While developing an Azure web app that uses Azure AD integration, I ran into a mysterious redirect loop, first on my wife's phone while trying to show it off (embarrassing!) and then again at work. Turns out that if you don't specify https, the Microsoft sign-in page keeps redirecting back to the app and vice-versa. Took me a little while to figure this out, thanks to tugberkugurlu for finding the solution! An IIS URL Rewrite rule to force https solved the problem immediately.