What is the currently working and correct way to set up an Azure Application that allows MSA signin?

Scenario: (Azure-hosted) Web App. Users should be able to sign in to my app using a Microsoft Account (i.e. @live.com, @hotmail.com, etc accounts) that has one or more Azure subscriptions. The application would then allow them to view and manage their Azure resources in specific ways through my app.

Points of confusion/frustration:

1. ADAL vs MSAL for authentication
2. Azure AD vs Azure AD B2C for the tenant hosting the application
3. Where do you register the tenant app? In the AD B2C under "App Registrations"? In a regular AD under "App Registrations (Preview)"? On the App Registration Portal (i.e. apps.dev.microsoft.com)?
4. Which of the above client ID & secret do you use in the web app (in the .config file)?

The documentation for none of these seem to cover the scenario end-to-end and most of it is completely out of sync with other developments.

I am hoping here to get some point of guidance from other developers that have actually gone through this journey themselves (rather than folks that just read the documentation). In specific, I am hoping to get answers from the Azure CXP team that monitors these questions and provides official & supported answers.

Your scenario requires access to Azure APIs, thus you have to make the logins against "regular" AAD, not B2C. You can't make your logins against MSA accounts directly as they must be members of an AAD to have access to subscriptions.

You can use either ADAL or MSAL to handle the authentication. Note you must use v2.0 endpoint for MSAL and the "v1" endpoint for ADAL. See limitations of the v2 endpoint here: https://learn.microsoft.com/en-us/azure/active-directory/develop/azure-ad-endpoint-comparison.

You register it under Azure portal -> Azure Active Directory -> App registrations. You can also use the preview version if you want.

You will need the application id (= client id) + a key (secret) from the app registration.