When in configupdate you select SAML as the authentication method and point it to the metadata URL for Azure AD you get this error:
[Fatal Error] :1:1: Content is not allowed in prolog. Error saving configuration Authentication Method: 'Load on save': Unable to load SAML 2.0 metadata from the IDP: org.xml.sax.SAXParseException; lineNumber: 1; columnNumber: 1; Content is not allowed in prolog.
If you ignore the error it will still work since OSP is able to load and parse the metadata.
The error message is probably because Microsoft uses as Byte Order Mark (BOM) (<U+FEFF>) before the prolog in the metadata.
It would be great if configupdate could made tolerant of such metadata formats, i.e. UTF-8 with a BOM.