- Maximum 200 groups will be included in the Azure AD JWT. For more than 200 groups, consider using Application Roles
- Groups created in Azure AD can only be included by their ObjectID and not name, as
sAMAccountNameis only available for groups synchronized from Active Directory
kubeloginmay not work with MSI when run in Azure Container Instance
- On AKS, service principal login mode will only work with managed AAD, not legacy AAD.
- Device code login mode does not work when Conditional Access policy is configured on Azure AD tenant. Use web browser interactive instead.