizedAccessException: Attempted to perform an unauthorized operation.
   at System.Security.AccessControl.Win32.SetSecurityInfo(ResourceType type, String name, SafeHandle handle, SecurityInfos securityInformation, SecurityIdentifier owner, SecurityIdentifier group, GenericAcl sacl, GenericAcl dacl)
   at System.Security.AccessControl.NativeObjectSecurity.Persist(String name, SafeHandle handle, AccessControlSections includeSections, Object exceptionContext)
   at System.Security.AccessControl.NativeObjectSecurity.Persist(String name, AccessControlSections includeSections, Object exceptionContext)
   at System.Security.AccessControl.FileSystemSecurity.Persist(String fullPath)
   at Microsoft.Online.Deployment.Types.PersistedState.MicrosoftOnlinePersistedStateProvider.UpdateFileProtection(String fileName, Boolean isAddProtection)
   at Microsoft.Online.Deployment.Types.PersistedState.MicrosoftOnlinePersistedStateProvider.Save(PersistedStateContainer state)
   at Microsoft.Online.Deployment.OneADWizard.UI.WizardPages.RootPageViewModel.SavePersistedState()
[10:03:45.111] [  1] [INFO ] UpgradeSyncEngine: verifying current user has db_owner permissions ((localdb)\.\ADSync).
[10:03:45.142] [  1] [INFO ] CheckCurrentUserIsDbOwner: executing query (SELECT IS_MEMBER('db_owner')).
[10:03:45.283] [  1] [INFO ] CheckCurrentUserIsDbOwner: current user is db_owner for the AADSync database. (result=1)
[10:03:45.283] [  1] [INFO ] UpgradeSyncEngine: db_owner permission verified.
[10:03:45.345] [  1] [INFO ] VerifySecurityGroupsExists: verifying if the Security Groups are present
[10:03:45.361] [  1] [INFO ] VerifyGroupExists: Checking if the group ADSyncAdmins is present in Machine context .
[10:03:47.689] [  1] [INFO ] VerifyGroupExists: Checking if the group ADSyncBrowse is present in Machine context .
[10:03:47.705] [  1] [INFO ] VerifyGroupExists: Checking if the group ADSyncOperators is present in Machine context .
[10:03:47.720] [  1] [INFO ] VerifyGroupExists: Checking if the group ADSyncPasswordSet is present in Machine context .
[10:03:50.424] [  1] [INFO ] ProgressWizardPageViewModel:StartProgressOperation Start background task Microsoft.Online.Deployment.OneADWizard.UI.WizardPages.InstallSyncEnginePageViewModel.StartAADSyncUpgrade in Page:"Upgrade Azure Active Directory Connect"
[10:03:50.424] [  1] [INFO ] ProgressWizardPageViewModel:StartProgressOperation Started Background Task Id:121
[10:03:50.439] [ 15] [INFO ] Starting Prerequisite installation
[10:03:50.439] [ 15] [VERB ] WorkflowEngine created
[10:03:50.439] [ 15] [INFO ] Performing direct lookup of upgrade codes for: Microsoft Visual C++ 2013 Redistributable Package
[10:03:50.439] [ 15] [VERB ] Getting list of installed packages by upgrade code
[10:03:50.439] [ 15] [INFO ] GetInstalledPackagesByUpgradeCode {20400cf0-de7c-327e-9ae4-f0f38d9085f8}: verified product code {a749d8e6-b613-3be3-8f5f-045c84eba29b}.
[10:03:50.439] [ 15] [VERB ] Package=Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005, Version=12.0.21005, ProductCode=a749d8e6-b613-3be3-8f5f-045c84eba29b, UpgradeCode=20400cf0-de7c-327e-9ae4-f0f38d9085f8
[10:03:50.439] [ 15] [INFO ] Determining installation action for Microsoft Visual C++ 2013 Redistributable Package (20400cf0-de7c-327e-9ae4-f0f38d9085f8)
[10:03:50.439] [ 15] [INFO ] Product Microsoft Visual C++ 2013 Redistributable Package (version 12.0.21005) is installed.
[10:03:50.439] [ 15] [INFO ] VerifyAzureAdConnectorPresent: Check if the Azure AD connector with ID b891884f-051e-4a83-95af-2544101c9083 is present.
[10:03:51.871] [ 15] [INFO ] ExecuteInstalledADSyncPowerShell: Got back success:true for "" IsAzureAdConnectorPresent.
[10:03:51.871] [ 15] [INFO ] VerifyAzureAdConnectorPresent: The default Azure AD connector is present.
