Skip to main content

App Registration Troubleshooting

Resolve Microsoft 365 connection and app registration issues

troubleshootingapp registrationMicrosoft 365Azure ADconnection

App Registration Troubleshooting

Resolve issues with Microsoft 365 app registration and connection problems.

Connection Test Failures

Authentication Failed

Error: "Authentication failed" or "Invalid client"

Causes:

  • Incorrect Client ID
  • Invalid or expired Client Secret
  • Wrong Tenant ID
  • App deleted in Azure

Solutions:

  1. Verify Client ID

    1. Open Azure Portal → App registrations
2. Find your Securtea app
3. Copy Application (client) ID
4. Compare with Securtea settings

  2. Regenerate Client Secret

    1. Azure Portal → App registrations → Your app
2. Certificates & secrets
3. New client secret
4. Copy value immediately
5. Update in Securtea

  3. Verify Tenant ID

    1. Azure Portal → Azure Active Directory
2. Overview → Tenant ID
3. Compare with Securtea settings

Permission Denied

Error: "Insufficient privileges" or "Access denied"

Causes:

  • Missing API permissions
  • Admin consent not granted
  • Conditional Access blocking

Solutions:

  1. Add Missing Permissions

    1. Azure Portal → App registrations → Your app
2. API permissions
3. Add a permission → Microsoft Graph
4. Add all required permissions

  2. Grant Admin Consent

    1. API permissions page
2. Click "Grant admin consent for [tenant]"
3. Confirm as Global Admin
4. Wait for green checkmarks

  3. Check Conditional Access

    1. Azure Portal → Security → Conditional Access
2. Review policies blocking service principals
3. Exclude Securtea app if needed

Connection Timeout

Error: "Connection timed out" or "Service unavailable"

Causes:

  • Network issues
  • Microsoft service outage
  • Firewall blocking

Solutions:

  1. Check Microsoft Status

  2. Verify Network Access

    • Ensure graph.microsoft.com is accessible
    • Check firewall/proxy rules
    • Verify DNS resolution

  3. Retry Later

    • Temporary Microsoft issues are common
    • Wait 15-30 minutes and retry

Permission Issues

Required Permissions

Verify all required permissions are granted:

PermissionTypePurpose
User.Read.AllApplicationRead user profiles
Directory.Read.AllApplicationRead directory data
SecurityEvents.Read.AllApplicationSecurity information
Policy.Read.AllApplicationRead policies
AuditLog.Read.AllApplicationRead audit logs

Missing Permission Symptoms

SymptomLikely Missing Permission
Can't see usersUser.Read.All
Can't see groupsDirectory.Read.All
No security dataSecurityEvents.Read.All
No policy infoPolicy.Read.All
No audit dataAuditLog.Read.All

Adding Permissions

To add missing permissions:

  1. Go to Azure PortalApp registrations
  2. Select your Securtea application
  3. Click API permissions
  4. Click Add a permission
  5. Select Microsoft Graph
  6. Choose Application permissions
  7. Search for and select required permissions
  8. Click Add permissions
  9. Click Grant admin consent

Secret Expiration

Identifying Expired Secret

Symptoms:

  • Connection was working, now fails
  • "Invalid client secret" error
  • Authentication errors in logs

Check Expiration:

  1. Azure Portal → App registrations
  2. Select your app
  3. Certificates & secrets
  4. Check expiration dates

Rotating Secrets

Best practice for secret rotation:

  1. Create new secret (don't delete old yet)
  2. Update Securtea with new secret
  3. Test connection in Securtea
  4. Delete old secret after verification

Preventing Expiration Issues

  1. Set calendar reminders before expiration
  2. Choose appropriate duration (6-24 months recommended)
  3. Monitor in Azure for expiration alerts
  4. Document rotation dates

Sync Issues

Data Not Updating

Symptoms:

  • Dashboard shows stale data
  • New users not appearing
  • Changes not reflected

Solutions:

  1. Force Refresh

    1. Settings → Integrations → Microsoft 365
2. Click "Refresh Data"
3. Wait for completion

  2. Check Sync Status

    • Review last sync time
    • Look for error messages
    • Check sync logs

  3. Verify Connection

    • Test connection first
    • Fix any connection issues
    • Then retry sync

Partial Data

Symptoms:

  • Some data appears, some missing
  • Certain resources not syncing

Causes:

  • Permission only partially granted
  • Some resources protected
  • Propagation delay

Solutions:

  1. Wait for Propagation

    • New permissions can take 1-24 hours
    • Consent changes need time

  2. Check Resource-Specific Permissions

    • Some resources need additional permissions
    • Review permission requirements

  3. Verify Resource Exists

    • Check if resource exists in M365
    • May have been deleted

Azure AD Error Codes

Common AADSTS Errors

CodeMeaningSolution
AADSTS700016App not found in tenantVerify Client ID and Tenant ID
AADSTS7000215Invalid client secretRegenerate secret
AADSTS65001User/admin hasn't consentedGrant admin consent
AADSTS50076MFA requiredConfigure CA exclusion
AADSTS50079User action requiredComplete registration
AADSTS70011Invalid scopeCheck permission names
AADSTS90002Invalid tenantVerify Tenant ID

Graph API Errors

CodeMeaningSolution
400Bad requestCheck request format
401UnauthorizedCheck authentication
403ForbiddenGrant permissions
404Not foundVerify resource exists
429Rate limitedReduce request frequency
503Service unavailableRetry later

Verification Steps

Complete Connection Test

  1. Test Authentication

    Settings → Integrations → Test Connection

  2. Test Data Access

    • Run a quick assessment
    • Verify data appears

  3. Review Azure Logs

    • Azure AD → Sign-in logs
    • Filter by application
    • Check for errors

Azure Portal Verification

Verify in Azure Portal:

  1. App exists in App registrations
  2. Permissions granted with green checkmarks
  3. Secret is valid (not expired)
  4. Redirect URIs are correct
  5. App enabled (not disabled)

Best Practices

Security

  • Use minimum required permissions
  • Rotate secrets regularly
  • Monitor sign-in logs
  • Document configuration

Monitoring

  • Set up expiration alerts
  • Review connection status weekly
  • Monitor sync success rates
  • Check for permission changes

Documentation

Keep records of:

  • App registration details
  • Permissions granted
  • Secret rotation dates
  • Admin consent dates

What's Next?

Global Search

Search for pages, settings, and documentation