Connect-MgGraph 'InteractiveBrowserCredential authentication failed' Elevated PowerShell Window

[msbkmr]

Describe the bug

I am trying Connect-MgGraph in an elevated PowerShell session but am receiving a 'InteractiveBrowserCredential authentication failed' error. I can connect successfully in a non-elevated session.

Expected behavior

Successfully authenticate to Microsoft Graph with WAM.

How to reproduce

1. Open elevated PowerShell session
2. Install Microsoft.Graph version 2.34.0
3. Run Connect-MgGraph
4. Receive 'InteractiveBrowserCredential authentication failed' error

Connect-MgGraph
WARNING: Note: Sign in by Web Account Manager (WAM) is enabled by default on Windows. If using an embedded terminal, the interactive browser window may be hidden behind other windows. Connect-MgGraph: InteractiveBrowserCredential authentication failed:

SDK Version

2.34.0

Latest version known to work for scenario above?

2.34.0

Known Workarounds

Version prior to 2.34.0 allow browser authentication and don't force WAM.

Debug output

Click to expand log

```

Connect-MgGraph -debug
WARNING: Note: Sign in by Web Account Manager (WAM) is enabled by default on Windows. If using an embedded terminal, the interactive browser window may be hidden behind other windows.

Confirm
Continue with this operation?
[Y] Yes [A] Yes to All [H] Halt Command [S] Suspend [?] Help (default is "Y"): Y
DEBUG: InteractiveBrowserCredential.Authenticate invoked. Scopes: [ User.Read ] ParentRequestId:
DEBUG: Executing interactive authentication workflow inline.
DEBUG: False MSAL 4.78.0.0 MSAL.CoreCLR .NET 9.0.10 Microsoft Windows 10.0.26200 [2025-12-31 21:14:04Z - 83671043-86e7-44d1-bc8e-aef396d4586a] MSAL MSAL.CoreCLR with assembly version '4.78.0.0'. CorrelationId(83671043-86e7-44d1-bc8e-aef396d4586a)
DEBUG: False MSAL 4.78.0.0 MSAL.CoreCLR .NET 9.0.10 Microsoft Windows 10.0.26200 [2025-12-31 21:14:04Z - 83671043-86e7-44d1-bc8e-aef396d4586a] === InteractiveParameters Data ===
LoginHint provided: False
User provided: False
UseEmbeddedWebView: NotSpecified
ExtraScopesToConsent:
Prompt: select_account
HasCustomWebUi: False
DEBUG: False MSAL 4.78.0.0 MSAL.CoreCLR .NET 9.0.10 Microsoft Windows 10.0.26200 [2025-12-31 21:14:04Z - 83671043-86e7-44d1-bc8e-aef396d4586a]
=== Request Data ===
Authority Provided? - True
Scopes - User.Read
Extra Query Params Keys (space separated) -
ApiId - AcquireTokenInteractive
IsConfidentialClient - False
SendX5C - False
LoginHint ? False
IsBrokerConfigured - True
HomeAccountId - False
CorrelationId - 83671043-86e7-44d1-bc8e-aef396d4586a
UserAssertion set: False
LongRunningOboCacheKey set: False
Region configured:
FMI Path:
Credential FMI Path:

DEBUG: False MSAL 4.78.0.0 MSAL.CoreCLR .NET 9.0.10 Microsoft Windows 10.0.26200 [2025-12-31 21:14:04Z - 83671043-86e7-44d1-bc8e-aef396d4586a] === Token Acquisition (InteractiveRequest) started:
Scopes: User.Read
Authority Host: login.microsoftonline.com
DEBUG: False MSAL 4.78.0.0 MSAL.CoreCLR .NET 9.0.10 Microsoft Windows 10.0.26200 [2025-12-31 21:14:04Z - 83671043-86e7-44d1-bc8e-aef396d4586a] [Instance Discovery] Instance discovery is enabled and will be performed
