AOS loads AAD signing certificates during startup and doesn't refresh them afterwards. As a result, AOS stops trusting any authentication tokens when AAD switches to signing certificates that were not known when AOS started, and no users can login to AX.
This issue can be worked around by restarting all the AOS instances.
AOS binary update adds a process that regularly refreshes the list of trusted AAD certificates.
ID do Artigo: 4011809 - Última Revisão: 31/01/2017 - Revisão: 1