[10:03:51.871] [ 15] [INFO ] Starting Sync Engine upgrade
[10:03:51.873] [ 15] [INFO ] UpgradeSyncEngineStage: Starting Sync Engine upgrade (WizardMode=UpgradeFromAADConnect)
[10:03:54.526] [ 15] [INFO ] ExecuteInstalledADSyncPowerShell: Got back success:true for "" SetGlobalParameterValue Microsoft.Synchronize.SchedulerSuspended True.
[10:03:54.539] [ 15] [INFO ] DetectInstalledComponents: Marking Sync Engine as successfully installed.
[10:03:54.548] [ 15] [INFO ] SyncDataProvider:LoadSettings - loading context with persisted global settings.
[10:03:55.023] [ 15] [VERB ] SynchronizationRuleTemplateEngine: Setting multi forest user join criteria AlwaysProvision:
[10:03:56.234] [  1] [INFO ] Page transition from "Upgrade AAD Connect" [InstallSyncEnginePageViewModel] to "Connect to Azure AD" [AzureTenantPageViewModel]
[10:03:56.359] [  1] [WARN ] Failed to read IAzureActiveDirectoryContext.AzureADUsername registry key: An error occurred while executing the 'Get-ItemProperty' command. Property IAzureActiveDirectoryContext.AzureADUsername does not exist at path HKEY_CURRENT_USER\SOFTWARE\Microsoft\Azure AD Connect.
[10:03:56.361] [  1] [INFO ] Property Username failed validation with error The Microsoft Azure account name cannot be empty.
[10:04:34.885] [  1] [INFO ] Property Password failed validation with error A Microsoft Azure password is required.
[10:04:43.335] [ 15] [INFO ] AzureTenantPage: Beginning Windows Azure tenant credential validation for user - (omitted)
[10:04:43.835] [ 15] [INFO ] DiscoverAzureInstance [Worldwide]: authority=https://login.windows.net/montoursvillepa.onmicrosoft.com, awsServiceResource=https://graph.windows.net. Resolution Method [AzureInstanceDiscovery]: Cloud Instance Name (microsoftonline.com), Tenant Region Scope (NA), Token Endpoint.
[10:04:43.850] [ 15] [INFO ] ADAL: 2018-10-12T14:04:43.8506687Z: 00000000-0000-0000-0000-000000000000 - LoggerBase.cs: Clearing Cache :- 0 items to be removed
[10:04:43.850] [ 15] [INFO ] ADAL: 2018-10-12T14:04:43.8506687Z: 00000000-0000-0000-0000-000000000000 - LoggerBase.cs: Successfully Cleared Cache
[10:04:43.850] [ 15] [INFO ] Authenticate-ADAL: acquiring token using explicit tenant credentials.
[10:04:43.850] [ 15] [INFO ] ADAL: 2018-10-12T14:04:43.8506687Z: c36987d9-158e-42f8-bf1f-284ac1256230 - LoggerBase.cs: ADAL PCL.Desktop with assembly version '3.19.6.14301', file version '3.19.50523.1839' and informational version '1ae77ee16c2204403e53d7e652ddc8f4d315cfb1' is running...
[10:04:43.850] [ 15] [INFO ] ADAL: 2018-10-12T14:04:43.8506687Z: c36987d9-158e-42f8-bf1f-284ac1256230 - LoggerBase.cs: === Token Acquisition started:
 CacheType: null
 Authentication Target: User
 , Authority Host: login.windows.net
[10:04:44.163] [ 19] [INFO ] ADAL: 2018-10-12T14:04:44.1631691Z: c36987d9-158e-42f8-bf1f-284ac1256230 - LoggerBase.cs: No matching token was found in the cache
[10:04:44.163] [ 19] [INFO ] ADAL: 2018-10-12T14:04:44.1631691Z: c36987d9-158e-42f8-bf1f-284ac1256230 - LoggerBase.cs: No matching token was found in the cache
[10:04:44.163] [ 19] [INFO ] ADAL: 2018-10-12T14:04:44.1631691Z: c36987d9-158e-42f8-bf1f-284ac1256230 - LoggerBase.cs: No matching token was found in the cache
[10:04:44.163] [ 19] [INFO ] ADAL: 2018-10-12T14:04:44.1631691Z: c36987d9-158e-42f8-bf1f-284ac1256230 - LoggerBase.cs: No matching token was found in the cache
[10:04:44.163] [ 19] [INFO ] ADAL: 2018-10-12T14:04:44.1631691Z: c36987d9-158e-42f8-bf1f-284ac1256230 - LoggerBase.cs: No matching token was found in the cache
[10:04:44.163] [ 19] [INFO ] ADAL: 2018-10-12T14:04:44.1631691Z: c36987d9-158e-42f8-bf1f-284ac1256230 - LoggerBase.cs: No matching token was found in the cache
[10:04:44.163] [ 19] [INFO ] ADAL: 2018-10-12T14:04:44.1631691Z: c36987d9-158e-42f8-bf1f-284ac1256230 - LoggerBase.cs: Sending request to userrealm endpoint.
