diff --git a/build/dependencies.props b/build/dependencies.props
index 9438d4d70e..aa3c765a75 100644
--- a/build/dependencies.props
+++ b/build/dependencies.props
@@ -8,6 +8,7 @@
     <MicrosoftSourceLinkGitHubVersion>1.0.0</MicrosoftSourceLinkGitHubVersion>
     <NetStandardVersion>2.0.3</NetStandardVersion>
     <NewtonsoftVersion>13.0.3</NewtonsoftVersion>
+    <SystemDiagnosticSourceVersion>6.0.2</SystemDiagnosticSourceVersion>
     <SystemMemoryVersion>4.5.5</SystemMemoryVersion>
     <SystemSecurityCryptographyCngVersion>4.5.0</SystemSecurityCryptographyCngVersion>
     <SystemTextJson>8.0.5</SystemTextJson>
diff --git a/build/dependenciesTest.props b/build/dependenciesTest.props
index 7cc73f438b..6bcbbd9361 100644
--- a/build/dependenciesTest.props
+++ b/build/dependenciesTest.props
@@ -7,6 +7,7 @@
     <MicrosoftNETTestSdkVersion>17.11.1</MicrosoftNETTestSdkVersion>
     <NetStandardVersion>2.0.3</NetStandardVersion>
     <NewtonsoftVersion>13.0.3</NewtonsoftVersion>
+    <OpenTelemetryVersion>1.6.0</OpenTelemetryVersion>
     <SystemNetHttp>4.3.4</SystemNetHttp>
     <SystemSecurityClaimsVersion>4.3.0</SystemSecurityClaimsVersion>
     <SystemTextJson>8.0.5</SystemTextJson>
diff --git a/src/Microsoft.IdentityModel.JsonWebTokens/InternalAPI.Unshipped.txt b/src/Microsoft.IdentityModel.JsonWebTokens/InternalAPI.Unshipped.txt
index cb23d777b2..7537e1ca98 100644
--- a/src/Microsoft.IdentityModel.JsonWebTokens/InternalAPI.Unshipped.txt
+++ b/src/Microsoft.IdentityModel.JsonWebTokens/InternalAPI.Unshipped.txt
@@ -1,3 +1,4 @@
+Microsoft.IdentityModel.JsonWebTokens.JsonWebTokenHandler._telemetryClient -> Microsoft.IdentityModel.Telemetry.ITelemetryClient
 static Microsoft.IdentityModel.JsonWebTokens.JsonWebTokenHandler.CreateToken(string payload, Microsoft.IdentityModel.Tokens.SecurityTokenDescriptor tokenDescriptor) -> string
 static Microsoft.IdentityModel.JsonWebTokens.JsonWebTokenHandler.EncryptToken(byte[] innerTokenUtf8Bytes, Microsoft.IdentityModel.Tokens.EncryptingCredentials encryptingCredentials, string compressionAlgorithm, System.Collections.Generic.IDictionary<string, object> additionalHeaderClaims, string tokenType, bool includeKeyIdInHeader) -> string
 static Microsoft.IdentityModel.JsonWebTokens.JsonWebTokenHandler.EncryptToken(byte[] innerTokenUtf8Bytes, Microsoft.IdentityModel.Tokens.SecurityTokenDescriptor tokenDescriptor) -> string
diff --git a/src/Microsoft.IdentityModel.JsonWebTokens/JsonWebTokenHandler.ValidateToken.cs b/src/Microsoft.IdentityModel.JsonWebTokens/JsonWebTokenHandler.ValidateToken.cs
index 918788932f..d01751bd4c 100644
--- a/src/Microsoft.IdentityModel.JsonWebTokens/JsonWebTokenHandler.ValidateToken.cs
+++ b/src/Microsoft.IdentityModel.JsonWebTokens/JsonWebTokenHandler.ValidateToken.cs
@@ -10,6 +10,7 @@
 using Microsoft.IdentityModel.Abstractions;
 using Microsoft.IdentityModel.Logging;
 using Microsoft.IdentityModel.Tokens;
+using Microsoft.IdentityModel.Telemetry;
 using TokenLogMessages = Microsoft.IdentityModel.Tokens.LogMessages;
 
 namespace Microsoft.IdentityModel.JsonWebTokens
@@ -17,6 +18,8 @@ namespace Microsoft.IdentityModel.JsonWebTokens
     /// <remarks>This partial class contains methods and logic related to the validation of tokens.</remarks>
     public partial class JsonWebTokenHandler : TokenHandler
     {
+        internal Telemetry.ITelemetryClient _telemetryClient = new TelemetryClient();
+
         /// <summary>
         /// Returns a value that indicates if this handler can validate a <see cref="SecurityToken"/>.
         /// </summary>
@@ -511,6 +514,10 @@ await ValidateJWEAsync(jsonWebToken, validationParameters, currentConfiguration)
                     // where a new valid configuration was somehow published during validation time.
                     if (currentConfiguration != null)
                     {
+                        _telemetryClient.IncrementConfigurationRefreshRequestCounter(
+                            validationParameters.ConfigurationManager.MetadataAddress,
+                            TelemetryConstants.Protocols.Lkg);
+
                         validationParameters.ConfigurationManager.RequestRefresh();
                         validationParameters.RefreshBeforeValidation = true;
                         var lastConfig = currentConfiguration;
diff --git a/src/Microsoft.IdentityModel.Protocols/Configuration/ConfigurationManager.cs b/src/Microsoft.IdentityModel.Protocols/Configuration/ConfigurationManager.cs
index fe6d70ff31..b5e6bf0eba 100644
--- a/src/Microsoft.IdentityModel.Protocols/Configuration/ConfigurationManager.cs
+++ b/src/Microsoft.IdentityModel.Protocols/Configuration/ConfigurationManager.cs
@@ -9,6 +9,7 @@
 using Microsoft.IdentityModel.Logging;
 using Microsoft.IdentityModel.Protocols.Configuration;
 using Microsoft.IdentityModel.Tokens;
+using Microsoft.IdentityModel.Telemetry;
 
 namespace Microsoft.IdentityModel.Protocols
 {
@@ -45,6 +46,7 @@ public class ConfigurationManager<T> : BaseConfigurationManager, IConfigurationM
         private int _configurationRetrieverState = ConfigurationRetrieverIdle;
 
         private readonly TimeProvider _timeProvider = TimeProvider.System;
+        internal ITelemetryClient TelemetryClient = new TelemetryClient();
 
         // If a refresh is requested, then do the refresh as a blocking operation
         // not on a background thread. RequestRefresh signals that the app is explicitly
@@ -53,6 +55,7 @@ public class ConfigurationManager<T> : BaseConfigurationManager, IConfigurationM
         // refresh interval has passed.
         bool _refreshRequested;
 
+
         /// <summary>
         /// Instantiates a new <see cref="ConfigurationManager{T}"/> that manages automatic and controls refreshing on configuration data.
         /// </summary>
@@ -190,7 +193,7 @@ public virtual async Task<T> GetConfigurationAsync(CancellationToken cancel)
                 try
                 {
                     // Don't use the individual CT here, this is a shared operation that shouldn't be affected by an individual's cancellation.
-                    // The transport should have it's own timeouts, etc.
+                    // The transport should have its own timeouts, etc.
                     T configuration = await _configRetriever.GetConfigurationAsync(
                         MetadataAddress,
                         _docRetriever,
@@ -201,18 +204,29 @@ public virtual async Task<T> GetConfigurationAsync(CancellationToken cancel)
                         ConfigurationValidationResult result = _configValidator.Validate(configuration);
                         // in this case we have never had a valid configuration, so we will throw an exception if the validation fails
                         if (!result.Succeeded)
-                            throw LogHelper.LogExceptionMessage(
-                                new InvalidConfigurationException(
-                                    LogHelper.FormatInvariant(
-                                        LogMessages.IDX20810,
-                                        result.ErrorMessage)));
+                        {
+                            var ex = new InvalidConfigurationException(
+                                LogHelper.FormatInvariant(
+                                    LogMessages.IDX20810,
+                                    result.ErrorMessage));
+
+                            throw LogHelper.LogExceptionMessage(ex);
+                        }
                     }
 
+                    TelemetryClient.IncrementConfigurationRefreshRequestCounter(
+                        MetadataAddress,
+                        TelemetryConstants.Protocols.FirstRefresh);
+
                     UpdateConfiguration(configuration);
                 }
                 catch (Exception ex)
                 {
                     fetchMetadataFailure = ex;
+                    TelemetryClient.IncrementConfigurationRefreshRequestCounter(
+                        MetadataAddress,
+                        TelemetryConstants.Protocols.FirstRefresh,
+                        ex);
 
