diff --git a/Actions/Github-Helper.psm1 b/Actions/Github-Helper.psm1
index d56415cff..27766856c 100644
--- a/Actions/Github-Helper.psm1
+++ b/Actions/Github-Helper.psm1
@@ -1402,7 +1402,7 @@ function GenerateJwtForTokenRequest {
     }))).TrimEnd('=').Replace('+', '-').Replace('/', '_');
 
     $payload = [Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes((ConvertTo-Json -InputObject @{
-        iat = [System.DateTimeOffset]::UtcNow.AddSeconds(-10).ToUnixTimeSeconds()
+        iat = [System.DateTimeOffset]::UtcNow.AddSeconds(-60).ToUnixTimeSeconds()
         exp = [System.DateTimeOffset]::UtcNow.AddMinutes(10).ToUnixTimeSeconds()
         iss = $gitHubAppClientId
     }))).TrimEnd('=').Replace('+', '-').Replace('/', '_');
diff --git a/RELEASENOTES.md b/RELEASENOTES.md
index fab166038..79d28aaca 100644
--- a/RELEASENOTES.md
+++ b/RELEASENOTES.md
@@ -59,6 +59,7 @@ The `DownloadProjectDependencies` action now downloads only artifacts from depen
 - Issue 2214 - Workspace compilation not working with external dependencies
 - Issue 2235 - Workspace compilation: only the first `customCodeCops` entry resolved when multiple relative paths were configured. Relative `customCodeCops` paths are now resolved against the project folder before being passed to the compiler.
 - Issue 2265 - Creating a Performance Test App fails on Linux due to case-sensitive path lookup for the Performance Toolkit sample app
+- Issue 2284 - GitHub App authentication fails with `401 (Unauthorized)` on runners with minor clock drift. The JWT `iat` claim is now backdated by 60 seconds instead of 10, as recommended by GitHub, to tolerate runners whose clock runs slightly ahead of GitHub.
 
 ## v9.0