[10:04:44.585] [ 18] [INFO ] ADAL: 2018-10-12T14:04:44.5850476Z: c36987d9-158e-42f8-bf1f-284ac1256230 - LoggerBase.cs: === Token Acquisition finished successfully. An access token was returned: Expiration Time: 10/12/2018 3:04:44 PM +00:00
[10:04:44.585] [ 15] [INFO ] Authenticate-ADAL: retrieving company configuration for tenant=fd61afb6-3929-4834-aedc-ca5e889e0bf1.
[10:04:44.975] [ 15] [INFO ] ADAL: 2018-10-12T14:04:44.9756681Z: 4a6a01a4-6343-4657-a3ce-c63c45b22506 - LoggerBase.cs: ADAL PCL.Desktop with assembly version '3.19.6.14301', file version '3.19.50523.1839' and informational version '1ae77ee16c2204403e53d7e652ddc8f4d315cfb1' is running...
[10:04:44.975] [ 15] [INFO ] ADAL: 2018-10-12T14:04:44.9756681Z: 4a6a01a4-6343-4657-a3ce-c63c45b22506 - LoggerBase.cs: === Token Acquisition started:
 CacheType: null
 Authentication Target: User
 , Authority Host: login.windows.net
[10:04:44.975] [ 15] [INFO ] ADAL: 2018-10-12T14:04:44.9756681Z: 4a6a01a4-6343-4657-a3ce-c63c45b22506 - LoggerBase.cs: An item matching the requested resource was found in the cache
[10:04:44.975] [ 15] [INFO ] ADAL: 2018-10-12T14:04:44.9756681Z: 4a6a01a4-6343-4657-a3ce-c63c45b22506 - LoggerBase.cs: 59.9929687866667 minutes left until token in cache expires
[10:04:44.975] [ 15] [INFO ] ADAL: 2018-10-12T14:04:44.9756681Z: 4a6a01a4-6343-4657-a3ce-c63c45b22506 - LoggerBase.cs: A matching item (access token or refresh token or both) was found in the cache
[10:04:44.975] [ 15] [INFO ] ADAL: 2018-10-12T14:04:44.9756681Z: 4a6a01a4-6343-4657-a3ce-c63c45b22506 - LoggerBase.cs: === Token Acquisition finished successfully. An access token was returned: Expiration Time: 10/12/2018 3:04:44 PM +00:00
[10:04:46.210] [ 15] [INFO ] Authenticate: tenantId=(fd61afb6-3929-4834-aedc-ca5e889e0bf1), IsDirSyncing=True, IsPasswordSyncing=True, DomainName=, DirSyncFeatures=57, AllowedFeatures=ObjectWriteback, PasswordWriteback.
[10:04:46.210] [ 15] [INFO ] AzureTenantPage: AzureTenantSourceAnchorAttribute is objectGUID
[10:04:46.210] [ 15] [INFO ] AzureTenantPage: attempting to connect to Azure via AAD PowerShell.
[10:04:46.225] [ 15] [INFO ] DiscoverAzureEndpoints [AzurePowerShell]: ServiceEndpoint=https://provisioningapi.microsoftonline.com/provisioningwebservice.svc, AdalAuthority=https://login.windows.net/montoursvillepa.onmicrosoft.com, AdalResource=https://graph.windows.net.
[10:04:46.225] [ 15] [INFO ] AcquireServiceToken [AzurePowerShell]: acquiring additional service token.
[10:04:46.225] [ 15] [INFO ] ADAL: 2018-10-12T14:04:46.2256739Z: 07c81279-1644-49a9-b1d2-bdba628bd8ef - LoggerBase.cs: ADAL PCL.Desktop with assembly version '3.19.6.14301', file version '3.19.50523.1839' and informational version '1ae77ee16c2204403e53d7e652ddc8f4d315cfb1' is running...
[10:04:46.225] [ 15] [INFO ] ADAL: 2018-10-12T14:04:46.2256739Z: 07c81279-1644-49a9-b1d2-bdba628bd8ef - LoggerBase.cs: === Token Acquisition started:
 CacheType: null
 Authentication Target: User
 , Authority Host: login.windows.net
[10:04:46.225] [ 15] [INFO ] ADAL: 2018-10-12T14:04:46.2256739Z: 07c81279-1644-49a9-b1d2-bdba628bd8ef - LoggerBase.cs: An item matching the requested resource was found in the cache
[10:04:46.225] [ 15] [INFO ] ADAL: 2018-10-12T14:04:46.2256739Z: 07c81279-1644-49a9-b1d2-bdba628bd8ef - LoggerBase.cs: 59.9721353566667 minutes left until token in cache expires
[10:04:46.225] [ 15] [INFO ] ADAL: 2018-10-12T14:04:46.2256739Z: 07c81279-1644-49a9-b1d2-bdba628bd8ef - LoggerBase.cs: A matching item (access token or refresh token or both) was found in the cache
[10:04:46.225] [ 15] [INFO ] ADAL: 2018-10-12T14:04:46.2256739Z: 07c81279-1644-49a9-b1d2-bdba628bd8ef - LoggerBase.cs: === Token Acquisition finished successfully. An access token was returned: Expiration Time: 10/12/2018 3:04:44 PM +00:00