                     LogHelper.LogExceptionMessage(
                         new InvalidOperationException(
@@ -234,11 +248,22 @@ public virtual async Task<T> GetConfigurationAsync(CancellationToken cancel)
                 {
                     if (_refreshRequested)
                     {
+                        // Log as manual because RequestRefresh was called
+                        TelemetryClient.IncrementConfigurationRefreshRequestCounter(
+                            MetadataAddress,
+                            TelemetryConstants.Protocols.Manual);
+
                         UpdateCurrentConfiguration();
                         _refreshRequested = false;
                     }
                     else
+                    {
+                        TelemetryClient.IncrementConfigurationRefreshRequestCounter(
+                            MetadataAddress,
+                            TelemetryConstants.Protocols.Automatic);
+
                         _ = Task.Run(UpdateCurrentConfiguration, CancellationToken.None);
+                    }
                 }
             }
 
@@ -264,6 +289,8 @@ public virtual async Task<T> GetConfigurationAsync(CancellationToken cancel)
         private void UpdateCurrentConfiguration()
         {
 #pragma warning disable CA1031 // Do not catch general exception types
+            long startTimestamp = _timeProvider.GetTimestamp();
+
             try
             {
                 T configuration = _configRetriever.GetConfigurationAsync(
@@ -271,6 +298,11 @@ private void UpdateCurrentConfiguration()
                     _docRetriever,
                     CancellationToken.None).ConfigureAwait(false).GetAwaiter().GetResult();
 
