If you utilize the UserPrincipalName parameter, you need not use the AzureADAuthorizationEndpointUri parameter for MFA or federated end users in environments that Generally involve it (UserPrincipalName or AzureADAuthorizationEndpointUri is needed; Alright to implement both).Utilizing this swap results in an on-screen message that contains the URL