[10:04:46.225] [ 15] [INFO ] PowerShellHelper.ConnectMsolService: Connecting using an AccessToken. AzureEnvironment=0.
[10:04:47.178] [ 15] [INFO ] AzureTenantPage: successfully connected to Azure via AAD PowerShell.
[10:04:48.022] [ 15] [INFO ] AzureTenantPage: Successfully retrieved company information for tenant fd61afb6-3929-4834-aedc-ca5e889e0bf1.  Initial domain (MontoursvillePA.onmicrosoft.com).
[10:04:48.022] [ 15] [INFO ] AzureTenantPage: DirectorySynchronizationEnabled=True
[10:04:48.022] [ 15] [INFO ] AzureTenantPage: DirectorySynchronizationStatus=Enabled
[10:04:48.038] [ 15] [INFO ] PowershellHelper: lastDirectorySyncTime=10/11/2018 12:35:00 PM
[10:04:48.241] [ 15] [INFO ] AzureTenantPage: Successfully retrieved 3 domains from the tenant.
[10:04:48.241] [ 15] [INFO ] Calling to get the last dir sync time for the current user
[10:04:48.475] [ 15] [INFO ] MicrosoftOnlinePersistedStateProvider.Save: saving the persisted state file
[10:04:48.475] [ 15] [INFO ] MicrosoftOnlinePersistedStateProvider.UpdateFileProtection: updating file protection from the persisted state file: C:\ProgramData\AADConnect\PersistedState.xml, isAddProtection: False
[10:04:48.475] [ 15] [ERROR] A terminating unhandled exception occurred.
Exception Data (Raw): System.AggregateException: One or more errors occurred. ---> System.UnauthorizedAccessException: Attempted to perform an unauthorized operation.
   at System.Security.AccessControl.Win32.SetSecurityInfo(ResourceType type, String name, SafeHandle handle, SecurityInfos securityInformation, SecurityIdentifier owner, SecurityIdentifier group, GenericAcl sacl, GenericAcl dacl)
   at System.Security.AccessControl.NativeObjectSecurity.Persist(String name, SafeHandle handle, AccessControlSections includeSections, Object exceptionContext)
   at System.Security.AccessControl.NativeObjectSecurity.Persist(String name, AccessControlSections includeSections, Object exceptionContext)
   at System.Security.AccessControl.FileSystemSecurity.Persist(String fullPath)
   at Microsoft.Online.Deployment.Types.PersistedState.MicrosoftOnlinePersistedStateProvider.UpdateFileProtection(String fileName, Boolean isAddProtection)
   at Microsoft.Online.Deployment.Types.PersistedState.MicrosoftOnlinePersistedStateProvider.Save(PersistedStateContainer state)
   at Microsoft.Online.Deployment.OneADWizard.UI.WizardPages.AzureTenantPageViewModel.ValidateCredentials()
   at System.Threading.Tasks.Task.Execute()
   --- End of inner exception stack trace ---
---> (Inner Exception #0) System.UnauthorizedAccessException: Attempted to perform an unauthorized operation.
   at System.Security.AccessControl.Win32.SetSecurityInfo(ResourceType type, String name, SafeHandle handle, SecurityInfos securityInformation, SecurityIdentifier owner, SecurityIdentifier group, GenericAcl sacl, GenericAcl dacl)
   at System.Security.AccessControl.NativeObjectSecurity.Persist(String name, SafeHandle handle, AccessControlSections includeSections, Object exceptionContext)
   at System.Security.AccessControl.NativeObjectSecurity.Persist(String name, AccessControlSections includeSections, Object exceptionContext)
   at System.Security.AccessControl.FileSystemSecurity.Persist(String fullPath)
   at Microsoft.Online.Deployment.Types.PersistedState.MicrosoftOnlinePersistedStateProvider.UpdateFileProtection(String fileName, Boolean isAddProtection)
   at Microsoft.Online.Deployment.Types.PersistedState.MicrosoftOnlinePersistedStateProvider.Save(PersistedStateContainer state)
   at Microsoft.Online.Deployment.OneADWizard.UI.WizardPages.AzureTenantPageViewModel.ValidateCredentials()
   at System.Threading.Tasks.Task.Execute()<---

