MSAL Modern Auth (OAuth 2.0) for personnal accounts

New Contributor


I am trying to use @azure/msal-node on a node backend server. 
all work fine for business accounts but not for personnal accounts like

according to this documentation, Authentication seems to be possible

But i don't understand if my problem come from azure AD configuration or from my code.'/connect', function (req, res) {
  let authCodeUrlParameters = {
    scopes: SCOPES_OUTLOOK,
    redirectUri: "http://localhost:4220/redirect",
  publicMicrosoftClient.getAuthCodeUrl(authCodeUrlParameters).then((response) => {
    if ( {
      response += `&login_hint=${}`
  }).catch((error) => console.log(JSON.stringify(error)));

exp.get('/redirect', async function (req, res) {
  try {
    const form = {
      'code': req.query.code,
      'client_id': CLIENT_ID_OUTLOOK,
      'scope': SCOPES_OUTLOOK.join(' '),
      'redirect_uri': 'http://localhost:4220/outlookOauth2',
      'grant_type': 'authorization_code',
      'client_secret': encodeURI(SECRET_VALUE_OUTLOOK),

    const options = {
      url: '',
      headers: {
        'Content-Type': 'application/x-www-form-urlencoded',
      method: 'post',

    response = await got(options, { form });
    respToken = response.body
  } catch (error) {


the error come from ...v2.0/token request. the server response doesn't really help (error 400 bad request)


in azure AD we have app registered and all required scope with status granted.
Thank you in advance for your help,

2 Replies



Did you select below mentioned Account Type while you create App Registration in Azure?




If you are not sure then you can validate it in Authentication section of your Azure App Registration as shown in below steps




If you have missed to select that account type while creating application then you won't see it in above screen shot, you can update it directly and you need to update it using manifest editor. 


You can click on Manifest and update "signInAudience" value to "AzureADandPersonalMicrosoftAccount"







Hope it will helpful to you and if so then Please mark my response as Best Response & Like to help others in this community



Thank you for your help,

Unfortunately, we allready have this configuration in azureAD. 

However, your answer, helped me to look for documentation on manifest properties. And i came across this page (which define the needed properties with AzureADandPersonalMicrosoftAccount)

But this doesn't explain why token request work in particular case and not in others....