+                var elapsedTime = _timeProvider.GetElapsedTime(startTimestamp);
+                TelemetryClient.LogConfigurationRetrievalDuration(
+                    MetadataAddress,
+                    elapsedTime);
+
                 if (_configValidator == null)
                 {
                     UpdateConfiguration(configuration);
@@ -291,6 +323,12 @@ private void UpdateCurrentConfiguration()
             }
             catch (Exception ex)
             {
+                var elapsedTime = _timeProvider.GetElapsedTime(startTimestamp);
+                TelemetryClient.LogConfigurationRetrievalDuration(
+                    MetadataAddress,
+                    elapsedTime,
+                    ex);
+
                 LogHelper.LogExceptionMessage(
                     new InvalidOperationException(
                         LogHelper.FormatInvariant(
@@ -336,7 +374,7 @@ ref Unsafe.As<DateTime, long>(ref _lastRequestRefresh),
         /// Obtains an updated version of Configuration.
         /// </summary>
         /// <param name="cancel">CancellationToken</param>
-        /// <returns>Configuration of type BaseConfiguration    .</returns>
+        /// <returns>Configuration of type BaseConfiguration.</returns>
         /// <remarks>If the time since the last call is less than <see cref="BaseConfigurationManager.AutomaticRefreshInterval"/> then <see cref="IConfigurationRetriever{T}.GetConfigurationAsync"/> is not called and the current Configuration is returned.</remarks>
         public override async Task<BaseConfiguration> GetBaseConfigurationAsync(CancellationToken cancel)
         {
@@ -353,6 +391,7 @@ public override async Task<BaseConfiguration> GetBaseConfigurationAsync(Cancella
         public override void RequestRefresh()
         {
             DateTime now = _timeProvider.GetUtcNow().UtcDateTime;
+
             if (now >= DateTimeUtil.Add(LastRequestRefresh, RefreshInterval) || _isFirstRefreshRequest)
             {
                 _isFirstRefreshRequest = false;
diff --git a/src/Microsoft.IdentityModel.Protocols/InternalAPI.Unshipped.txt b/src/Microsoft.IdentityModel.Protocols/InternalAPI.Unshipped.txt
index e69de29bb2..98597bed68 100644
--- a/src/Microsoft.IdentityModel.Protocols/InternalAPI.Unshipped.txt
+++ b/src/Microsoft.IdentityModel.Protocols/InternalAPI.Unshipped.txt
@@ -0,0 +1,2 @@
+Microsoft.IdentityModel.Protocols.ConfigurationManager<T>.TelemetryClient -> Microsoft.IdentityModel.Telemetry.ITelemetryClient
+Microsoft.IdentityModel.Protocols.ConfigurationManager<T>.TimeProvider -> System.TimeProvider
diff --git a/src/Microsoft.IdentityModel.Protocols/InternalsVisibleTo.cs b/src/Microsoft.IdentityModel.Protocols/InternalsVisibleTo.cs
new file mode 100644
index 0000000000..5e00856ea6
--- /dev/null
+++ b/src/Microsoft.IdentityModel.Protocols/InternalsVisibleTo.cs
@@ -0,0 +1,4 @@
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License.
+
+[assembly: System.Runtime.CompilerServices.InternalsVisibleTo("Microsoft.IdentityModel.Protocols.OpenIdConnect.Tests, PublicKey=0024000004800000940000000602000000240000525341310004000001000100b5fc90e7027f67871e773a8fde8938c81dd402ba65b9201d60593e96c492651e889cc13f1415ebb53fac1131ae0bd333c5ee6021672d9718ea31a8aebd0da0072f25d87dba6fc90ffd598ed4da35e44c398c454307e8e33b8426143daec9f596836f97c8f74750e5975c64e2189f45def46b2a2b1247adc3652bf5c308055da9")]
diff --git a/src/Microsoft.IdentityModel.Tokens/InternalAPI.Unshipped.txt b/src/Microsoft.IdentityModel.Tokens/InternalAPI.Unshipped.txt
index 14d2d3493a..58044612f2 100644
--- a/src/Microsoft.IdentityModel.Tokens/InternalAPI.Unshipped.txt
+++ b/src/Microsoft.IdentityModel.Tokens/InternalAPI.Unshipped.txt
@@ -1,3 +1,16 @@
+const Microsoft.IdentityModel.Telemetry.TelemetryConstants.ExceptionTypeTag = "ExceptionType" -> string
+const Microsoft.IdentityModel.Telemetry.TelemetryConstants.IdentityModelVersionTag = "IdentityModelVersion" -> string
+const Microsoft.IdentityModel.Telemetry.TelemetryConstants.MetadataAddressTag = "MetadataAddress" -> string
+const Microsoft.IdentityModel.Telemetry.TelemetryConstants.OperationStatusTag = "OperationStatus" -> string
+const Microsoft.IdentityModel.Telemetry.TelemetryConstants.Protocols.Automatic = "Automatic" -> string
+const Microsoft.IdentityModel.Telemetry.TelemetryConstants.Protocols.ConfigurationInvalid = "ConfigurationInvalid" -> string
+const Microsoft.IdentityModel.Telemetry.TelemetryConstants.Protocols.ConfigurationRetrievalFailed = "ConfigurationRetrievalFailed" -> string
+const Microsoft.IdentityModel.Telemetry.TelemetryConstants.Protocols.FirstRefresh = "FirstRefresh" -> string
+const Microsoft.IdentityModel.Telemetry.TelemetryConstants.Protocols.Lkg = "LastKnownGood" -> string
+const Microsoft.IdentityModel.Telemetry.TelemetryConstants.Protocols.Manual = "Manual" -> string
+const Microsoft.IdentityModel.Telemetry.TelemetryDataRecorder.IdentityModelConfigurationManagerCounterDescription = "Counter capturing configuration manager operations." -> string
+const Microsoft.IdentityModel.Telemetry.TelemetryDataRecorder.IdentityModelConfigurationManagerCounterName = "IdentityModelConfigurationManager" -> string
+const Microsoft.IdentityModel.Telemetry.TelemetryDataRecorder.TotalDurationHistogramName = "IdentityModelConfigurationRequestTotalDurationInMS" -> string
 const Microsoft.IdentityModel.Tokens.LogMessages.IDX10002 = "IDX10002: Unknown exception type returned. Type: '{0}'. Message: '{1}'." -> string
 const Microsoft.IdentityModel.Tokens.LogMessages.IDX10268 = "IDX10268: Unable to validate audience, validationParameters.ValidAudiences.Count == 0." -> string
 const Microsoft.IdentityModel.Tokens.LogMessages.IDX10269 = "IDX10269: IssuerValidationDelegate threw an exception, see inner exception." -> string
@@ -8,7 +21,36 @@ const Microsoft.IdentityModel.Tokens.LogMessages.IDX10273 = "IDX10273: Algorithm
 const Microsoft.IdentityModel.Tokens.LogMessages.IDX10274 = "IDX10274: IssuerSigningKeyValidationDelegate threw an exception, see inner exception." -> string
 const Microsoft.IdentityModel.Tokens.LogMessages.IDX10275 = "IDX10275: TokenTypeValidationDelegate threw an exception, see inner exception." -> string
 const Microsoft.IdentityModel.Tokens.LogMessages.IDX10276 = "IDX10276: TokenReplayValidationDelegate threw an exception, see inner exception." -> string
+const Microsoft.IdentityModel.Telemetry.TelemetryConstants.ExceptionTypeTag = "ExceptionType" -> string
+const Microsoft.IdentityModel.Telemetry.TelemetryConstants.IdentityModelVersionTag = "IdentityModelVersion" -> string
+const Microsoft.IdentityModel.Telemetry.TelemetryConstants.MetadataAddressTag = "MetadataAddress" -> string
+const Microsoft.IdentityModel.Telemetry.TelemetryConstants.OperationStatusTag = "OperationStatus" -> string
+const Microsoft.IdentityModel.Telemetry.TelemetryConstants.Protocols.Automatic = "Automatic" -> string
+const Microsoft.IdentityModel.Telemetry.TelemetryConstants.Protocols.ConfigurationInvalid = "ConfigurationInvalid" -> string
+const Microsoft.IdentityModel.Telemetry.TelemetryConstants.Protocols.ConfigurationRetrievalFailed = "ConfigurationRetrievalFailed" -> string
+const Microsoft.IdentityModel.Telemetry.TelemetryConstants.Protocols.FirstRefresh = "FirstRefresh" -> string
 const Microsoft.IdentityModel.Tokens.LogMessages.IDX10277 = "IDX10277: RequireAudience property on ValidationParameters is set to false. Exiting without validating the audience." -> string
+const Microsoft.IdentityModel.Telemetry.TelemetryConstants.Protocols.Lkg = "LastKnownGood" -> string
+const Microsoft.IdentityModel.Telemetry.TelemetryConstants.Protocols.Manual = "Manual" -> string
+const Microsoft.IdentityModel.Telemetry.TelemetryDataRecorder.IdentityModelConfigurationManagerCounterDescription = "Counter capturing configuration manager operations." -> string
+const Microsoft.IdentityModel.Telemetry.TelemetryDataRecorder.IdentityModelConfigurationManagerCounterName = "IdentityModelConfigurationManager" -> string
+const Microsoft.IdentityModel.Telemetry.TelemetryDataRecorder.TotalDurationHistogramName = "IdentityModelConfigurationRequestTotalDurationInMS" -> string
+Microsoft.IdentityModel.Telemetry.ITelemetryClient
+Microsoft.IdentityModel.Telemetry.ITelemetryClient.IncrementConfigurationRefreshRequestCounter(string metadataAddress, string operationStatus) -> void
+Microsoft.IdentityModel.Telemetry.ITelemetryClient.IncrementConfigurationRefreshRequestCounter(string metadataAddress, string operationStatus, System.Exception exception) -> void
+Microsoft.IdentityModel.Telemetry.ITelemetryClient.LogConfigurationRetrievalDuration(string metadataAddress, System.TimeSpan operationDuration) -> void
+Microsoft.IdentityModel.Telemetry.ITelemetryClient.LogConfigurationRetrievalDuration(string metadataAddress, System.TimeSpan operationDuration, System.Exception exception) -> void
+Microsoft.IdentityModel.Telemetry.TelemetryClient
+Microsoft.IdentityModel.Telemetry.TelemetryClient.ClientVer -> string
+Microsoft.IdentityModel.Telemetry.TelemetryClient.IncrementConfigurationRefreshRequestCounter(string metadataAddress, string operationStatus) -> void
