diff --git a/src/azure-cli-core/azure/cli/core/_msal.py b/src/azure-cli-core/azure/cli/core/_msal.py
deleted file mode 100644
index 6c9960a68db..00000000000
--- a/src/azure-cli-core/azure/cli/core/_msal.py
+++ /dev/null
@@ -1,34 +0,0 @@
-# --------------------------------------------------------------------------------------------
-# Copyright (c) Microsoft Corporation. All rights reserved.
-# Licensed under the MIT License. See License.txt in the project root for license information.
-# --------------------------------------------------------------------------------------------
-from knack.util import CLIError
-from msal import ClientApplication
-
-
-class AdalRefreshTokenBasedClientApplication(ClientApplication):
-    """
-    This is added only for vmssh feature.
-    It is a temporary solution and will deprecate after MSAL adopted completely.
-    """
-    def _acquire_token_silent_by_finding_rt_belongs_to_me_or_my_family(
-            self, authority, scopes, account, **kwargs):
-        # pylint: disable=line-too-long
-        return self._acquire_token_silent_by_finding_specific_refresh_token(
-            authority, scopes, None, **kwargs)
-
-    def _acquire_token_silent_by_finding_specific_refresh_token(
-            self, authority, scopes, query,
-            rt_remover=None, break_condition=lambda response: False, **kwargs):
-        refresh_token = kwargs.get('refresh_token', None)
-        client = self._build_client(self.client_credential, authority)
-        if 'refresh_token' in kwargs:
-            kwargs.pop('refresh_token')
-        if 'force_refresh' in kwargs:
-            kwargs.pop('force_refresh')
-        if 'correlation_id' in kwargs:
-            kwargs.pop('correlation_id')
-        response = client.obtain_token_by_refresh_token(refresh_token, scope=scopes, **kwargs)
-        if "error" in response:
-            raise CLIError("Get token failed. {error}: {error_description}".format(**response))
-        return response
diff --git a/src/azure-cli-core/azure/cli/core/_profile.py b/src/azure-cli-core/azure/cli/core/_profile.py
index 9a11f577ab8..7a060f7667a 100644
--- a/src/azure-cli-core/azure/cli/core/_profile.py
+++ b/src/azure-cli-core/azure/cli/core/_profile.py
@@ -622,12 +622,16 @@ def get_msal_token(self, scopes, data):
         This is added only for vmssh feature.
         It is a temporary solution and will deprecate after MSAL adopted completely.
         """
+        from msal import ClientApplication
+        import posixpath
         account = self.get_subscription()
         username = account[_USER_ENTITY][_USER_NAME]
         tenant = account[_TENANT_ID] or 'common'
         _, refresh_token, _, _ = self.get_refresh_token()
-        certificate = self._creds_cache.retrieve_msal_token(tenant, scopes, data, refresh_token)
-        return username, certificate
+        authority = posixpath.join(self.cli_ctx.cloud.endpoints.active_directory, tenant)
+        app = ClientApplication(_CLIENT_ID, authority=authority)
+        result = app.acquire_token_by_refresh_token(refresh_token, scopes, data=data)
+        return username, result["access_token"]
 
     def get_refresh_token(self, resource=None,
                           subscription=None):
@@ -1071,19 +1075,6 @@ def retrieve_token_for_user(self, username, tenant, resource):
             self.persist_cached_creds()
         return (token_entry[_TOKEN_ENTRY_TOKEN_TYPE], token_entry[_ACCESS_TOKEN], token_entry)
 
-    def retrieve_msal_token(self, tenant, scopes, data, refresh_token):
-        """
-        This is added only for vmssh feature.
-        It is a temporary solution and will deprecate after MSAL adopted completely.
-        """
-        from azure.cli.core._msal import AdalRefreshTokenBasedClientApplication
-        tenant = tenant or 'organizations'
-        authority = self._ctx.cloud.endpoints.active_directory + '/' + tenant
-        app = AdalRefreshTokenBasedClientApplication(_CLIENT_ID, authority=authority)
-        result = app.acquire_token_silent(scopes, None, data=data, refresh_token=refresh_token)
-
-        return result["access_token"]
-
     def retrieve_token_for_service_principal(self, sp_id, resource, tenant, use_cert_sn_issuer=False):
         self.load_adal_token_cache()
         matched = [x for x in self._service_principal_creds if sp_id == x[_SERVICE_PRINCIPAL_ID]]
diff --git a/src/azure-cli-core/azure/cli/core/tests/test_profile.py b/src/azure-cli-core/azure/cli/core/tests/test_profile.py
index f879fafd3fa..71605d36321 100644
--- a/src/azure-cli-core/azure/cli/core/tests/test_profile.py
+++ b/src/azure-cli-core/azure/cli/core/tests/test_profile.py
@@ -1939,7 +1939,7 @@ def test_find_using_specific_tenant(self, _get_authorization_code_mock, mock_aut
         self.assertEqual(all_subscriptions[0].home_tenant_id, home_tenant)
 
