Yes we have opened a case and after checking the issue was resolved by disabling sdp certificate. The certificate was generated using the FW ca but we did not get the reason what was wrong with the certificate.
This issue usually happen when there is a mismatch in IDP or SP URLs addresses between the FortiGate and Microsoft Azure Single Sign-On page. Can you please verify that information and refer to this document for more detail:
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.