Problem: This blog provides more information about the error “AADSTS900439 – USGClientNotSupportedOnPublicEndpoint”. This error typically occurs when a user uses a public cloud endpoint to sign in to an application registered in Azure Government sovereign cloud. It is known fact that the official Azure Active Directory (AAD) Authority for Azure Government changed from `https://login-us.microsoftonline.com` to `https://login.microsoftonline.us`. This change also applied to Microsoft 365 GCC High and DoD, which Azure Government…
Read MoreControl access to your apps in Azure AD
We get this kind of question all the time. It comes in many variations and forms like… “I only want to consent for some users to access the app.” “I only want my service account to access this app” Before we get started… First and foremost, only consenting for allowed users is not the solution. This is not the purpose for consent. Consent is to inform a user or admin…
Read MoreImplement Client Credentials flow for Graph Java Client
In my previous article , I showed you how to modify our great Graph Client for Java sample to add some additional options for things like filtering, setting the max retries for 429 errors, etc. That sample uses the Oauth2 Device Code flow. In this article, I will show you how to convert that and use the Client Credentials Flow. Although, you will not be able to retrieve the same…
Read Morereceiving error AADSTS50105: The signed in user ‘{EmailHidden}’ is not assigned to a role for the application
Problem: A tenant admin may receive the error “AADSTS50105: The signed in user ‘{EmailHidden}’ is not assigned to a role for the application…” when clicking on the “Grant Admin Consent” button in Azure AD’s App Registration portal as shown in the screen shot below: Why is this happening? This error typically happens when the Enterprise Application portion (or Service Principal) of the registered application has the setting ‘User Assignment Required’…
Read MoreAADSTS650056: Misconfigured application. This could be due to one of the following: The client has not listed any permissions for ‘AAD Graph’ in the requested permissions in the client’s application registration.
Let’s get started… You are getting the following similar message… AADSTS650056: Misconfigured application. This could be due to one of the following: The client has not listed any permissions for ‘AAD Graph’ in the requested permissions in the client’s application registration. Or, The admin has not consented in the tenant. Or, Check the application identifier in the request to ensure it matches the configured client application identifier. Please contact your…
Read MoreCommon Microsoft First Party Apps resource table
The information below is taken from the manifest file in the App Registration portal Azure Resource Resource URL Resource App ID Azure AD Graph https://graph.windows.net/ 00000002-0000-0000-c000-000000000000 Microsoft Graph https://graph.microsoft.com/ 00000003-0000-0000-c000-000000000000 Azure Key Vault https://vault.azure.net cfa8b339-82a2-471a-a3c9-0fc0be7a4093 Azure Service Management https://management.azure.com/ 797f4846-ba00-4fd7-ba43-dac1f8f63013 Power BI Service https://analysis.windows.net/powerbi/api/ 00000009-0000-0000-c000-000000000000 Azure Storage https://storage.azure.com/ e406a681-f3d4-42a8-90b6-c2b029497af1 Azure DevOps https://app.vssps.visualstudio.com/ 499b84ac-1321-427f-aa17-267ca6975798 Office 365 Management API https://manage.office.com/ c5393580-f805-4401-95e8-94b7a6ef2fc2 Intune https://api.manage.microsoft.com/ c161e42e-d4df-4a3d-9b42-e7a3c31f59d4 SharePoint https://microsoft.sharepoint-df.com/ 00000003-0000-0ff1-ce00-000000000000 Exchange https://outlook.office365.com/ 00000002-0000-0ff1-ce00-000000000000 Azure SQL…
Read MoreHow to Update an Application Logo in Azure using AAD Graph
Introduction For branding purposes, you can customize the logo for your app registration. Normally, this is done manually through the portal: However, if you have a scenario where you have many tenants to update, this can be a very tedious process and so automation can come in handy. The purpose of this blog post is to show you how this can be updated via code. Since the endpoint requires a…
Read MoreAADSTS50011: The reply url specified in the request does not match the reply urls configured for the application
Last Updated: August 23 2019 Let’s get started… When your developing or integrating an application with Azure AD, you might see the following similar error… AADSTS50011: The reply url specified in the request does not match the reply urls configured for the application: ‘XXX’. This is because the redirect_uri (when using OpenID Connect) or AssertionConsumerServiceUrl (when using SAML2) being passed to Azure Active Directory to sign-in, does not exist in…
Read MoreHow to Use the .Net Microsoft Graph SDK to Get Users and Get Next Page of Results
Introduction This post will explain how to use the .Net Microsoft Graph SDK in order to get users. This article is assuming that you have already gotten an Access Token using ADAL .NET. In order to learn more on how to get the Adal .NET token, please reference : How to Use the ADAL .NET library to Acquire a Token Interactively in a Console Application (Authorization Code Flow) Link Warning…
Read MoreHow to Use the ADAL .NET library to Call the Microsoft Graph API in a Console Application (Using Authorization Code Flow)
Introduction This post is to show how to use the ADAL .NET library to acquire a token interactively in a console application. It will go through setting up an Azure Active Directory Application, setting up the .net console application, acquiring an access token, and then make a HTTP request using the token acquired from the ADAL .net library to get 5 users using the Microsoft Graph API. Setting up your…
Read More