diff --git a/.semver b/.semver
index 3f0e75201..9e5aa43c9 100644
--- a/.semver
+++ b/.semver
@@ -1,5 +1,5 @@
 ---
 :major: 11
-:minor: 1
+:minor: 2
 :patch: 0
 :special: ''
diff --git a/composer.json b/composer.json
index 3a94372d7..54aab97aa 100644
--- a/composer.json
+++ b/composer.json
@@ -48,7 +48,8 @@
         "php-coveralls/php-coveralls": "^2.1",
         "league/oauth1-client": "^1.7",
         "cakephp/cakephp-codesniffer": "^4.0",
-        "web-auth/webauthn-lib": "v3.3.x-dev"
+        "web-auth/webauthn-lib": "^3.3",
+        "thenetworg/oauth2-azure": "^2.1"
     },
     "suggest": {
         "league/oauth1-client": "Provides Social Authentication with Twitter",
@@ -59,7 +60,8 @@
         "league/oauth2-linkedin": "Provides Social Authentication with LinkedIn",
         "google/recaptcha": "Provides reCAPTCHA validation for registration form",
         "robthree/twofactorauth": "Provides Google Authenticator functionality",
-        "cakephp/authorization": "Provide authorization for users"
+        "cakephp/authorization": "Provide authorization for users",
+        "thenetworg/oauth2-azure": "Provides Social Authentication with MS Azure"
     },
     "autoload": {
         "psr-4": {
@@ -94,5 +96,10 @@
         "rector": "rector process src/",
         "rector-setup": "cp composer.json composer.backup && composer require --dev rector/rector:^0.11.2 && mv composer.backup composer.json",
         "coverage-test": "phpunit --stderr --coverage-clover=clover.xml"
+    },
+    "config": {
+        "allow-plugins": {
+            "dealerdirect/phpcodesniffer-composer-installer": false
+        }
     }
 }
diff --git a/config/users.php b/config/users.php
index 23dfeb9d1..ebb64c76e 100644
--- a/config/users.php
+++ b/config/users.php
@@ -310,6 +310,16 @@
                     'scope' => 'email openid',
                 ],
             ],
+            'azure' => [
+                'service' => 'CakeDC\Auth\Social\Service\OAuth2Service',
+                'className' => 'TheNetworg\OAuth2\Client\Provider\Azure',
+                'mapper' => 'CakeDC\Auth\Social\Mapper\Azure',
+                'options' => [
+                    'redirectUri' => Router::fullBaseUrl() . '/auth/azure',
+                    'linkSocialUri' => Router::fullBaseUrl() . '/link-social/azure',
+                    'callbackLinkSocialUri' => Router::fullBaseUrl() . '/callback-link-social/azure',
+                ],
+            ],
         ],
     ],
 ];
diff --git a/src/Controller/Component/LoginComponent.php b/src/Controller/Component/LoginComponent.php
index 7ddbbf420..76794abd1 100644
--- a/src/Controller/Component/LoginComponent.php
+++ b/src/Controller/Component/LoginComponent.php
@@ -66,6 +66,11 @@ public function handleLogin($errorOnlyPost, $redirectFailure)
         if (!$service) {
             throw new \UnexpectedValueException('Authentication service not found in this request');
         }
+        $eventBefore = $this->getController()->dispatchEvent(Plugin::EVENT_BEFORE_LOGIN, []);
+        if (is_array($eventBefore->getResult())) {
+            return $this->getController()->redirect($eventBefore->getResult());
+        }
+
         $result = $service->getResult();
         if ($result->isValid()) {
             $user = $request->getAttribute('identity')->getOriginalData();
@@ -75,6 +80,8 @@ public function handleLogin($errorOnlyPost, $redirectFailure)
             return $this->afterIdentifyUser($user);
         }
         if ($request->is('post') || $errorOnlyPost === false) {
+            $this->getController()->dispatchEvent(Plugin::EVENT_AFTER_LOGIN_FAILURE, ['result' => $result]);
+
             return $this->handleFailure($redirectFailure);
         }
 
