A protected app pointing to portal.azure.com using Microsoft Entra authentication is not currently supported in the iframe widget. Entra requires the client_secret param be passed, but this is not configurable in the iframe.

Request is for support to be added for a secure way to achieve this auth flow without having to pass client_secret param.