Unique SAML issuer required for each application within the same EntraID account

Question

We have an EntraID (formerly Azure) account containing multiple enterprise applications, configurable for SAML under the Single sign-on menu option. Unfortunately, unlike Okta, the Issuer for all applications (referred to as Microsoft Entra Identifier) is the same, such as https://sts.windows.net/<TenantIdGUID> (as documented in EntraID's Single Sign-Out SAML Protocol). This uniformity poses challenges in identifying the specific application during callbacks.

Fortunately, we discovered an advanced option called Append application ID to issuer (detailed in Advanced SAML claims options). This feature promises to ensure the uniqueness of the required identifier by appending the application ID to the existing issuer. However, for reasons unknown, this functionality only applies to responses to login (authentication) requests and not to logout requests (as observed below). Do you have any insights into why this might be the case? Or some alternate solution ?

Login response sketch: issuer is https://sts.windows.net/<TenantIdGUID>/<Application ID>.

<Response xmlns="urn:oasis:names:tc:SAML:2.0:protocol" 
 ID="_debb339a-62e0-40b6-ab56-a2a070062e8b" 
 Version="2.0" IssueInstant="2024-03-04T12:39:15.289Z" 
 Destination="https://192.168.14.2:8081/api/2/saml/callback" 
 InResponseTo="_a322b047-9b5c-47f3-a5f2-18dcbde5e93c" 
 xmlns:_xmlns="xmlns" _xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
 <Issuer xmlns="urn:oasis:names:tc:SAML:2.0:assertion" xmlns="urn:oasis:names:tc:SAML:2.0:assertion">https://sts.windows.net/<TenantIdGUID>/<Application ID></Issuer>
 <Signature xmlns="http://www.w3.org/2000/09/xmldsig#" xmlns="http://www.w3.org/2000/09/xmldsig#"> ... </Signature>
 <Status xmlns="urn:oasis:names:tc:SAML:2.0:protocol">
  <StatusCode xmlns="urn:oasis:names:tc:SAML:2.0:protocol" Value="urn:oasis:names:tc:SAML:2.0:status:Success"></StatusCode>
 </Status>
 <Assertion xmlns="urn:oasis:names:tc:SAML:2.0:assertion" ID="_d0711e3a-2ad4-4640-b19b-d5a928f5d601" IssueInstant="2024-03-04T12:39:15.286Z" Version="2.0" xmlns="urn:oasis:names:tc:SAML:2.0:assertion">
   <Issuer xmlns="urn:oasis:names:tc:SAML:2.0:assertion">https://sts.windows.net/<TenantIdGUID>/<Application ID></Issuer>
   <Signature xmlns="http://www.w3.org/2000/09/xmldsig#" xmlns="http://www.w3.org/2000/09/xmldsig#"> ... </Signature>
   <Subject xmlns="urn:oasis:names:tc:SAML:2.0:assertion"> ... </Subject>
   <Conditions xmlns="urn:oasis:names:tc:SAML:2.0:assertion" NotBefore="2024-03-04T12:34:15.184Z" NotOnOrAfter="2024-03-04T13:39:15.184Z"> ... </Conditions>
   <AttributeStatement xmlns="urn:oasis:names:tc:SAML:2.0:assertion"> ... </AttributeStatement>
   <AuthnStatement xmlns="urn:oasis:names:tc:SAML:2.0:assertion" AuthnInstant="2024-03-04T12:39:15.259Z" SessionIndex="_d0711e3a-2ad4-4640-b19b-d5a928f5d601"> ... </AuthnStatement>
 </Assertion>
</Response>

Logout response sketch: issuer is only https://sts.windows.net/<TenantIdGUID>/.

<LogoutResponse 
     xmlns="urn:oasis:names:tc:SAML:2.0:protocol" 
     ID="_8c2f2037-e315-4a9e-bda7-ab5980eb7ab5" 
     Version="2.0" 
     IssueInstant="2024-03-04T12:39:17.642Z" 
     Destination="https://192.168.14.2:8081/api/2/saml/logout" 
     InResponseTo="_416b6da8-be86-4797-a8f7-d3f3c804ce34" 
     xmlns:_xmlns="xmlns" _xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
     <Issuer xmlns="urn:oasis:names:tc:SAML:2.0:assertion" xmlns="urn:oasis:names:tc:SAML:2.0:assertion">https://sts.windows.net/<TenantIdGUID>/</Issuer>
     <Status xmlns="urn:oasis:names:tc:SAML:2.0:protocol">
          <StatusCode xmlns="urn:oasis:names:tc:SAML:2.0:protocol" Value="urn:oasis:names:tc:SAML:2.0:status:Success"></StatusCode>
     </Status>
</LogoutResponse>