+Microsoft.IdentityModel.Telemetry.TelemetryClient.IncrementConfigurationRefreshRequestCounter(string metadataAddress, string operationStatus, System.Exception exception) -> void
+Microsoft.IdentityModel.Telemetry.TelemetryClient.LogConfigurationRetrievalDuration(string metadataAddress, System.TimeSpan operationDuration) -> void
+Microsoft.IdentityModel.Telemetry.TelemetryClient.LogConfigurationRetrievalDuration(string metadataAddress, System.TimeSpan operationDuration, System.Exception exception) -> void
+Microsoft.IdentityModel.Telemetry.TelemetryClient.TelemetryClient() -> void
+Microsoft.IdentityModel.Telemetry.TelemetryConstants
+Microsoft.IdentityModel.Telemetry.TelemetryConstants.Protocols
+Microsoft.IdentityModel.Telemetry.TelemetryDataRecorder
+Microsoft.IdentityModel.Telemetry.TelemetryDataRecorder.TelemetryDataRecorder() -> void
 Microsoft.IdentityModel.Tokens.AlgorithmValidationError
 Microsoft.IdentityModel.Tokens.AlgorithmValidationError.AlgorithmValidationError(Microsoft.IdentityModel.Tokens.MessageDetail messageDetail, Microsoft.IdentityModel.Tokens.ValidationFailureType validationFailureType, System.Type exceptionType, System.Diagnostics.StackFrame stackFrame, string invalidAlgorithm, System.Exception innerException = null) -> void
 Microsoft.IdentityModel.Tokens.AlgorithmValidationError.InvalidAlgorithm.get -> string
@@ -37,9 +79,25 @@ Microsoft.IdentityModel.Tokens.SecurityTokenInvalidOperationException.SecurityTo
 Microsoft.IdentityModel.Tokens.SignatureValidationError
 Microsoft.IdentityModel.Tokens.SignatureValidationError.InnerValidationError.get -> Microsoft.IdentityModel.Tokens.ValidationError
 Microsoft.IdentityModel.Tokens.SignatureValidationError.SignatureValidationError(Microsoft.IdentityModel.Tokens.MessageDetail messageDetail, Microsoft.IdentityModel.Tokens.ValidationFailureType validationFailureType, System.Type exceptionType, System.Diagnostics.StackFrame stackFrame, Microsoft.IdentityModel.Tokens.ValidationError innerValidationError = null, System.Exception innerException = null) -> void
+Microsoft.IdentityModel.Telemetry.ITelemetryClient
+Microsoft.IdentityModel.Telemetry.ITelemetryClient.IncrementConfigurationRefreshRequestCounter(string metadataAddress, string operationStatus) -> void
+Microsoft.IdentityModel.Telemetry.ITelemetryClient.IncrementConfigurationRefreshRequestCounter(string metadataAddress, string operationStatus, System.Exception exception) -> void
+Microsoft.IdentityModel.Telemetry.ITelemetryClient.LogConfigurationRetrievalDuration(string metadataAddress, System.TimeSpan operationDuration) -> void
+Microsoft.IdentityModel.Telemetry.ITelemetryClient.LogConfigurationRetrievalDuration(string metadataAddress, System.TimeSpan operationDuration, System.Exception exception) -> void
+Microsoft.IdentityModel.Telemetry.TelemetryClient
+Microsoft.IdentityModel.Telemetry.TelemetryClient.ClientVer -> string
+Microsoft.IdentityModel.Telemetry.TelemetryClient.IncrementConfigurationRefreshRequestCounter(string metadataAddress, string operationStatus) -> void
+Microsoft.IdentityModel.Telemetry.TelemetryClient.IncrementConfigurationRefreshRequestCounter(string metadataAddress, string operationStatus, System.Exception exception) -> void
+Microsoft.IdentityModel.Telemetry.TelemetryClient.LogConfigurationRetrievalDuration(string metadataAddress, System.TimeSpan operationDuration) -> void
+Microsoft.IdentityModel.Telemetry.TelemetryClient.LogConfigurationRetrievalDuration(string metadataAddress, System.TimeSpan operationDuration, System.Exception exception) -> void
+Microsoft.IdentityModel.Telemetry.TelemetryClient.TelemetryClient() -> void
+Microsoft.IdentityModel.Telemetry.TelemetryDataRecorder
+Microsoft.IdentityModel.Telemetry.TelemetryDataRecorder.TelemetryDataRecorder() -> void
 Microsoft.IdentityModel.Tokens.TokenReplayValidationError
 Microsoft.IdentityModel.Tokens.TokenReplayValidationError.ExpirationTime.get -> System.DateTime?
 Microsoft.IdentityModel.Tokens.TokenReplayValidationError.TokenReplayValidationError(Microsoft.IdentityModel.Tokens.MessageDetail messageDetail, Microsoft.IdentityModel.Tokens.ValidationFailureType validationFailureType, System.Type exceptionType, System.Diagnostics.StackFrame stackFrame, System.DateTime? expirationTime, System.Exception innerException = null) -> void
+Microsoft.IdentityModel.Telemetry.TelemetryConstants
+Microsoft.IdentityModel.Telemetry.TelemetryConstants.Protocols
 Microsoft.IdentityModel.Tokens.TokenTypeValidationError
 Microsoft.IdentityModel.Tokens.TokenTypeValidationError.InvalidTokenType.get -> string
 Microsoft.IdentityModel.Tokens.TokenTypeValidationError.TokenTypeValidationError(Microsoft.IdentityModel.Tokens.MessageDetail messageDetail, Microsoft.IdentityModel.Tokens.ValidationFailureType validationFailureType, System.Type exceptionType, System.Diagnostics.StackFrame stackFrame, string invalidTokenType, System.Exception innerException = null) -> void
@@ -61,15 +119,23 @@ override Microsoft.IdentityModel.Tokens.IssuerSigningKeyValidationError.GetExcep
 override Microsoft.IdentityModel.Tokens.SignatureValidationError.GetException() -> System.Exception
 override Microsoft.IdentityModel.Tokens.TokenReplayValidationError.GetException() -> System.Exception
 override Microsoft.IdentityModel.Tokens.TokenTypeValidationError.GetException() -> System.Exception
+static Microsoft.IdentityModel.Telemetry.TelemetryDataRecorder.IncrementConfigurationRefreshRequestCounter(in System.Diagnostics.TagList tagList) -> void
+static Microsoft.IdentityModel.Telemetry.TelemetryDataRecorder.RecordConfigurationRetrievalDurationHistogram(long requestDurationInMs, in System.Diagnostics.TagList tagList) -> void
 static Microsoft.IdentityModel.Tokens.IssuerSigningKeyValidationError.NullParameter(string parameterName, System.Diagnostics.StackFrame stackFrame) -> Microsoft.IdentityModel.Tokens.IssuerSigningKeyValidationError
 static Microsoft.IdentityModel.Tokens.SignatureValidationError.NullParameter(string parameterName, System.Diagnostics.StackFrame stackFrame) -> Microsoft.IdentityModel.Tokens.SignatureValidationError
+static Microsoft.IdentityModel.Telemetry.TelemetryDataRecorder.IncrementConfigurationRefreshRequestCounter(in System.Diagnostics.TagList tagList) -> void
+static Microsoft.IdentityModel.Telemetry.TelemetryDataRecorder.RecordConfigurationRetrievalDurationHistogram(long requestDurationInMs, in System.Diagnostics.TagList tagList) -> void
 static Microsoft.IdentityModel.Tokens.TokenReplayValidationError.NullParameter(string parameterName, System.Diagnostics.StackFrame stackFrame) -> Microsoft.IdentityModel.Tokens.TokenReplayValidationError
 static Microsoft.IdentityModel.Tokens.TokenTypeValidationError.NullParameter(string parameterName, System.Diagnostics.StackFrame stackFrame) -> Microsoft.IdentityModel.Tokens.TokenTypeValidationError
 static Microsoft.IdentityModel.Tokens.Base64UrlEncoder.Decode(System.ReadOnlySpan<char> strSpan, System.Span<byte> output) -> int
 static Microsoft.IdentityModel.Tokens.Utility.SerializeAsSingleCommaDelimitedString(System.Collections.Generic.IList<string> strings) -> string
 static Microsoft.IdentityModel.Tokens.ValidationError.GetCurrentStackFrame(string filePath = "", int lineNumber = 0, int skipFrames = 1) -> System.Diagnostics.StackFrame
+static readonly Microsoft.IdentityModel.Telemetry.TelemetryDataRecorder.ConfigurationManagerCounter -> System.Diagnostics.Metrics.Counter<long>
+static readonly Microsoft.IdentityModel.Telemetry.TelemetryDataRecorder.TotalDurationHistogram -> System.Diagnostics.Metrics.Histogram<long>
 static readonly Microsoft.IdentityModel.Tokens.LoggingEventId.TokenValidationFailed -> Microsoft.Extensions.Logging.EventId
 static readonly Microsoft.IdentityModel.Tokens.LoggingEventId.TokenValidationSucceeded -> Microsoft.Extensions.Logging.EventId
+static readonly Microsoft.IdentityModel.Telemetry.TelemetryDataRecorder.ConfigurationManagerCounter -> System.Diagnostics.Metrics.Counter<long>
+static readonly Microsoft.IdentityModel.Telemetry.TelemetryDataRecorder.TotalDurationHistogram -> System.Diagnostics.Metrics.Histogram<long>
 static readonly Microsoft.IdentityModel.Tokens.ValidationFailureType.AlgorithmValidatorThrew -> Microsoft.IdentityModel.Tokens.ValidationFailureType
 static readonly Microsoft.IdentityModel.Tokens.ValidationFailureType.AudienceValidatorThrew -> Microsoft.IdentityModel.Tokens.ValidationFailureType
 static readonly Microsoft.IdentityModel.Tokens.ValidationFailureType.IssuerSigningKeyValidatorThrew -> Microsoft.IdentityModel.Tokens.ValidationFailureType
diff --git a/src/Microsoft.IdentityModel.Tokens/Microsoft.IdentityModel.Tokens.csproj b/src/Microsoft.IdentityModel.Tokens/Microsoft.IdentityModel.Tokens.csproj
index b342d4f1f2..25eb2bbc34 100644
--- a/src/Microsoft.IdentityModel.Tokens/Microsoft.IdentityModel.Tokens.csproj
+++ b/src/Microsoft.IdentityModel.Tokens/Microsoft.IdentityModel.Tokens.csproj
@@ -53,6 +53,10 @@
     <PackageReference Include="System.Memory" Version="$(SystemMemoryVersion)" />
   </ItemGroup>
 
