Late to the party but for other having the same problem. For me the following worked:

I changed my code from this:

builder.Services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
             .AddMicrosoftIdentityWebApi(builder.Configuration.GetSection("AzureAd"));

to this:

// Add services to the container.
builder.Services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
    .AddMicrosoftIdentityWebApi(options =>
    {
        builder.Configuration.Bind("AzureAd", options);
        
        // Configure events for SignalR
        options.Events = new JwtBearerEvents
        {
            OnMessageReceived = context =>
            {
                // Check if the request is for SignalR and has a query string token
                if (context.Request.Path.StartsWithSegments("/syncProgressHub") &&
                    context.Request.Query.ContainsKey("access_token"))
                {
                    // Read the access token from the query string
                    context.Token = context.Request.Query["access_token"];
                }
                return Task.CompletedTask;
            }
        };
    }, 
    options => builder.Configuration.Bind("AzureAd", options));