DEBUG: False MSAL 4.78.0.0 MSAL.CoreCLR .NET 9.0.10 Microsoft Windows 10.0.26200 [2025-12-31 21:14:04Z - 83671043-86e7-44d1-bc8e-aef396d4586a] [Region discovery] Not using a regional authority.
DEBUG: False MSAL 4.78.0.0 MSAL.CoreCLR .NET 9.0.10 Microsoft Windows 10.0.26200 [2025-12-31 21:14:04Z - 83671043-86e7-44d1-bc8e-aef396d4586a] Broker is configured. Starting broker flow without knowing the broker installation app link.
DEBUG: False MSAL 4.78.0.0 MSAL.CoreCLR .NET 9.0.10 Microsoft Windows 10.0.26200 [2025-12-31 21:14:04Z] [Runtime] Broker supported OS.
DEBUG: False MSAL 4.78.0.0 MSAL.CoreCLR .NET 9.0.10 Microsoft Windows 10.0.26200 [2025-12-31 21:14:04Z - 83671043-86e7-44d1-bc8e-aef396d4586a] Can invoke broker. Will attempt to acquire token with broker.
DEBUG: False MSAL 4.78.0.0 MSAL.CoreCLR .NET 9.0.10 Microsoft Windows 10.0.26200 [2025-12-31 21:14:04Z] [RuntimeBroker] Calling SignInInteractivelyAsync this will show the account picker.
DEBUG: False MSAL 4.78.0.0 MSAL.CoreCLR .NET 9.0.10 Microsoft Windows 10.0.26200 [2025-12-31 21:14:04Z] [MSAL:0008] INFO SetAuthorityUri:78 Initializing authority from URI 'https://login.microsoftonline.com/common/' without authority type, defaulting to MsSts
DEBUG: False MSAL 4.78.0.0 MSAL.CoreCLR .NET 9.0.10 Microsoft Windows 10.0.26200 [2025-12-31 21:14:04Z] [MSAL:0009] INFO SetCorrelationId:259 Set correlation ID: 83671043-86e7-44d1-bc8e-aef396d4586a
DEBUG: False MSAL 4.78.0.0 MSAL.CoreCLR .NET 9.0.10 Microsoft Windows 10.0.26200 [2025-12-31 21:14:04Z] [MSAL:0009] INFO ExecuteInteractiveRequest:1191 The original authority is 'https://login.microsoftonline.com/common'
DEBUG: False MSAL 4.78.0.0 MSAL.CoreCLR .NET 9.0.10 Microsoft Windows 10.0.26200 [2025-12-31 21:14:04Z] [MSAL:0009] WARNING TryNormalizeRealm:2471 No HomeAccountId provided to normalize the realm
DEBUG: False MSAL 4.78.0.0 MSAL.CoreCLR .NET 9.0.10 Microsoft Windows 10.0.26200 [2025-12-31 21:14:04Z] [MSAL:0009] INFO ExecuteInteractiveRequest:1202 The normalized realm is ''
DEBUG: False MSAL 4.78.0.0 MSAL.CoreCLR .NET 9.0.10 Microsoft Windows 10.0.26200 [2025-12-31 21:14:04Z] [MSAL:0009] INFO ModifyAndValidateAuthParameters:200 Additional query parameter added successfully. Key: '(pii)' Value: '(pii)'
DEBUG: False MSAL 4.78.0.0 MSAL.CoreCLR .NET 9.0.10 Microsoft Windows 10.0.26200 [2025-12-31 21:14:04Z] [MSAL:0009] INFO ModifyAndValidateAuthParameters:200 Additional query parameter added successfully. Key: '(pii)' Value: '(pii)'
DEBUG: False MSAL 4.78.0.0 MSAL.CoreCLR .NET 9.0.10 Microsoft Windows 10.0.26200 [2025-12-31 21:14:04Z] [MSAL:0009] INFO ModifyAndValidateAuthParameters:223 Authority Realm: common
DEBUG: False MSAL 4.78.0.0 MSAL.CoreCLR .NET 9.0.10 Microsoft Windows 10.0.26200 [2025-12-31 21:14:04Z] [MSAL:0009] WARNING TryEnqueueMsaDeviceCredentialAcquisitionAndContinue:1084 MsaDeviceOperationProvider is not available. Not attempting to register the device.
DEBUG: False MSAL 4.78.0.0 MSAL.CoreCLR .NET 9.0.10 Microsoft Windows 10.0.26200 [2025-12-31 21:14:04Z] [MSAL:0003] WARNING ReturnResponseDueToMissingParameter:716 Attempted to read cache with a non-normalized realm, access token and ID token reads will fail
