Microsoft Entra ID (Azure AD) Sign-in Errors
The AADSTS error codes that block sign-in and app auth across Microsoft Entra ID (Azure AD), Teams, and Azure apps — conditional-access blocks, missing admin consent, expired client secrets, redirect-URI mismatches. Each guide decodes the exact AADSTS number and the admin fix. Find your code below, or describe the failure to the assistant.
Fix your error now
Paste the error or logs and let the Incident Assistant diagnose it, or run a guided triage prompt with AI — no copy-paste.
Every guide in this cluster
10 guides-
'AADSTS50105' Conditional Access Blocked / User Not Assigned to Application
Fix AADSTS50105 and Conditional Access block errors in Teams and Graph API: diagnose app assignment, CA policy scope, compliant device, and MFA requirements.
-
'AADSTS65001: The user or administrator has not consented to use the application' — Cause, Fix, and Troubleshooting Guide
Fix Entra ID AADSTS65001: no consent to use the application. Grant admin consent for the app's permissions or complete the user consent flow.
-
'AADSTS7000215: Invalid client secret provided' — Fix Expired Entra Credentials
Fix AADSTS7000215 on Teams Graph integrations: an expired, wrong, or malformed Entra app client secret. Rotate with overlapping credentials, verify the token, and prevent recurrence.
-
'AADSTS90002: Tenant not found' — Cause, Fix, and Troubleshooting Guide
Fix Entra ID AADSTS90002: tenant not found. Verify the tenant id/domain in your authority URL and check the sovereign cloud endpoint.
-
'AADSTS50105' User Not Assigned to a Role for the Application
Fix the AADSTS50105 user-not-assigned-to-role Entra ID error: app role assignment, assignment-required enterprise apps, and group-based access.
-
'AADSTS700016' App Not Found & 'AADSTS50076' MFA Required
Fix Entra ID AADSTS700016 (application not found in directory) and AADSTS50076 (MFA required): diagnose wrong tenant, missing service principal, bad client ID, and conditional access.
-
'AADSTS7000215' Invalid Client Secret Provided
Fix the AADSTS7000215 invalid client secret error in Entra ID, covering expired secrets, secret ID vs value, wrong tenant, and encoding issues.
-
'AADSTS7000222: The provided client secret keys are expired' — Cause, Fix, and Troubleshooting Guide
Fix Entra ID AADSTS7000222: the client secret keys are expired. Rotate the app registration secret, update Key Vault, or switch to federation.
-
Least-Privilege Entra ID and Azure RBAC With AI as Your Reviewer
Owner on a subscription is a liability, not a convenience. Here's how AI helps you draft scoped Azure RBAC, decode role definitions, and find the over-privileged principals you forgot about.
-
'AADSTS65001: The user or administrator has not consented' — Grant Admin Consent
Fix AADSTS65001 in Microsoft Teams apps: grant admin consent for Graph scopes, pre-authorize the Teams client on your API, and repair SSO on-behalf-of tokens.
Azure with AI AI prompts
Copy-paste, production-safe prompts for this stack.
More Azure with AI guides
Every Azure with AI prompt and troubleshooting guide.