diff --git a/src/Plugin.php b/src/Plugin.php
index b39c99565..1a6056f78 100644
--- a/src/Plugin.php
+++ b/src/Plugin.php
@@ -29,7 +29,9 @@ class Plugin extends BasePlugin
      * @var string
      */
     protected $name = 'CakeDC/Users';
+    public const EVENT_BEFORE_LOGIN = 'Users.Authentication.beforeLogin';
     public const EVENT_AFTER_LOGIN = 'Users.Authentication.afterLogin';
+    public const EVENT_AFTER_LOGIN_FAILURE = 'Users.Authentication.afterLoginFailure';
     public const EVENT_BEFORE_LOGOUT = 'Users.Authentication.beforeLogout';
     public const EVENT_AFTER_LOGOUT = 'Users.Authentication.afterLogout';
 
diff --git a/tests/TestCase/Authenticator/SocialAuthenticatorTest.php b/tests/TestCase/Authenticator/SocialAuthenticatorTest.php
index 981f63ea2..d20ba65fc 100644
--- a/tests/TestCase/Authenticator/SocialAuthenticatorTest.php
+++ b/tests/TestCase/Authenticator/SocialAuthenticatorTest.php
@@ -26,8 +26,8 @@
 use CakeDC\Users\Exception\SocialAuthenticationException;
 use CakeDC\Users\Exception\UserNotActiveException;
 use CakeDC\Users\Model\Entity\User;
+use Laminas\Diactoros\Uri;
 use League\OAuth2\Client\Provider\FacebookUser;
-use Zend\Diactoros\Uri;
 
 /**
  * Test Case for SocialAuthenticator class
diff --git a/tests/TestCase/Controller/Traits/LinkSocialTraitTest.php b/tests/TestCase/Controller/Traits/LinkSocialTraitTest.php
index 30ed9fe7b..d5229da54 100644
--- a/tests/TestCase/Controller/Traits/LinkSocialTraitTest.php
+++ b/tests/TestCase/Controller/Traits/LinkSocialTraitTest.php
@@ -20,8 +20,8 @@
 use Cake\Http\ServerRequestFactory;
 use Cake\I18n\FrozenTime;
 use Cake\ORM\TableRegistry;
+use Laminas\Diactoros\Uri;
 use League\OAuth2\Client\Provider\FacebookUser;
-use Zend\Diactoros\Uri;
 
 class LinkSocialTraitTest extends BaseTraitTest
 {
diff --git a/tests/TestCase/Middleware/SocialAuthMiddlewareTest.php b/tests/TestCase/Middleware/SocialAuthMiddlewareTest.php
index 6bbb8e28d..c9889c527 100644
--- a/tests/TestCase/Middleware/SocialAuthMiddlewareTest.php
+++ b/tests/TestCase/Middleware/SocialAuthMiddlewareTest.php
@@ -26,9 +26,9 @@
 use CakeDC\Users\Exception\SocialAuthenticationException;
 use CakeDC\Users\Middleware\SocialAuthMiddleware;
 use Doctrine\Instantiator\Exception\UnexpectedValueException;
+use Laminas\Diactoros\Uri;
 use League\OAuth2\Client\Provider\FacebookUser;
 use TestApp\Http\TestRequestHandler;
-use Zend\Diactoros\Uri;
 
 class SocialAuthMiddlewareTest extends TestCase
 {
diff --git a/tests/TestCase/Middleware/SocialEmailMiddlewareTest.php b/tests/TestCase/Middleware/SocialEmailMiddlewareTest.php
index 3bfc954df..5232e736b 100644
--- a/tests/TestCase/Middleware/SocialEmailMiddlewareTest.php
+++ b/tests/TestCase/Middleware/SocialEmailMiddlewareTest.php
@@ -21,8 +21,8 @@
 use Cake\TestSuite\TestCase;
 use CakeDC\Auth\Social\Mapper\Facebook;
 use CakeDC\Users\Middleware\SocialEmailMiddleware;
+use Laminas\Diactoros\Uri;
 use League\OAuth2\Client\Provider\FacebookUser;
-use Zend\Diactoros\Uri;
 
 class SocialEmailMiddlewareTest extends TestCase
 {
diff --git a/tests/TestCase/Utility/UsersUrlTest.php b/tests/TestCase/Utility/UsersUrlTest.php
index 42db22eee..0e7379c70 100644
--- a/tests/TestCase/Utility/UsersUrlTest.php
+++ b/tests/TestCase/Utility/UsersUrlTest.php
@@ -17,7 +17,7 @@
 use Cake\Http\ServerRequestFactory;
 use Cake\TestSuite\TestCase;
 use CakeDC\Users\Utility\UsersUrl;
-use Zend\Diactoros\Uri;
+use Laminas\Diactoros\Uri;
 
 class UsersUrlTest extends TestCase
 {