DEBUG: False MSAL 4.78.0.0 MSAL.CoreCLR .NET 9.0.10 Microsoft Windows 10.0.26200 [2025-12-31 21:14:04Z] [MSAL:0003] WARNING ReturnResponseDueToMissingParameter:742 Missing Required parameters, but found no account to return.
DEBUG: False MSAL 4.78.0.0 MSAL.CoreCLR .NET 9.0.10 Microsoft Windows 10.0.26200 [2025-12-31 21:14:04Z] [MSAL:0003] WARNING ReadAccountById:273 Account id is empty - account not found
DEBUG: False MSAL 4.78.0.0 MSAL.CoreCLR .NET 9.0.10 Microsoft Windows 10.0.26200 [2025-12-31 21:14:04Z] [MSAL:0003] INFO GetCurrentWindowHandleForUIFlow:495 Specified brokerWindowHandle is valid.
DEBUG: False MSAL 4.78.0.0 MSAL.CoreCLR .NET 9.0.10 Microsoft Windows 10.0.26200 [2025-12-31 21:14:04Z] [MSAL:0010] ERROR ErrorInternalImpl:134 Created an error: 55xnl, StatusInternal::Unexpected, InternalEvent::None, Error Code -2147023584, Context 'Unexpected exception while waiting for accounts control to finish: '(pii)''
DEBUG: False MSAL 4.78.0.0 MSAL.CoreCLR .NET 9.0.10 Microsoft Windows 10.0.26200 [2025-12-31 21:14:04Z] [MSAL:0010] INFO LogTelemetryData:456 Printing Telemetry for Correlation ID: 83671043-86e7-44d1-bc8e-aef396d4586a
DEBUG: False MSAL 4.78.0.0 MSAL.CoreCLR .NET 9.0.10 Microsoft Windows 10.0.26200 [2025-12-31 21:14:04Z] [MSAL:0010] INFO LogTelemetryData:464 Key: start_time, Value: 2025-12-31T21:14:04.000Z
DEBUG: False MSAL 4.78.0.0 MSAL.CoreCLR .NET 9.0.10 Microsoft Windows 10.0.26200 [2025-12-31 21:14:04Z] [MSAL:0010] INFO LogTelemetryData:464 Key: api_name, Value: SignInInteractively
DEBUG: False MSAL 4.78.0.0 MSAL.CoreCLR .NET 9.0.10 Microsoft Windows 10.0.26200 [2025-12-31 21:14:04Z] [MSAL:0010] INFO LogTelemetryData:464 Key: was_request_throttled, Value: false
DEBUG: False MSAL 4.78.0.0 MSAL.CoreCLR .NET 9.0.10 Microsoft Windows 10.0.26200 [2025-12-31 21:14:04Z] [MSAL:0010] INFO LogTelemetryData:464 Key: authority_type, Value: Unknown
DEBUG: False MSAL 4.78.0.0 MSAL.CoreCLR .NET 9.0.10 Microsoft Windows 10.0.26200 [2025-12-31 21:14:04Z] [MSAL:0010] INFO LogTelemetryData:464 Key: msal_version, Value: 1.1.0+local
DEBUG: False MSAL 4.78.0.0 MSAL.CoreCLR .NET 9.0.10 Microsoft Windows 10.0.26200 [2025-12-31 21:14:04Z] [MSAL:0010] INFO LogTelemetryData:464 Key: api_status_code, Value: StatusInternal::Unexpected
DEBUG: False MSAL 4.78.0.0 MSAL.CoreCLR .NET 9.0.10 Microsoft Windows 10.0.26200 [2025-12-31 21:14:04Z] [MSAL:0010] INFO LogTelemetryData:464 Key: client_id, Value: 14d82eec-204b-4c2f-b7e8-296a70dab67e
DEBUG: False MSAL 4.78.0.0 MSAL.CoreCLR .NET 9.0.10 Microsoft Windows 10.0.26200 [2025-12-31 21:14:04Z] [MSAL:0010] INFO LogTelemetryData:464 Key: correlation_id, Value: 83671043-86e7-44d1-bc8e-aef396d4586a
DEBUG: False MSAL 4.78.0.0 MSAL.CoreCLR .NET 9.0.10 Microsoft Windows 10.0.26200 [2025-12-31 21:14:04Z] [MSAL:0010] INFO LogTelemetryData:464 Key: broker_app_used, Value: true
DEBUG: False MSAL 4.78.0.0 MSAL.CoreCLR .NET 9.0.10 Microsoft Windows 10.0.26200 [2025-12-31 21:14:04Z] [MSAL:0010] INFO LogTelemetryData:464 Key: stop_time, Value: 2025-12-31T21:14:04.000Z
DEBUG: False MSAL 4.78.0.0 MSAL.CoreCLR .NET 9.0.10 Microsoft Windows 10.0.26200 [2025-12-31 21:14:04Z] [MSAL:0010] INFO LogTelemetryData:464 Key: all_error_tags, Value: 55xnl
