Per [AAD document recommendation](https://azure.microsoft.com/en-us/documentation/articles/active-directory-protocols-oauth-code/#request-an-authorization-code), the state parameter is recommended for preventing CSRF
Per AAD document recommendation, the state parameter is recommended for preventing CSRF