Error AtlasError Documentation and ResolutionMicrosoft 365 documented errors
Browse documented Microsoft 365 errors grouped by service, including Intune, Entra, Exchange, and broader admin or portal troubleshooting paths.
Tool
Entra
AADSTS90071Azure AD sign-in failed with AADSTS90071: inbound MFA not acceptedauthentication: The resource tenant's Microsoft Entra ID (Azure AD) is configured to require MFA, but it does not trust the MFA already completed by the user in their home (external) tenant. Because the resource tenant won't accept the inbound MFA claim, authentication cannot proceed. This error surfaces most commonly during B2B direct connect scenarios — for example, when an external user tries to access a Teams shared channel hosted by another organisation — but can also appear in B2B collaboration and Conditional Access flows where the resource tenant's trust settings for inbound MFA have not been enabled.
AADSTS700016Microsoft Entra application identifier was not foundauthentication: Microsoft Entra couldn't find the application identifier in the tenant, usually because the client ID is wrong, the app isn't installed in the tenant, or the request targeted the wrong tenant.
AADSTS70001Microsoft Entra application is disabledauthentication: Microsoft Entra rejected the request because the application is disabled and cannot complete authentication.
AADSTS70003Microsoft Entra application used an unsupported grant typeauthentication: Microsoft Entra rejected the token request because the app used a grant type that is not supported by the endpoint or app configuration.
AADSTS70007Microsoft Entra application used an unsupported response modeauthentication: Microsoft Entra rejected the request because the response_mode parameter is not supported for the requested authorization flow.
AADSTS70005Microsoft Entra application used an unsupported response typeauthentication: Microsoft Entra rejected the authorization request because the app asked for a response type that isn't enabled or supported for the app configuration.
AADSTS7000215Microsoft Entra client secret is invalidauthentication: Microsoft Entra rejected the confidential client authentication because the provided client secret is wrong, expired, or the secret value was confused with the secret ID.
AADSTS70019Microsoft Entra device code expired before authorization completedauthentication: Microsoft Entra rejected the device code flow because the verification code expired before the user finished authorization.
AADSTS70016Microsoft Entra device code flow is still waiting for user authorizationauthentication: Microsoft Entra returned AuthorizationPending because the device code flow has not yet been approved by the user in the browser.
AADSTS70018Microsoft Entra device code verification code is invalidauthentication: Microsoft Entra rejected the device code flow because the user entered the wrong verification code during device authorization.
AADSTS70002Microsoft Entra failed to validate client credentialsauthentication: Microsoft Entra could not validate the client credentials, usually because the secret, certificate, or client configuration is incorrect.
AADSTS700054Microsoft Entra ID token implicit grant is not enabledauthentication: Microsoft Entra rejected the request for an ID token because the application registration does not have the ID token implicit or hybrid flow enabled.
AADSTS70011Microsoft Entra invalid scope requestedauthentication: Microsoft Entra rejected the request because the application asked for an invalid, misspelled, or unsupported OAuth scope.
AADSTS50055Microsoft Entra password expiredauthentication: Microsoft Entra ended the sign-in because the user's password is expired and must be reset before the session can continue.
AADSTS50011Microsoft Entra redirect URI mismatchauthentication: Microsoft Entra rejected the sign-in request because the reply URL or redirect URI in the request is missing, misconfigured, or does not match the app registration.
AADSTS700082Microsoft Entra refresh token expired due to inactivityauthentication: Microsoft Entra refused the refresh token because it expired after a period of inactivity and the application must prompt for a new sign-in.
AADSTS70008Microsoft Entra refresh token expired or was revokedauthentication: Microsoft Entra rejected the token refresh because the refresh token is expired, revoked, or otherwise no longer valid for reuse.
AADSTS65001Microsoft Entra requires user or admin consentauthentication: Microsoft Entra rejected the request because consent is missing for the application or requested permissions in the current tenant.
AADSTS70004Microsoft Entra returned an invalid redirect URI errorauthentication: Microsoft Entra rejected the request because the redirect URI is invalid or does not match the registered authentication settings for the application.
AADSTS50053Microsoft Entra sign-in blocked due to account lock or malicious IPauthentication: Microsoft Entra blocked the sign-in because the account is locked after repeated bad attempts or because the sign-in was blocked due to risky or malicious IP activity.
AADSTS50079Microsoft Entra sign-in failed because MFA enrollment is requiredauthentication: Microsoft Entra ID is blocking sign-in because the user has not yet registered a multi-factor authentication method, but MFA is now required by policy. Unlike AADSTS50076 (which fires when MFA is required but not performed), this error fires specifically when the user has no MFA method registered at all. The user must complete the MFA registration process before they can access the resource.
AADSTS50076Microsoft Entra sign-in failed because MFA is requiredauthentication: Microsoft Entra ID interrupted the sign-in because the current authentication attempt does not satisfy a multi-factor authentication requirement. This is usually enforced by a Conditional Access policy, per-user MFA enforcement, or Security Defaults. The request must be retried interactively so the user can complete the MFA challenge.
AADSTS50034Microsoft Entra sign-in failed because the user account does not exist in the directoryauthentication: Microsoft Entra ID could not find the user account in the target tenant directory. The sign-in attempt referenced a username or UPN that has no matching object in the tenant, either because the account does not exist there, the wrong tenant is being targeted, or the account has been deleted or disabled.
AADSTS50057Microsoft Entra sign-in failed because the user account is disabledauthentication: Microsoft Entra ID rejected the sign-in because the user object in the resource tenant has been disabled. A disabled account cannot authenticate regardless of correct credentials or MFA. The account must be re-enabled by an administrator before the user can sign in.
AADSTS50105Microsoft Entra sign-in failed because the user is not assigned to the applicationauthentication: The enterprise application in Microsoft Entra ID has user assignment required enabled, meaning only explicitly assigned users or groups can sign in. The user attempting to sign in has not been assigned access, so Entra ID blocks the authentication even though their credentials are valid.
Tool
Intune
Can't connect to the serverCompany Portal can't connect to the servergeneral: The Intune Company Portal app could not contact the service, usually because of network connectivity, service availability, or account-specific sign-in issues.
APP_CI_ENFORCEMENT_ERROR_RETRIEVING_CONTENTIntune could not retrieve app contentinstallation: Intune could not download or retrieve the required app content during enforcement, preventing the app from being installed successfully on the device.
APP_CI_ENFORCEMENT_ERROR_INSTALLING_PACKAGEIntune failed while installing the packageinstallation: Intune downloaded the app content but failed during package installation on the device, often because the installer itself returned an error.