[10:04:48.491] [  1] [INFO ] Page transition from "Connect to Azure AD" [AzureTenantPageViewModel] to "Error" [ErrorPageViewModel]
[10:04:52.506] [  1] [INFO ] Opened log file at path C:\ProgramData\AADConnect\trace-20181012-100333.log

Any ideas greatly appreciated.

-Fess

Hi,

I have given users the "Intune Administrator" role and they can obviously administer Intune but they also need to be able to use Powershell (CloudShell) to backup Intune configuration, make copies of config etc.

What role do they need to do this?

At the moment the Intune Administrators get:

"Need admin approval

Microsoft Intune PowerShell

Microsoft Intune PowerShell needs permission to access resources in your organisation that only an admin can grant."

Thanks.

Hello,

I am experience problem now that cannot verify the custom domain names record for AAD.  Even TXT or MX record is fail.  However, the DNS record is able propagate and resolved by some public already.  Could you please advise how to resolve it.

Additional I have another AAD using same domain (different TXT record), which is successful to verify.

Thanks in advise!

I have had a proxyAddress duplicate in January. I fixed it at the beginning of May, but the error still shows up in my AAD Connect Health. My last resort would be to delete the Azure object, and re-sync, but I don't feel comfortable with that solution.

I have already tried to remove all proxy addresses (and sync with AAD). No luck
Now, I've set the primary proxy address to @onmicrosoft.com and I've removed the @domain.com address (and sync ;) ), but the error remains.
In addition, as you look at the screenshot: the Object GUID is the same for both Objects. So actually the object is conflicting itself? :)

Is there a way to delete the error and rescan? AM I overlooking something

I've dealt with Duplicate Attributes before and was always able to fix it. Except for now...

Some info first - sorry if it is a little long. Quite new to Azure AD and user provisioning so apologies if some of the below should be obvious.

The provisioning is based on group membership which is controlled from an on-premise AD and synced to AAD. So a member of the group on on-premise AD becomes a member of the same/replicated group in AAD. The group is assigned to the Salesforce application.

The Salesforce app then has field mapping setup to sync information into the matching user in Salesforce. The matching is done on UPN - > Federation ID in Salesforce.

Users are never created via the user provisioning. Users are always created in Salesforce manully first, then added to the on-premise group. The above flow then moves them into AAD, Assigns them to the application through the group, matches the user and then starts the info sync.

However we do have the Salesforce Isactive field mapped. Meaning removal from the AAD group sets the Isactive field in Salesforce to false and disables Salesforce access. This provides the option of closing a user in Salesforce by removing them from the group in On-premise AD.

The Problem:

We have an issue where a user has previously been involved in the above flow but now needs to be a stand-alone user in Salesforce. Meaning the user should still exist and be active in Salesforce but not be part of the User provisioning flow.

The way we thought to accomplish this was simply by removing them from the on-premise group as described above, wait until they were removed from group and as a result deactivated in Salesforce.