DEBUG: False MSAL 4.78.0.0 MSAL.CoreCLR .NET 9.0.10 Microsoft Windows 10.0.26200 [2025-12-31 21:14:04Z] [MSAL:0010] INFO LogTelemetryData:464 Key: msalruntime_version, Value: 0.19.4
DEBUG: False MSAL 4.78.0.0 MSAL.CoreCLR .NET 9.0.10 Microsoft Windows 10.0.26200 [2025-12-31 21:14:04Z] [MSAL:0010] INFO LogTelemetryData:464 Key: original_authority, Value: https://login.microsoftonline.com/common
DEBUG: False MSAL 4.78.0.0 MSAL.CoreCLR .NET 9.0.10 Microsoft Windows 10.0.26200 [2025-12-31 21:14:04Z] [MSAL:0010] INFO LogTelemetryData:464 Key: additional_query_parameters_count, Value: 2
DEBUG: False MSAL 4.78.0.0 MSAL.CoreCLR .NET 9.0.10 Microsoft Windows 10.0.26200 [2025-12-31 21:14:04Z] [MSAL:0010] INFO LogTelemetryData:464 Key: read_token_last_error, Value: missing required parameter
DEBUG: False MSAL 4.78.0.0 MSAL.CoreCLR .NET 9.0.10 Microsoft Windows 10.0.26200 [2025-12-31 21:14:04Z] [MSAL:0010] INFO LogTelemetryData:464 Key: request_eligible_for_broker, Value: true
DEBUG: False MSAL 4.78.0.0 MSAL.CoreCLR .NET 9.0.10 Microsoft Windows 10.0.26200 [2025-12-31 21:14:04Z] [MSAL:0010] INFO LogTelemetryData:464 Key: auth_flow, Value: Broker
DEBUG: False MSAL 4.78.0.0 MSAL.CoreCLR .NET 9.0.10 Microsoft Windows 10.0.26200 [2025-12-31 21:14:04Z] [MSAL:0010] INFO LogTelemetryData:464 Key: ui_event_count, Value: 1
DEBUG: False MSAL 4.78.0.0 MSAL.CoreCLR .NET 9.0.10 Microsoft Windows 10.0.26200 [2025-12-31 21:14:04Z] [MSAL:0010] INFO LogTelemetryData:464 Key: authorization_type, Value: Interactive
DEBUG: False MSAL 4.78.0.0 MSAL.CoreCLR .NET 9.0.10 Microsoft Windows 10.0.26200 [2025-12-31 21:14:04Z] [MSAL:0010] INFO LogTelemetryData:464 Key: api_error_code, Value: -2147023584
DEBUG: False MSAL 4.78.0.0 MSAL.CoreCLR .NET 9.0.10 Microsoft Windows 10.0.26200 [2025-12-31 21:14:04Z] [MSAL:0010] INFO LogTelemetryData:464 Key: api_error_tag, Value: 55xnl
DEBUG: False MSAL 4.78.0.0 MSAL.CoreCLR .NET 9.0.10 Microsoft Windows 10.0.26200 [2025-12-31 21:14:04Z] [MSAL:0010] INFO LogTelemetryData:464 Key: api_error_context, Value: Unexpected exception while waiting for accounts control to finish: '(pii)'
DEBUG: False MSAL 4.78.0.0 MSAL.CoreCLR .NET 9.0.10 Microsoft Windows 10.0.26200 [2025-12-31 21:14:04Z] [MSAL:0010] INFO LogTelemetryData:464 Key: is_successful, Value: false
DEBUG: False MSAL 4.78.0.0 MSAL.CoreCLR .NET 9.0.10 Microsoft Windows 10.0.26200 [2025-12-31 21:14:04Z] [MSAL:0010] INFO LogTelemetryData:464 Key: request_duration, Value: 24
DEBUG: False MSAL 4.78.0.0 MSAL.CoreCLR .NET 9.0.10 Microsoft Windows 10.0.26200 [2025-12-31 21:14:04Z] [MSAL:0010] INFO LogTelemetryData:469 Printing Execution Flow:
DEBUG: False MSAL 4.78.0.0 MSAL.CoreCLR .NET 9.0.10 Microsoft Windows 10.0.26200 [2025-12-31 21:14:04Z] [MSAL:0010] INFO LogTelemetryData:477 {"t":"646u1","tid":9,"ts":0,"l":2},{"t":"4s7ub","tid":9,"ts":1,"l":2},{"t":"4sufd","tid":9,"ts":1,"s":2,"l":2},{"t":"4swgg","tid":9,"ts":1,"s":3,"l":2},{"t":"4swgf","tid":9,"ts":1,"s":1,"l":2},{"t":"4swgi","tid":3,"ts":1,"s":3,"l":2},{"t":"8dqim","tid":3,"ts":1,"l":2},{"t":"8dqkl","tid":3,"ts":1,"l":2,"a":9,"ie":0},{"t":"4ly8o","tid":3,"ts":1,"l":2},{"t":"54uxd","tid":9,"ts":3,"l":2},{"t":"8dqkn","tid":10,"ts":20,"l":2,"a":5,"ie":1},{"t":"8dqko","tid":10,"ts":20,"l":2,"a":9,"ie":1},{"t":"646u1","tid":10,"ts":20,"l":2}