+  <ItemGroup Condition="'$(TargetFrameworkIdentifier)' == '.NETFramework' or '$(TargetFramework)' == 'netstandard2.0' ">
+    <PackageReference Include="System.Diagnostics.DiagnosticSource" Version="$(SystemDiagnosticSourceVersion)" />
+  </ItemGroup>
+
   <ItemGroup Condition="'$(TargetFrameworkIdentifier)' != '.NETCoreApp'">
     <PackageReference Include="System.Text.Json" Version="$(SystemTextJson)" />
   </ItemGroup>
diff --git a/src/Microsoft.IdentityModel.Tokens/Telemetry/ITelemetryClient.cs b/src/Microsoft.IdentityModel.Tokens/Telemetry/ITelemetryClient.cs
new file mode 100644
index 0000000000..656fb6bdf5
--- /dev/null
+++ b/src/Microsoft.IdentityModel.Tokens/Telemetry/ITelemetryClient.cs
@@ -0,0 +1,28 @@
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License.
+
+using System;
+
+namespace Microsoft.IdentityModel.Telemetry
+{
+    internal interface ITelemetryClient
+    {
+        internal void LogConfigurationRetrievalDuration(
+            string metadataAddress,
+            TimeSpan operationDuration);
+
+        internal void LogConfigurationRetrievalDuration(
+            string metadataAddress,
+            TimeSpan operationDuration,
+            Exception exception);
+
+        internal void IncrementConfigurationRefreshRequestCounter(
+            string metadataAddress,
+            string operationStatus);
+
+        internal void IncrementConfigurationRefreshRequestCounter(
+            string metadataAddress,
+            string operationStatus,
+            Exception exception);
+    }
+}
diff --git a/src/Microsoft.IdentityModel.Tokens/Telemetry/TelemetryClient.cs b/src/Microsoft.IdentityModel.Tokens/Telemetry/TelemetryClient.cs
new file mode 100644
index 0000000000..20cbfcf15b
--- /dev/null
+++ b/src/Microsoft.IdentityModel.Tokens/Telemetry/TelemetryClient.cs
@@ -0,0 +1,67 @@
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License.
+
+using System;
+using System.Diagnostics;
+using Microsoft.IdentityModel.Logging;
+
+namespace Microsoft.IdentityModel.Telemetry
+{
+    /// <summary>
+    /// Prepares <see cref="TagList"/>s using the provided data and sends them to <see cref="TelemetryDataRecorder"/> for recording.
+    /// </summary>
+    internal class TelemetryClient : ITelemetryClient
+    {
+        public string ClientVer = IdentityModelTelemetryUtil.ClientVer;
+
+        public void IncrementConfigurationRefreshRequestCounter(string metadataAddress, string operationStatus)
+        {
+            var tagList = new TagList()
+            {
+                { TelemetryConstants.IdentityModelVersionTag, ClientVer },
+                { TelemetryConstants.MetadataAddressTag, metadataAddress },
+                { TelemetryConstants.OperationStatusTag, operationStatus }
+            };
+
+            TelemetryDataRecorder.IncrementConfigurationRefreshRequestCounter(tagList);
+        }
+
+        public void IncrementConfigurationRefreshRequestCounter(string metadataAddress, string operationStatus, Exception exception)
+        {
+            var tagList = new TagList()
+            {
+                { TelemetryConstants.IdentityModelVersionTag, ClientVer },
+                { TelemetryConstants.MetadataAddressTag, metadataAddress },
+                { TelemetryConstants.OperationStatusTag, operationStatus },
+                { TelemetryConstants.ExceptionTypeTag, exception.GetType().ToString() }
+            };
+
+            TelemetryDataRecorder.IncrementConfigurationRefreshRequestCounter(tagList);
+        }
+
+        public void LogConfigurationRetrievalDuration(string metadataAddress, TimeSpan operationDuration)
+        {
+            var tagList = new TagList()
+            {
+                { TelemetryConstants.IdentityModelVersionTag, ClientVer },
+                { TelemetryConstants.MetadataAddressTag, metadataAddress },
+            };
+
+            long durationInMilliseconds = (long)operationDuration.TotalMilliseconds;
+            TelemetryDataRecorder.RecordConfigurationRetrievalDurationHistogram(durationInMilliseconds, tagList);
+        }
+
+        public void LogConfigurationRetrievalDuration(string metadataAddress, TimeSpan operationDuration, Exception exception)
+        {
+            var tagList = new TagList()
+            {
+                { TelemetryConstants.IdentityModelVersionTag, ClientVer },
+                { TelemetryConstants.MetadataAddressTag, metadataAddress },
+                { TelemetryConstants.ExceptionTypeTag, exception.GetType().ToString() }
+            };
+
+            long durationInMilliseconds = (long)operationDuration.TotalMilliseconds;
+            TelemetryDataRecorder.RecordConfigurationRetrievalDurationHistogram(durationInMilliseconds, tagList);
+        }
+    }
+}
diff --git a/src/Microsoft.IdentityModel.Tokens/Telemetry/TelemetryConstants.cs b/src/Microsoft.IdentityModel.Tokens/Telemetry/TelemetryConstants.cs
new file mode 100644
index 0000000000..a4d9449e75
--- /dev/null
+++ b/src/Microsoft.IdentityModel.Tokens/Telemetry/TelemetryConstants.cs
@@ -0,0 +1,67 @@
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License.
+
+namespace Microsoft.IdentityModel.Telemetry
+{
+    internal static class TelemetryConstants
+    {
+        // Static attribute tags
+
+        /// <summary>
+        /// Telemetry tag indicating the version of the IdentityModel library.
+        /// </summary>
+        public const string IdentityModelVersionTag = "IdentityModelVersion";
+
+        /// <summary>
+        /// Telemetry tag indicating the endpoint from which a configuration is retrieved.
+        /// </summary>
+        public const string MetadataAddressTag = "MetadataAddress";
+
+        /// <summary>
+        /// Telemetry tag describing the operation being performed.
+        /// </summary>
+        public const string OperationStatusTag = "OperationStatus";
+
+        /// <summary>
+        /// Telemetry tag indicating the type of exception that occurred.
+        /// </summary>
+        public const string ExceptionTypeTag = "ExceptionType";
+
+        public static class Protocols
+        {
+            // Configuration manager refresh statuses
+
+            /// <summary>
+            /// Telemetry tag indicating configuration retrieval after the refresh interval has expired.
+            /// </summary>
+            public const string Automatic = "Automatic";
+
+            /// <summary>
+            /// Telemetry tag indicating configuration retrieval per a call to RequestRefresh.
+            /// </summary>
+            public const string Manual = "Manual";
+
+            /// <summary>
+            /// Telemetry tag indicating configuration retrieval when there is no previously cached configuration.
+            /// </summary>
+            public const string FirstRefresh = "FirstRefresh";
+
+            /// <summary>
+            /// Telemetry tag indicating configuration retrieval when the last known good configuration is needed.
+            /// </summary>
+            public const string Lkg = "LastKnownGood";
+
+            // Configuration manager exception types
+
+            /// <summary>
+            /// Telemetry tag indicating that configuration could not be sucessfully validated after retrieval.
+            /// </summary>
+            public const string ConfigurationInvalid = "ConfigurationInvalid";
+
+            /// <summary>
+            /// Telemetry tag indicating that configuration could not be retrieved successfully.
+            /// </summary>
+            public const string ConfigurationRetrievalFailed = "ConfigurationRetrievalFailed";
+        }
+    }
+}
diff --git a/src/Microsoft.IdentityModel.Tokens/Telemetry/TelemetryDataRecorder.cs b/src/Microsoft.IdentityModel.Tokens/Telemetry/TelemetryDataRecorder.cs
new file mode 100644
index 0000000000..5023606081
--- /dev/null
+++ b/src/Microsoft.IdentityModel.Tokens/Telemetry/TelemetryDataRecorder.cs
@@ -0,0 +1,51 @@
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License.
+
+using System.Diagnostics;
+using System.Diagnostics.Metrics;
+
+namespace Microsoft.IdentityModel.Telemetry
+{
+    /// <summary>
+    /// Pushes telemetry data to the configured <see cref="Counter{T}"/> or <see cref="Histogram{T}"/>.
+    /// </summary>
+    internal class TelemetryDataRecorder
+    {
+        /// <summary>
+        /// Meter name for MicrosoftIdentityModel.
+        /// </summary>
+        private const string MeterName = "MicrosoftIdentityModel_Meter";
+
+        /// <summary>
+        /// The meter responsible for creating instruments.
+        /// </summary>
+        private static readonly Meter IdentityModelMeter = new(MeterName, "1.0.0");
+
+        internal const string TotalDurationHistogramName = "IdentityModelConfigurationRequestTotalDurationInMS";
+
+        /// <summary>
+        /// Counter to capture configuration refresh requests to ConfigurationManager.
+        /// </summary>
+        internal const string IdentityModelConfigurationManagerCounterName = "IdentityModelConfigurationManager";
+        internal const string IdentityModelConfigurationManagerCounterDescription = "Counter capturing configuration manager operations.";
+        internal static readonly Counter<long> ConfigurationManagerCounter = IdentityModelMeter.CreateCounter<long>(IdentityModelConfigurationManagerCounterName, description: IdentityModelConfigurationManagerCounterDescription);
+
+        /// <summary>
+        /// Histogram to capture total duration of configuration retrieval by ConfigurationManager in milliseconds.
+        /// </summary>
+        internal static readonly Histogram<long> TotalDurationHistogram = IdentityModelMeter.CreateHistogram<long>(
+            TotalDurationHistogramName,
+            unit: "ms",
+            description: "Configuration retrieval latency during configuration manager operations.");
+
+        internal static void RecordConfigurationRetrievalDurationHistogram(long requestDurationInMs, in TagList tagList)
+        {
+            TotalDurationHistogram.Record(requestDurationInMs, tagList);
+        }
+
+        internal static void IncrementConfigurationRefreshRequestCounter(in TagList tagList)
+        {
+            ConfigurationManagerCounter.Add(1, tagList);
+        }
+    }
+}
diff --git a/src/System.IdentityModel.Tokens.Jwt/InternalAPI.Unshipped.txt b/src/System.IdentityModel.Tokens.Jwt/InternalAPI.Unshipped.txt
index 47d5d10352..102ca896eb 100644
--- a/src/System.IdentityModel.Tokens.Jwt/InternalAPI.Unshipped.txt
+++ b/src/System.IdentityModel.Tokens.Jwt/InternalAPI.Unshipped.txt
@@ -1,2 +1,3 @@
 System.IdentityModel.Tokens.Jwt.JwtHeader.JwtHeader(Microsoft.IdentityModel.Tokens.EncryptingCredentials encryptingCredentials, System.Collections.Generic.IDictionary<string, string> outboundAlgorithmMap, string tokenType, System.Collections.Generic.IDictionary<string, object> additionalHeaderClaims, bool includeKeyIdInHeader) -> void
-System.IdentityModel.Tokens.Jwt.JwtHeader.JwtHeader(Microsoft.IdentityModel.Tokens.SigningCredentials signingCredentials, System.Collections.Generic.IDictionary<string, string> outboundAlgorithmMap, string tokenType, System.Collections.Generic.IDictionary<string, object> additionalInnerHeaderClaims, bool includeKeyIdInHeader) -> void
\ No newline at end of file
+System.IdentityModel.Tokens.Jwt.JwtHeader.JwtHeader(Microsoft.IdentityModel.Tokens.SigningCredentials signingCredentials, System.Collections.Generic.IDictionary<string, string> outboundAlgorithmMap, string tokenType, System.Collections.Generic.IDictionary<string, object> additionalInnerHeaderClaims, bool includeKeyIdInHeader) -> void
+System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.TelemetryClient -> Microsoft.IdentityModel.Telemetry.ITelemetryClient
diff --git a/src/System.IdentityModel.Tokens.Jwt/JwtSecurityTokenHandler.cs b/src/System.IdentityModel.Tokens.Jwt/JwtSecurityTokenHandler.cs
index f108b9dbf5..9c52fef4aa 100644
--- a/src/System.IdentityModel.Tokens.Jwt/JwtSecurityTokenHandler.cs
+++ b/src/System.IdentityModel.Tokens.Jwt/JwtSecurityTokenHandler.cs
@@ -15,6 +15,7 @@
 using Microsoft.IdentityModel.JsonWebTokens;
 using Microsoft.IdentityModel.Logging;
 using Microsoft.IdentityModel.Tokens;
+using Microsoft.IdentityModel.Telemetry;
 using TokenLogMessages = Microsoft.IdentityModel.Tokens.LogMessages;
 
