diff --git a/8.0/BlazorWebAppOidc/BlazorWebAppOidc/Program.cs b/8.0/BlazorWebAppOidc/BlazorWebAppOidc/Program.cs
index 61d4f7e8..efe50f54 100644
--- a/8.0/BlazorWebAppOidc/BlazorWebAppOidc/Program.cs
+++ b/8.0/BlazorWebAppOidc/BlazorWebAppOidc/Program.cs
@@ -107,13 +107,13 @@
         // Set MapInboundClaims to "false" to obtain the original claim types from 
         // the token. Many OIDC servers use "name" and "role" (singular) rather 
         // than the SOAP/WS-Fed defaults in ClaimTypes. The following code uses 
-        // "name" and "roles" (plural) to match Entra ID for the name and role 
+        // "name" and "appRoles" to match Entra ID for the name and role 
         // claim types. Adjust these values if your identity provider uses 
         // different claim types.
 
         oidcOptions.MapInboundClaims = false;
         oidcOptions.TokenValidationParameters.NameClaimType = JwtRegisteredClaimNames.Name;
-        oidcOptions.TokenValidationParameters.RoleClaimType = "roles";
+        oidcOptions.TokenValidationParameters.RoleClaimType = "appRoles";
         // ........................................................................
 
         // ........................................................................
diff --git a/8.0/BlazorWebAppOidcBff/BlazorWebAppOidc/Program.cs b/8.0/BlazorWebAppOidcBff/BlazorWebAppOidc/Program.cs
index 73fe04ea..013ecb7b 100644
--- a/8.0/BlazorWebAppOidcBff/BlazorWebAppOidc/Program.cs
+++ b/8.0/BlazorWebAppOidcBff/BlazorWebAppOidc/Program.cs
@@ -124,13 +124,13 @@
         // Set MapInboundClaims to "false" to obtain the original claim types from 
         // the token. Many OIDC servers use "name" and "role" (singular) rather 
         // than the SOAP/WS-Fed defaults in ClaimTypes. The following code uses 
-        // "name" and "roles" (plural) to match Entra ID for the name and role 
+        // "name" and "appRoles" to match Entra ID for the name and role 
         // claim types. Adjust these values if your identity provider uses 
         // different claim types.
 
         oidcOptions.MapInboundClaims = false;
         oidcOptions.TokenValidationParameters.NameClaimType = JwtRegisteredClaimNames.Name;
-        oidcOptions.TokenValidationParameters.RoleClaimType = "roles";
+        oidcOptions.TokenValidationParameters.RoleClaimType = "appRoles";
         // ........................................................................
 
         // ........................................................................