And you all made sure that the callback URL as defined when setting up the account is the same as the one you have provided in your app registration in Azure? From the screenshot it is hard to see what the callback URL was.
We had a similar issue to this ourselves and the ultimate cause was by a SameSite Cookie being set to strict.
Mendix support suggested that ...
SameSite=Strict. Those cookies will not be sent when cross-site redirection happens, which results in
null session in java action during OAuth flow.
Lax will allow the browser to send session-related cookies, even when cross-site redirection occurs (only when the user is navigating to the origin).
SameSite attribute value as
Strict to prevent CSRF attacks. However, setting it to
LAX will still prevent CSRF (up to some extent).
We had a subsequent issue where our Azure username and email address differed e.g. firstname.lastname@example.org and email@example.com .
When the OAuth authenticate receives the payload, it takes the email address and overwrites the EmailSettings.UserName. Then when trying to send a test email; it will use the email address as the user name. (2 options to fix this, change Azure emailaddress to username or hack the EmailTemplates module to set appropriately)
As Ronald Mention within the comments which initially caught us before this issue.