 namespace System.IdentityModel.Tokens.Jwt
@@ -36,6 +37,8 @@ public class JwtSecurityTokenHandler : SecurityTokenHandler
         private static string _shortClaimType = _namespace + "/ShortTypeName";
         private bool _mapInboundClaims = DefaultMapInboundClaims;
 
+        internal Microsoft.IdentityModel.Telemetry.ITelemetryClient TelemetryClient = new TelemetryClient();
+
         /// <summary>
         /// Default claim type mapping for inbound claims.
         /// </summary>
@@ -887,6 +890,10 @@ private ClaimsPrincipal ValidateToken(string token, JwtSecurityToken outerToken,
                     // where a new valid configuration was somehow published during validation time.
                     if (currentConfiguration != null)
                     {
+                        TelemetryClient.IncrementConfigurationRefreshRequestCounter(
+                            validationParameters.ConfigurationManager.MetadataAddress,
+                            TelemetryConstants.Protocols.Lkg);
+
                         validationParameters.ConfigurationManager.RequestRefresh();
                         validationParameters.RefreshBeforeValidation = true;
                         var lastConfig = currentConfiguration;
diff --git a/test/Microsoft.IdentityModel.JsonWebTokens.Tests/JsonWebTokenHandlerTelemetryTests.cs b/test/Microsoft.IdentityModel.JsonWebTokens.Tests/JsonWebTokenHandlerTelemetryTests.cs
new file mode 100644
index 0000000000..e63b48e9fb
--- /dev/null
+++ b/test/Microsoft.IdentityModel.JsonWebTokens.Tests/JsonWebTokenHandlerTelemetryTests.cs
@@ -0,0 +1,69 @@
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License.
+
+using System;
+using System.Collections.Generic;
+using System.Threading.Tasks;
+using Microsoft.IdentityModel.Logging;
+using Microsoft.IdentityModel.Protocols;
+using Microsoft.IdentityModel.Protocols.OpenIdConnect;
+using Microsoft.IdentityModel.TestUtils;
+using Microsoft.IdentityModel.Tokens;
+using Microsoft.IdentityModel.Telemetry;
+using Microsoft.IdentityModel.Telemetry.Tests;
+using Microsoft.IdentityModel.Validators;
+using Xunit;
+
+namespace Microsoft.IdentityModel.JsonWebTokens.Tests
+{
+    public class JsonWebTokenHandlerTelemetryTests
+    {
+        [Fact]
+        public async Task ValidateJwsWithConfigAsync_ExpectedTagsExist()
+        {
+            var invalidIssuerConfig = new OpenIdConnectConfiguration()
+            {
+                TokenEndpoint = Default.Issuer + "oauth/token",
+                Issuer = Default.Issuer + "2"
+            };
+            invalidIssuerConfig.SigningKeys.Add(KeyingMaterial.DefaultX509Key_2048);
+
+            var validationParameters = new TokenValidationParameters
+            {
+                ConfigurationManager = new StaticConfigurationManager<OpenIdConnectConfiguration>(invalidIssuerConfig),
+                ValidateIssuerSigningKey = true,
+                RequireSignedTokens = true,
+                ValidateIssuer = true,
+                ValidateAudience = false,
+                ValidateLifetime = false
+            };
+
+            var testTelemetryClient = new MockTelemetryClient();
+            try
+            {
+                var handler = new JsonWebTokenHandler()
+                {
+                    _telemetryClient = testTelemetryClient
+                };
+                var jwt = handler.ReadJsonWebToken(Default.AsymmetricJws);
+                AadIssuerValidator.GetAadIssuerValidator(Default.AadV1Authority).ConfigurationManagerV1 = validationParameters.ConfigurationManager;
+                var validationResult = await handler.ValidateTokenAsync(jwt, validationParameters);
+                var rawTokenValidationResult = await handler.ValidateTokenAsync(Default.AsymmetricJws, validationParameters);
+            }
+            catch (Exception)
+            {
+                // ignore exceptions
+            }
+
+            var expectedCounterTagList = new Dictionary<string, object>
+            {
+                // metadata address is null because the configuration manager is made using an invalid config to trigger an exception
+                { TelemetryConstants.IdentityModelVersionTag, IdentityModelTelemetryUtil.ClientVer },
+                { TelemetryConstants.MetadataAddressTag, null },
+                { TelemetryConstants.OperationStatusTag, TelemetryConstants.Protocols.Lkg }
+            };
+
+            Assert.Equal(expectedCounterTagList, testTelemetryClient.ExportedItems);
+        }
+    }
+}
diff --git a/test/Microsoft.IdentityModel.Logging.Tests/Microsoft.IdentityModel.Logging.Tests.csproj b/test/Microsoft.IdentityModel.Logging.Tests/Microsoft.IdentityModel.Logging.Tests.csproj
index 0d29cd28cd..6ed8578f22 100644
--- a/test/Microsoft.IdentityModel.Logging.Tests/Microsoft.IdentityModel.Logging.Tests.csproj
+++ b/test/Microsoft.IdentityModel.Logging.Tests/Microsoft.IdentityModel.Logging.Tests.csproj
@@ -23,6 +23,8 @@
   </ItemGroup>
 
   <ItemGroup>
+    <PackageReference Include="OpenTelemetry.Exporter.Console" Version="$(OpenTelemetryVersion)"/>
+    <PackageReference Include="OpenTelemetry.Exporter.InMemory" Version="$(OpenTelemetryVersion)"/>
     <PackageReference Include="System.Net.Http" Version="$(SystemNetHttp)"/>
   </ItemGroup>
 