     @mock.patch('azure.cli.core._profile.CredsCache.retrieve_token_for_user', autospec=True)
-    @mock.patch('azure.cli.core._msal.AdalRefreshTokenBasedClientApplication._acquire_token_silent_by_finding_specific_refresh_token', autospec=True)
+    @mock.patch('msal.ClientApplication.acquire_token_by_refresh_token', autospec=True)
     def test_get_msal_token(self, mock_acquire_token, mock_retrieve_token_for_user):
         """
         This is added only for vmssh feature.
diff --git a/src/azure-cli-core/setup.py b/src/azure-cli-core/setup.py
index f7a74e6994b..96474f98672 100644
--- a/src/azure-cli-core/setup.py
+++ b/src/azure-cli-core/setup.py
@@ -51,8 +51,7 @@
     'humanfriendly>=4.7,<10.0',
     'jmespath',
     'knack==0.8.0rc2',
-    'msal~=1.0.0',
-    'msal-extensions~=0.1.3',
+    'msal~=1.9',
     'msrestazure>=0.6.3',
     'paramiko>=2.0.8,<3.0.0',
     'PyJWT==1.7.1',
diff --git a/src/azure-cli-telemetry/setup.py b/src/azure-cli-telemetry/setup.py
index 8466c5ab0a5..f8d67387957 100755
--- a/src/azure-cli-telemetry/setup.py
+++ b/src/azure-cli-telemetry/setup.py
@@ -40,7 +40,7 @@
     classifiers=CLASSIFIERS,
     install_requires=[
         'applicationinsights>=0.11.1,<0.12',
-        'portalocker~=1.2',
+        'portalocker~=1.6',
     ],
     packages=[
         'azure.cli.telemetry',
diff --git a/src/azure-cli/requirements.py3.Darwin.txt b/src/azure-cli/requirements.py3.Darwin.txt
index adef12752cf..41c1a610d21 100644
--- a/src/azure-cli/requirements.py3.Darwin.txt
+++ b/src/azure-cli/requirements.py3.Darwin.txt
@@ -106,12 +106,13 @@ jsmin==2.2.2
 knack==0.8.0rc2
 MarkupSafe==1.1.1
 mock==4.0.2
+msal==1.9.0
 msrest==0.6.21
 msrestazure==0.6.3
 oauthlib==3.0.1
 paramiko==2.6.0
 pbr==5.3.1
-portalocker==1.4.0
+portalocker==1.7.1
 psutil==5.7.2
 pycparser==2.19
 PyJWT==1.7.1
diff --git a/src/azure-cli/requirements.py3.Linux.txt b/src/azure-cli/requirements.py3.Linux.txt
index adef12752cf..41c1a610d21 100644
--- a/src/azure-cli/requirements.py3.Linux.txt
+++ b/src/azure-cli/requirements.py3.Linux.txt
@@ -106,12 +106,13 @@ jsmin==2.2.2
 knack==0.8.0rc2
 MarkupSafe==1.1.1
 mock==4.0.2
+msal==1.9.0
 msrest==0.6.21
 msrestazure==0.6.3
 oauthlib==3.0.1
 paramiko==2.6.0
 pbr==5.3.1
-portalocker==1.4.0
+portalocker==1.7.1
 psutil==5.7.2
 pycparser==2.19
 PyJWT==1.7.1
diff --git a/src/azure-cli/requirements.py3.windows.txt b/src/azure-cli/requirements.py3.windows.txt
index 9ff73bae202..fe56eb996fa 100644
--- a/src/azure-cli/requirements.py3.windows.txt
+++ b/src/azure-cli/requirements.py3.windows.txt
@@ -105,12 +105,13 @@ jsmin==2.2.2
 knack==0.8.0rc2
 MarkupSafe==1.1.1
 mock==4.0.2
+msal==1.9.0
 msrest==0.6.21
 msrestazure==0.6.3
 oauthlib==3.0.1
 paramiko==2.6.0
 pbr==5.3.1
-portalocker==1.2.1
+portalocker==1.7.1
 psutil==5.7.2
 pycparser==2.19
 PyJWT==1.7.1