XSS filter breaks submission of token for ADAL authentication in Internet Explorer 11

After you apply security update 3065822 or a later cumulative update for Internet Explorer 11, the cross-site-scripting (XSS) filter may prevent submission of token content that's required in order to perform Active Directory Authentication Library (ADAL) authentication. For example, users may report the display of a hash ("#") symbol on the webpage when they try to access Office 365.
To fix this issue, install the most recent cumulative security update for Internet Explorer. To do this, go to Microsoft Update. Additionally, see the technical information about the most recent cumulative security update for Internet Explorer.

Note This update was first included in the MS16-023: Security update for Internet Explorer: March 8, 2016.
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
Learn about the terminology that Microsoft uses to describe software updates.
Note This is a "FAST PUBLISH" article created directly from within the Microsoft support organization. The information contained herein is provided as-is in response to emerging issues. As a result of the speed in making it available, the materials may include typographical errors and may be revised at any time without notice. See Terms of Use for other considerations.

Article ID: 3144816 - Last Review: 03/08/2016 17:31:00 - Revision: 1.0

Internet Explorer 11

  • kbqfe kbsurveynew kbfix kbexpertiseinter KB3144816