diff --git a/test/Microsoft.IdentityModel.Protocols.OpenIdConnect.Tests/ConfigurationManagerTelemetryTests.cs b/test/Microsoft.IdentityModel.Protocols.OpenIdConnect.Tests/ConfigurationManagerTelemetryTests.cs
new file mode 100644
index 0000000000..583781a2d8
--- /dev/null
+++ b/test/Microsoft.IdentityModel.Protocols.OpenIdConnect.Tests/ConfigurationManagerTelemetryTests.cs
@@ -0,0 +1,167 @@
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License.
+
+using System;
+using System.Collections.Generic;
+using System.IO;
+using System.Threading;
+using System.Threading.Tasks;
+using Microsoft.IdentityModel.Logging;
+using Microsoft.IdentityModel.Protocols.Configuration;
+using Microsoft.IdentityModel.Protocols.OpenIdConnect.Configuration;
+using Microsoft.IdentityModel.TestUtils;
+using Microsoft.IdentityModel.Telemetry;
+using Microsoft.IdentityModel.Telemetry.Tests;
+using Xunit;
+
+namespace Microsoft.IdentityModel.Protocols.OpenIdConnect.Tests
+{
+    public class ConfigurationManagerTelemetryTests
+    {
+        [Fact]
+        public async Task RequestRefresh_ExpectedTagsExist()
+        {
+            // arrange
+            var testTelemetryClient = new MockTelemetryClient();
+            var configurationManager = new ConfigurationManager<OpenIdConnectConfiguration>(
+                OpenIdConfigData.AccountsGoogle,
+                new OpenIdConnectConfigurationRetriever(),
+                new HttpDocumentRetriever(),
+                new OpenIdConnectConfigurationValidator())
+            {
+                TelemetryClient = testTelemetryClient
+            };
+            var cancel = new CancellationToken();
+
+            // act
+            // Retrieve the configuration for the first time
+            await configurationManager.GetConfigurationAsync(cancel);
+            testTelemetryClient.ClearExportedItems();
+
+            // Manually request a config refresh
+            configurationManager.RequestRefresh();
+            await configurationManager.GetConfigurationAsync(cancel);
+
+            // assert
+            var expectedCounterTagList = new Dictionary<string, object>
+            {
+                { TelemetryConstants.MetadataAddressTag, OpenIdConfigData.AccountsGoogle },
+                { TelemetryConstants.IdentityModelVersionTag, IdentityModelTelemetryUtil.ClientVer },
+                { TelemetryConstants.OperationStatusTag, TelemetryConstants.Protocols.Manual },
+            };
+
+            var expectedHistogramTagList = new Dictionary<string, object>
+            {
+                { TelemetryConstants.MetadataAddressTag, OpenIdConfigData.AccountsGoogle },
+                { TelemetryConstants.IdentityModelVersionTag, IdentityModelTelemetryUtil.ClientVer }
+            };
+
+            Assert.Equal(expectedCounterTagList, testTelemetryClient.ExportedItems);
+            Assert.Equal(expectedHistogramTagList, testTelemetryClient.ExportedHistogramItems);
+        }
+
+        [Theory, MemberData(nameof(GetConfiguration_ExpectedTagList_TheoryData), DisableDiscoveryEnumeration = true)]
+        public async Task GetConfigurationAsync_ExpectedTagsExist(ConfigurationManagerTelemetryTheoryData<OpenIdConnectConfiguration> theoryData)
+        {
+            var testTelemetryClient = new MockTelemetryClient();
+
+            var configurationManager = new ConfigurationManager<OpenIdConnectConfiguration>(
+                theoryData.MetadataAddress,
+                new OpenIdConnectConfigurationRetriever(),
+                theoryData.DocumentRetriever,
+                theoryData.ConfigurationValidator)
+            {
+                TelemetryClient = testTelemetryClient
+            };
+
+            try
+            {
+                await configurationManager.GetConfigurationAsync();
+                if (theoryData.SyncAfter != null)
+                {
+                    testTelemetryClient.ClearExportedItems();
+                    TestUtilities.SetField(configurationManager, "_syncAfter", theoryData.SyncAfter);
+                    await configurationManager.GetConfigurationAsync();
+                }
+
+            }
+            catch (Exception)
+            {
+                // Ignore exceptions
+            }
+
+            Assert.Equal(theoryData.ExpectedTagList, testTelemetryClient.ExportedItems);
+        }
+
+        public static TheoryData<ConfigurationManagerTelemetryTheoryData<OpenIdConnectConfiguration>> GetConfiguration_ExpectedTagList_TheoryData()
+        {
+            return new TheoryData<ConfigurationManagerTelemetryTheoryData<OpenIdConnectConfiguration>>
+            {
+                new ConfigurationManagerTelemetryTheoryData<OpenIdConnectConfiguration>("Success-retrieve from endpoint")
+                {
+                    MetadataAddress = OpenIdConfigData.AccountsGoogle,
+                    ConfigurationValidator = new OpenIdConnectConfigurationValidator(),
+                    ExpectedTagList = new Dictionary<string, object>
+                    {
+                        { TelemetryConstants.MetadataAddressTag, OpenIdConfigData.AccountsGoogle },
+                        { TelemetryConstants.IdentityModelVersionTag, IdentityModelTelemetryUtil.ClientVer },
+                        { TelemetryConstants.OperationStatusTag, TelemetryConstants.Protocols.FirstRefresh },
+                    }
+                },
+                new ConfigurationManagerTelemetryTheoryData<OpenIdConnectConfiguration>("Failure-invalid metadata address")
+                {
+                    MetadataAddress = OpenIdConfigData.HttpsBadUri,
+                    ConfigurationValidator = new OpenIdConnectConfigurationValidator(),
+                    ExpectedTagList = new Dictionary<string, object>
+                    {
+                        { TelemetryConstants.MetadataAddressTag, OpenIdConfigData.HttpsBadUri },
+                        { TelemetryConstants.IdentityModelVersionTag, IdentityModelTelemetryUtil.ClientVer },
+                        { TelemetryConstants.OperationStatusTag, TelemetryConstants.Protocols.FirstRefresh },
+                        { TelemetryConstants.ExceptionTypeTag, new IOException().GetType().ToString() },
+                    }
+                },
+                new ConfigurationManagerTelemetryTheoryData<OpenIdConnectConfiguration>("Failure-invalid config")
+                {
+                    MetadataAddress = OpenIdConfigData.JsonFile,
+                    DocumentRetriever = new FileDocumentRetriever(),
+                    // The config being loaded has two keys; require three to force invalidity
+                    ConfigurationValidator = new OpenIdConnectConfigurationValidator() { MinimumNumberOfKeys = 3 },
+                    ExpectedTagList = new Dictionary<string, object>
+                    {
+                        { TelemetryConstants.MetadataAddressTag, OpenIdConfigData.JsonFile },
+                        { TelemetryConstants.IdentityModelVersionTag, IdentityModelTelemetryUtil.ClientVer },
+                        { TelemetryConstants.OperationStatusTag, TelemetryConstants.Protocols.FirstRefresh },
+                        { TelemetryConstants.ExceptionTypeTag, new InvalidConfigurationException().GetType().ToString() },
+                    }
+                },
+                new ConfigurationManagerTelemetryTheoryData<OpenIdConnectConfiguration>("Success-refresh")
+                {
+                    MetadataAddress = OpenIdConfigData.AADCommonUrl,
+                    ConfigurationValidator = new OpenIdConnectConfigurationValidator(),
+                    SyncAfter = DateTime.UtcNow - TimeSpan.FromDays(2),
+                    ExpectedTagList = new Dictionary<string, object>
+                    {
+                        { TelemetryConstants.MetadataAddressTag, OpenIdConfigData.AADCommonUrl },
+                        { TelemetryConstants.IdentityModelVersionTag, IdentityModelTelemetryUtil.ClientVer },
+                        { TelemetryConstants.OperationStatusTag, TelemetryConstants.Protocols.Automatic },
+                    }
+                },
+            };
+        }
+    }
+
+    public class ConfigurationManagerTelemetryTheoryData<T> : TheoryDataBase where T : class
+    {
+        public ConfigurationManagerTelemetryTheoryData(string testId) : base(testId) { }
+
+        public string MetadataAddress { get; set; }
+
+        public IDocumentRetriever DocumentRetriever { get; set; } = new HttpDocumentRetriever();
+
+        public IConfigurationValidator<T> ConfigurationValidator { get; set; }
+
+        public DateTime? SyncAfter { get; set; } = null;
+
+        public Dictionary<string, object> ExpectedTagList { get; set; }
+    }
+}
diff --git a/test/Microsoft.IdentityModel.Protocols.OpenIdConnect.Tests/Microsoft.IdentityModel.Protocols.OpenIdConnect.Tests.csproj b/test/Microsoft.IdentityModel.Protocols.OpenIdConnect.Tests/Microsoft.IdentityModel.Protocols.OpenIdConnect.Tests.csproj
index 8d266dc7ce..aa78636b2d 100644
--- a/test/Microsoft.IdentityModel.Protocols.OpenIdConnect.Tests/Microsoft.IdentityModel.Protocols.OpenIdConnect.Tests.csproj
+++ b/test/Microsoft.IdentityModel.Protocols.OpenIdConnect.Tests/Microsoft.IdentityModel.Protocols.OpenIdConnect.Tests.csproj
@@ -25,6 +25,7 @@
 