DEBUG: False MSAL 4.78.0.0 MSAL.CoreCLR .NET 9.0.10 Microsoft Windows 10.0.26200 [2025-12-31 21:14:04Z] [RuntimeBroker] Could not sign in interactively. Status: Unexpected
Error: 0xffffffff80070520
Context: Unexpected exception while waiting for accounts control to finish: '(pii)'
Tag: 0x1f7d734b
DEBUG: False MSAL 4.78.0.0 MSAL.CoreCLR .NET 9.0.10 Microsoft Windows 10.0.26200 [2025-12-31 21:14:04Z] [RuntimeBroker] Processing WAM exception
DEBUG: False MSAL 4.78.0.0 MSAL.CoreCLR .NET 9.0.10 Microsoft Windows 10.0.26200 [2025-12-31 21:14:04Z - 83671043-86e7-44d1-bc8e-aef396d4586a] Exception type: Microsoft.Identity.Client.MsalServiceException
, ErrorCode: unknown_broker_error
HTTP StatusCode 0
CorrelationId 83671043-86e7-44d1-bc8e-aef396d4586a
To see full exception details, enable PII Logging. See https://aka.ms/msal-net-logging
at Microsoft.Identity.Client.Platforms.Features.RuntimeBroker.WamAdapters.HandleResponse(AuthResult authResult, AuthenticationRequestParameters authenticationRequestParameters, ILoggerAdapter logger, String errorMessage)
at Microsoft.Identity.Client.Platforms.Features.RuntimeBroker.RuntimeBroker.SignInInteractivelyAsync(AuthenticationRequestParameters authenticationRequestParameters)
at Microsoft.Identity.Client.Platforms.Features.RuntimeBroker.RuntimeBroker.AcquireTokenInteractiveAsync(AuthenticationRequestParameters authenticationRequestParameters, AcquireTokenInteractiveParameters acquireTokenInteractiveParameters)
at Microsoft.Identity.Client.Internal.Broker.BrokerInteractiveRequestComponent.FetchTokensAsync(CancellationToken cancellationToken)
at Microsoft.Identity.Client.Internal.Requests.InteractiveRequest.FetchTokensFromBrokerAsync(String brokerInstallUrl, CancellationToken cancellationToken)
at Microsoft.Identity.Client.Internal.Requests.InteractiveRequest.GetTokenResponseAsync(CancellationToken cancellationToken)
at Microsoft.Identity.Client.Internal.Requests.InteractiveRequest.ExecuteAsync(CancellationToken cancellationToken)
at Microsoft.Identity.Client.Internal.Requests.RequestBase.<>c__DisplayClass11_1.<b__1>d.MoveNext()
--- End of stack trace from previous location ---
at Microsoft.Identity.Client.Utils.StopwatchService.MeasureCodeBlockAsync(Func`1 codeBlock)
at Microsoft.Identity.Client.Internal.Requests.RequestBase.RunAsync(CancellationToken cancellationToken)

DEBUG: InteractiveBrowserCredential.Authenticate was unable to retrieve an access token. Scopes: [ User.Read ] ParentRequestId: Exception: Azure.Identity.AuthenticationFailedException (0x80131500): InteractiveBrowserCredential authentication failed:
---> Microsoft.Identity.Client.MsalServiceException (0x80131500): Unknown Status: Unexpected
Error: 0xffffffff80070520
Context: Unexpected exception while waiting for accounts control to finish: '(pii)'
Tag: 0x1f7d734b (error code -2147023584) (internal error code 528315211)
Connect-MgGraph: InteractiveBrowserCredential authentication failed:

</details>


### Configuration

Windows 11 25H2 Enterprise x64

<img width="432" height="205" alt="Image" src="https://github.com/user-attachments/assets/c77ee9bb-909d-48f2-a1ff-913ddc99d3f7" />

### Other information

_No response_