Then we would just manually reactivate them in Salesforce and they would then have access to Salesforce without being involved in User provisioning any longer.

However, it seems the User provisioning is unable to ‘forget’ the user. If we follow the above scenario the functionality keeps updating the mapped information in the application for the user – including continuously disabling the user. Even though the User is no longer part of the group (and be extension the application)

So is there a way of getting they user ‘out’ of user provisioning after having been part of it once which that does not require us to recreate the user in Salesforce or changing the info in the Federation ID field? – as the info is used for other purposes

I disabled MFA earlier today to do some troubleshooting & then re-enabled it. Every time I try to log on to anything in the MS world, I get this error now (first I get a message saying More information is required, then it prompts me to get a phone call, text message, use authentication app, etc. They all return the same error. To make it all more exciting, I'm the only admin and I can't log into the Azure Portal to reset MFA.

The Microsoft help about the topic isn't helpful at all - it says you waited more than 10 minutes to complete the setup process (?) but there's no fix or workaround. https://support.microsoft.com/en-us/help/2909939/sorry-we-can-t-process-your-request-error-when-you-try-to-set-up-secur

Anyone have any ideas about how I can get back onto my account?

Thanks!

I need to understand how licenses are applied to users who are in multiple groups. 

I am trying to limit access to Corp Resources to Corporate issued cellphones managed by InTune.  I have user groups for those users and the EMS license is assigned to that group. 

As I think through this, it seems that this will allow a user to add the Intune Company Portal to their personal phone too, as the user is licensed, not the device.

Any thoughts/suggestions on this?

I'm planning to move our Active Directory services to the Azure. Currently have done setup the Domain Services on Azure, what's the best practice for deploying to users (i want to authenticate the user desktop login on my site) ?

Do i need to create site-to-site VPN for every branch or just open ports to the public IP ?

Many thanks

Hi!

I have this "simple" code:

        public static async Task<string> RetrieveTokenAsync()
        {
            var authContext = new AuthenticationContext("https://login.windows.net/MYTENANT.com/", true, new FileCache());
            try
            {
                AuthenticationResult result = null;
                result = await authContext.AcquireTokenAsync(Resource, ClientId, new Uri(RedirectUri),
                        new PlatformParameters(PromptBehavior.Auto), UserIdentifier.AnyUser, "domain_hint=MYTENTANT.com");
                if (result == null)
                {
                    throw new InvalidOperationException("Failed to obtain the JWT token");
                }
                // store token for reuse
                Console.WriteLine("AccessToken=" + result.AccessToken);
                return result.AccessToken;
            }
            catch (Exception ex)
            {
                throw new InvalidOperationException("Could not retrieve token.", ex);
            }
        }

        static void Main(string[] args)
        {
            try
            {
                RetrieveTokenAsync().Wait();
            }
        }	

When calling await authContext.AcquireTokenAsync in a computer that is not connected to Office 365 and I use an account belonging to an office365 account and I enter the user and password it crashes.

This only happens with that user and password... if I use another user but the same password then there is the same crash. So it seems that the problem is related to the password I use... quite strange. It's a simple password of 8 characters.

I tried compiling it against different versions of the Identity package but it's the same.

Any clue?

Thanks

We have developed a native app and a web API under the same AD (not a multi tenant solution), and configuring the apps as per the documentation - docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-configure-app-access-web-apis

the client application needs to access the web API As signed in user (delegate permissions) but we are still getting the error admin permission required when trying to sign in, screenshot attached

The only permission in the native app is AAD -> user.read

webapi -> user_impersonation

and they clearly state admin consent not required

Hi

I'm comparing the manifests for two App Registrations in AAD. One of them works* and one doesn't. 

Looking at them side by side, I can see two passwordCredentials entries with values like this (in the working one)

"customKeyIdentifier": "***************************" (the value is actually a long string of characters)

In the one that isn't working (I just get "Unauthorized" every time I call it) the values are null:

"customKeyIdentifier": null

This seems like it might be the cause of my problems so I was wondering what I'm doing wrong? How can I get a sensible value in there through the Azure UI?

Thanks

* i.e. our logic apps can use it to call a custom API (using JWT/OAuth) hosted on-premise)

I have a question.

We have an azure AD for domain "123". We have 2 webapplications connected to the AD (with enterprise applications).

All users have a seperate "123" accounts to login in the applications.Our users have there own on premise AD account. They prefer to login to the webapplications using there own on premise account. The domains are different (for example "456" and "789").