   <ItemGroup>
     <ProjectReference Include="..\..\src\Microsoft.IdentityModel.Protocols.OpenIdConnect\Microsoft.IdentityModel.Protocols.OpenIdConnect.csproj" />
+    <ProjectReference Include="..\Microsoft.IdentityModel.Logging.Tests\Microsoft.IdentityModel.Logging.Tests.csproj" />
     <ProjectReference Include="..\Microsoft.IdentityModel.Protocols.Tests\Microsoft.IdentityModel.Protocols.Tests.csproj" />
     <ProjectReference Include="..\Microsoft.IdentityModel.TestUtils\Microsoft.IdentityModel.TestUtils.csproj" />
     <ProjectReference Include="..\Microsoft.IdentityModel.Tokens.Tests\Microsoft.IdentityModel.Tokens.Tests.csproj" />
diff --git a/test/Microsoft.IdentityModel.Tokens.Tests/Telemetry/MockTelemetryClient.cs b/test/Microsoft.IdentityModel.Tokens.Tests/Telemetry/MockTelemetryClient.cs
new file mode 100644
index 0000000000..ba76c4c0fe
--- /dev/null
+++ b/test/Microsoft.IdentityModel.Tokens.Tests/Telemetry/MockTelemetryClient.cs
@@ -0,0 +1,48 @@
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License.
+
+using System;
+using System.Collections.Generic;
+using Microsoft.IdentityModel.Logging;
+
+namespace Microsoft.IdentityModel.Telemetry.Tests
+{
+    public class MockTelemetryClient : ITelemetryClient
+    {
+        public Dictionary<string, object> ExportedItems = new Dictionary<string, object>();
+        public Dictionary<string, object> ExportedHistogramItems = new Dictionary<string, object>();
+
+        public void ClearExportedItems()
+        {
+            ExportedItems.Clear();
+        }
+
+        public void IncrementConfigurationRefreshRequestCounter(string metadataAddress, string operationStatus)
+        {
+            ExportedItems.Add(TelemetryConstants.IdentityModelVersionTag, IdentityModelTelemetryUtil.ClientVer);
+            ExportedItems.Add(TelemetryConstants.MetadataAddressTag, metadataAddress);
+            ExportedItems.Add(TelemetryConstants.OperationStatusTag, operationStatus);
+        }
+
+        public void IncrementConfigurationRefreshRequestCounter(string metadataAddress, string operationStatus, Exception exception)
+        {
+            ExportedItems.Add(TelemetryConstants.IdentityModelVersionTag, IdentityModelTelemetryUtil.ClientVer);
+            ExportedItems.Add(TelemetryConstants.MetadataAddressTag, metadataAddress);
+            ExportedItems.Add(TelemetryConstants.OperationStatusTag, operationStatus);
+            ExportedItems.Add(TelemetryConstants.ExceptionTypeTag, exception.GetType().ToString());
+        }
+
+        public void LogConfigurationRetrievalDuration(string metadataAddress, TimeSpan operationDuration)
+        {
+            ExportedHistogramItems.Add(TelemetryConstants.IdentityModelVersionTag, IdentityModelTelemetryUtil.ClientVer);
+            ExportedHistogramItems.Add(TelemetryConstants.MetadataAddressTag, metadataAddress);
+        }
+
+        public void LogConfigurationRetrievalDuration(string metadataAddress, TimeSpan operationDuration, Exception exception)
+        {
+            ExportedHistogramItems.Add(TelemetryConstants.IdentityModelVersionTag, IdentityModelTelemetryUtil.ClientVer);
+            ExportedHistogramItems.Add(TelemetryConstants.MetadataAddressTag, metadataAddress);
+            ExportedHistogramItems.Add(TelemetryConstants.ExceptionTypeTag, exception.GetType().ToString());
+        }
+    }
+}
diff --git a/test/System.IdentityModel.Tokens.Jwt.Tests/JwtSecurityTokenHandlerTelemetryTests.cs b/test/System.IdentityModel.Tokens.Jwt.Tests/JwtSecurityTokenHandlerTelemetryTests.cs
new file mode 100644
index 0000000000..ddef0bde36
--- /dev/null
+++ b/test/System.IdentityModel.Tokens.Jwt.Tests/JwtSecurityTokenHandlerTelemetryTests.cs
@@ -0,0 +1,65 @@
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License.
+
+using System.Collections.Generic;
+using Microsoft.IdentityModel.Logging;
+using Microsoft.IdentityModel.Protocols;
+using Microsoft.IdentityModel.Protocols.OpenIdConnect;
+using Microsoft.IdentityModel.TestUtils;
+using Microsoft.IdentityModel.Tokens;
+using Microsoft.IdentityModel.Telemetry;
+using Microsoft.IdentityModel.Telemetry.Tests;
+using Microsoft.IdentityModel.Validators;
+using Xunit;
+
+namespace System.IdentityModel.Tokens.Jwt.Tests
+{
+    public class JwtSecurityTokenHandlerTelemetryTests
+    {
+        [Fact]
+        public void ValidateToken_ExpectedTagsExist()
+        {
+            var invalidIssuerConfig = new OpenIdConnectConfiguration()
+            {
+                TokenEndpoint = Default.Issuer + "oauth/token",
+                Issuer = Default.Issuer + "2"
+            };
+            invalidIssuerConfig.SigningKeys.Add(KeyingMaterial.DefaultX509Key_2048);
+
+            var validationParameters = new TokenValidationParameters
+            {
+                ConfigurationManager = new StaticConfigurationManager<OpenIdConnectConfiguration>(invalidIssuerConfig),
+                ValidateIssuerSigningKey = true,
+                RequireSignedTokens = true,
+                ValidateIssuer = true,
+                ValidateAudience = false,
+                ValidateLifetime = false
+            };
+
+            var testTelemetryClient = new MockTelemetryClient();
+            try
+            {
+                AadIssuerValidator.GetAadIssuerValidator(Default.AadV1Authority).ConfigurationManagerV1 = validationParameters.ConfigurationManager;
+                var handler = new JwtSecurityTokenHandler()
+                {
+                    TelemetryClient = testTelemetryClient
+                };
+                handler.ValidateToken(Default.AsymmetricJws, validationParameters, out _);
+            }
+            catch (Exception)
+            {
+                // ignore exceptions
+            }
+
+            var expectedCounterTagList = new Dictionary<string, object>
+            {
+                // metadata address is null because the configuration manager is made using an invalid config to trigger an exception
+                { TelemetryConstants.IdentityModelVersionTag, IdentityModelTelemetryUtil.ClientVer },
+                { TelemetryConstants.MetadataAddressTag, null },
+                { TelemetryConstants.OperationStatusTag, TelemetryConstants.Protocols.Lkg },
+            };
+
+            Assert.Equal(expectedCounterTagList, testTelemetryClient.ExportedItems);
+        }
+    }
+}
diff --git a/test/System.IdentityModel.Tokens.Jwt.Tests/System.IdentityModel.Tokens.Jwt.Tests.csproj b/test/System.IdentityModel.Tokens.Jwt.Tests/System.IdentityModel.Tokens.Jwt.Tests.csproj
index e68913b3b0..55c2caee3c 100644
--- a/test/System.IdentityModel.Tokens.Jwt.Tests/System.IdentityModel.Tokens.Jwt.Tests.csproj
+++ b/test/System.IdentityModel.Tokens.Jwt.Tests/System.IdentityModel.Tokens.Jwt.Tests.csproj
@@ -13,8 +13,10 @@
   </PropertyGroup>
 
   <ItemGroup>
+    <ProjectReference Include="..\Microsoft.IdentityModel.Logging.Tests\Microsoft.IdentityModel.Logging.Tests.csproj" />
     <ProjectReference Include="..\Microsoft.IdentityModel.TestUtils\Microsoft.IdentityModel.TestUtils.csproj" />
     <ProjectReference Include="..\Microsoft.IdentityModel.Tokens.Tests\Microsoft.IdentityModel.Tokens.Tests.csproj" />
+    <ProjectReference Include="..\..\src\Microsoft.IdentityModel.Logging\Microsoft.IdentityModel.Logging.csproj" />
     <ProjectReference Include="..\..\src\Microsoft.IdentityModel.Tokens\Microsoft.IdentityModel.Tokens.csproj" />
     <ProjectReference Include="..\..\src\Microsoft.IdentityModel.Validators\Microsoft.IdentityModel.Validators.csproj" />
   </ItemGroup>