Azure Active Directory B2C (Azure AD B2C)provides business-to-customer identity as a service to get single sign-on access to your applications and APIs. This provides an authorization layer for applications hosted behind Application Gateway and Azure Front Door. However, some false positives may occur during the final authentication process.
When working on false positives, a good practice is to look out for results witha similar tracking reference. (SeeUnderstanding WAF logs). Tracking references give an overall idea of the added scores that led to a block. This can be seen in logs withaction_sfor a “block” entry, followed by a series ofaction_sfor “Anomaly scoring”. By creating an exclusion on the matched field, you can effectively reduce the score and remediate the false positive.