Microsoft Azure Active Directory uses open industry standard protocols such as OAuth2 and OpenID Connect. The OAuth2 working group recently released a draft of the best practices on how to secure applications using OAuth2 and OpenID Connect. In this document there are proposed changes to how the OAuth2 working group recommends authenticating users in JavaScript Single Page Applications (SPA). Customers using Azure Active Directory are asking us if this impacts their current SPA implementations and if there is any reason for concern.