With new V227 we adjusted the Azure login with new parameters and the possibility to retrieve users information.
Please update your HSNM to V227 and set the External custom oauth like this:
Where URL to Require the Initial Token and URL to Require the URL of the Access Token are: https://login.microsoftonline.com/commo ... v2.0/token
URL of the Redirect Server is https://login.microsoftonline.com/commo ... ate={STATE}
URL of the API that Returns the User's Data is https://graph.microsoft.com/v1.0/me
And add those Walled Garden to permet it from a Gw:
*login.microsoftonline.com*
*.msidentity.com*
*.trafficmanager.net*
*.msftauth.net*
login.live.com*
*akadns.net*
*.omegacdn.net*