"Unable to fetch User Info" when authenticating against Azure AD

I have managed to wrangle my active directory team to add the necessary permissions to allow Rancher to authenticate to Azure AD, and for roughly 8 hours, I was able to assign users to projects and/or explicitly allow specific users/groups to log on.

However, something silently changed on the AD side, and now, while I still can log in (if I let any authenticatable user log in), I can no longer see groups, assign users to projects ,etc, I get messages similar to the following:

Am trying to debug this by looking at rancher logs, but can’t find anything conclusive, where can I start to look to debug this problem?