Currently, F5 Distributed Cloud requires manual management of JWKS for JWT validation. When configuring JWT validation (for example, on an HTTP Load Balancer), you must manually copy and paste the JSON Web Key Set (JWKS) into the configuration. There is no built-in feature to automatically fetch and refresh JWKS from a remote endpoint, which Microsoft recommends to do every 24 hours: https://learn.microsoft.com/en-us/entra/identity-platform/access-tokens

This means that when your JWKS rotates (as is common with providers like Microsoft/Azure AD), you must manually update the JWKS in the F5 XC configuration to prevent JWT validation failures.

Without automated JWKS updates, service failures in the future for any website that implements JWT validation via F5 XC is guaranteed.