Basically, the assertion is following the documented format in Azure Single Sign On SAML Protocol - Microsoft identity platform | Microsoft Docs
Here’s an anonymized example.
<samlp:Response Destination="https://checkmk.mydomain.tld/mysite/mellon/postResponse"
ID="<ID>"
InResponseTo="<INRESPONSETO"
IssueInstant="2021-06-14T05:20:10.869Z" Version="2.0"
xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
<Issuer xmlns="urn:oasis:names:tc:SAML:2.0:assertion">https://sts.windows.net/<ENTERPRISEAPPID></Issuer>
<samlp:Status><samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/></samlp:Status>
<Assertion ID="_b6b54523-a4c8-4cfe-9e5f-3435984b4100" IssueInstant="2021-06-14T05:20:10.864Z"
Version="2.0" xmlns="urn:oasis:names:tc:SAML:2.0:assertion">
<Issuer>https://sts.windows.net/<ENTERPRISEAPPID>/</Issuer>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo><CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/><SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
<Reference URI="<REFERENCE>">
<Transforms><Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></Transforms><DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<DigestValue><DIGEST></DigestValue>
</Reference>
</SignedInfo>
<SignatureValue><SIGNATURE></SignatureValue>
<KeyInfo>
<X509Data>
<X509Certificate><CERT></X509Certificate>
</X509Data>
</KeyInfo>
</Signature>
<Subject>
<NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient">HJqcldT/m+MNF2R5EhQHJm9z72+zoINvM/wZanXHt/E=</NameID>
<SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><SubjectConfirmationData InResponseTo="_32A5C0AD5BA152A5508CA9866B541259"
NotOnOrAfter="2021-06-14T06:20:10.684Z"
Recipient="https://checkmk.mydomain.tld/mysite/mellon/postResponse"/></SubjectConfirmation>
</Subject>
<Conditions NotBefore="2021-06-14T05:15:10.684Z" NotOnOrAfter="2021-06-14T06:20:10.684Z">
<AudienceRestriction>
<Audience>https://checkmk.mydomain.tld/mysite/mellon/metadata</Audience>
</AudienceRestriction>
</Conditions>
<AttributeStatement>
<Attribute Name="http://schemas.microsoft.com/identity/claims/tenantid">
<AttributeValue><TENANTID></AttributeValue>
</Attribute>
<Attribute Name="http://schemas.microsoft.com/identity/claims/objectidentifier">
<AttributeValue><USER_GUID></AttributeValue>
</Attribute>
<Attribute Name="http://schemas.microsoft.com/identity/claims/displayname">
<AttributeValue><USER_LASTNAME, USER_FIRSTNAME></AttributeValue>
</Attribute>
<Attribute Name="http://schemas.microsoft.com/identity/claims/identityprovider">
<AttributeValue><IDP-URL></AttributeValue>
</Attribute>
<Attribute Name="http://schemas.microsoft.com/claims/authnmethodsreferences">
<AttributeValue>http://schemas.microsoft.com/ws/2008/06/identity/authenticationmethod/windows</AttributeValue>
</Attribute>
<Attribute Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname">
<AttributeValue><USER_FIRSTNAME></AttributeValue>
</Attribute>
<Attribute Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname">
<AttributeValue><USER_LASTNAME></AttributeValue>
</Attribute>
<Attribute Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress">
<AttributeValue>USER_mail</AttributeValue>
</Attribute>
<Attribute Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name">
<AttributeValue>USER_UserPrincipalname</AttributeValue>
</Attribute>
</AttributeStatement>
<AuthnStatement AuthnInstant="2021-06-14T05:20:10.347Z"
SessionIndex=<SESSIONID>>
<AuthnContext>
<AuthnContextClassRef>urn:federation:authentication:windows</AuthnContextClassRef>
</AuthnContext>
</AuthnStatement>
</Assertion>
</samlp:Response>