What would be the best way to make users connect with our 2 webapplications but with there own user credentials?

We only want to verifiy the users, so a domain user/admin from domain "123" shouldnt be abble to do things for domain "456" and vice versa.

Should we use the following:

https://docs.microsoft. com/nl-nl/azure/active-directory/hybrid/how-to-connect-install-custom

I am trying to get the access token from the azure AD using PowerShell script.
I have registered an app in the azure id and trying to use that app's client id and secret to retrieve the jwt token from the azure AD. 
In postman i am giving the following details to get the access token:

How to do the same in Powershell? 
I have tried different powershell scripts refered online including https://www.shawntabrizi.com/aad/azure-ad-authentication-with-powershell-and-adal/ this post. The Powershell Script it referred https://github.com/shawntabrizi/Azure-AD-Authentication-with-PowerShell-and-ADAL/blob/master/Native%20Client/RESTwithNATIVECLIENT.ps1 does not contain all the details i am using in postman to acquire the new access token. Can anybody help me in this?

Hi,

we tried to upgrade from dirsync to ad connect. Installation fails because ADSyncBootstrap service fails to start. Event id 0 is logged with the message:

Service cannot be started. System.ServiceModel.CommunicationObjectFaultedException: The communication object, System.ServiceModel.ServiceHost, cannot be used for communication because it is in the Faulted state.

   at System.ServiceModel.Channels.CommunicationObject.Close(TimeSpan timeout)

   at Microsoft.Azure.ActiveDirectory.ADSyncBootstrap.ADSyncBootstrap.OnStart(String[] args)

   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Any ideas? 

I'm currently wondering if there is any guidelines or solid information on Azure AD Domain Services for disaster recovery at all? So far I don't see any and just under the impression if I was to ever do a DR Test or Failover, it would deem the domain useless at that point. 

Example would be failing over VMs to another VNet that are replicating to another region in the event of a disaster and then would no longer have the Azure AD Domain I setup tied to the original VNet. I just want to confirm that this is not possible to do and that there is no plans yet to make this a possibility. That way I can plan ahead for any tests I need to do for disaster recovery. If that makes sense.

Thanks

I repeat my question because problem is still exist!

Currently portal configurations prevent me from using an "http" schema in Reply URL field. This restriction I don't see in other(I already worked with okta, auth0 and onelogin) identity providers only in Azure. More than that SAML specification doesn't describe this restriction! My intranet application has "http" prefix and I need ability to configure that kind of urls! I don't see any reason to require only urls with "https" schema.

 have a cordova application in which i am using Cordova plugin (cordova-plugin-ms-adal)Active Directory Authentication Library (ADAL) .I want to authenticate the user using Single Sign On feature of Microsoft Azure.The scenario which is working fine for me now is :- Working Scenario:- using the plugin as :-

var authContext = new Microsoft.ADAL.AuthenticationContext("https://login.windows.net/common");

authContext.acquireTokenAsync("https://graph.windows.net",ClientID, 'msal9314af11-xxxx-4058-xxxx-9f7e60c3d9d5://auth', '', '')

And in Response I am getting Response in Token and token Expiry Date Successfully:-

 console.log("Token acquired: " + authResponse.accessToken);
         console.log("Token will expire on: " + authResponse.expiresOn);

From the Above I am able to access the web api`s which is also hosted in Azure Active Directory.

Scenario Failed :- Using Brokered Authentication for Android using MS Adal Cordova Plugin I will Set the Below code

Microsoft.ADAL.AuthenticationSettings.setUseBroker(true); 
var authContext = new Microsoft.ADAL.AuthenticationContext("https://login.windows.net/common");

authContext.acquireTokenAsync("https://graph.windows.net",ClientID, 'msauth://PackageName/base64EncodeString', '', '')

And in Response I am getting Response in Token and token Expiry Date Successfully:-

console.log("Token acquired: " + authResponse.accessToken);
         console.log("Token will expire on: " + authResponse.expiresOn);

Using Microsoft.ADAL.AuthenticationSettings.setUseBroker(true); I am getting Enroll Device when i sign in to my microsoft account because the User is set in Conditional Access policy for Device Compliance. I will enroll the Device and Microsoft Intune is installed in my phone. The Enrollment is SuccessFull And i get my account to select the next time i open the app but the Web Api`s are Called I get the response from the Web API as Microsoft Sign In HTML Page in return . API is not returning json DATA which is Expected.