The error I have is not listed
Please open a Huntress support ticket. The team will be able to assist you faster with the inclusion of Sign-in Logs for the impacted tenant, filtered to the authenticated identity.
AADSTS50076
Moved to a dedicated page.
AADSTS530004
AcceptCompliantDevice setting isn't configured for this organization.
Why? Non-Windows devices, e.g., the Huntress Service, are blocked from completing MFA.
Fix! Add a Conditional Access Policy account exclusion, non-compliant, non-managed for the Huntress Service Account
AADSTS65001
Moved to a dedicated page.
AADSTS50173
AADSTS50173 FreshTokenNeeded - The provided grant has expired due to it being revoked, and a fresh auth token is needed. Either an admin or a user revoked the tokens for this user, causing subsequent token refreshes to fail and require reauthentication. Have the user sign in again.
Why? Authorizing user's password has been reset
Fix!
- Delete and re-auth the integration
AADSTS50020
Moved to dedicated page
AADSTS50173
AADSTS50173: The provided grant has expired due to it being revoked, a fresh auth token is needed. The user might have changed or reset their password. The grant was issued on '2023-04-21T16:33:44.5302208Z' and the TokensValidFrom date (before which tokens are not valid) for this user is '2023-05-06T19:51:27.0000000Z'.
Why? Authorizing user has reset their password, which has invalidated the Huntress Microsoft 365 integration
Fix! Use a dedicated service account without password rotation requirements or reset the Huntress Microsoft 365 integration at each password reset
AADSTS500212
NotAllowedByOutboundPolicyTenant - The user's administrator has set an outbound access policy that doesn't allow access to the resource tenant.
Why? WIP
Fix! Unblock per https://learn.microsoft.com/en-us/azure/active-directory/external-identities/cross-tenant-access-settings-b2b-collaboration#before-you-begin
AADSTS50079
UserStrongAuthEnrollmentRequired - Due to a configuration change made by the admin such as a Conditional Access policy, per-user enforcement, or because the user moved to a new location, the user is required to use multi-factor authentication. Either a managed user needs to register security info to complete multi-factor authentication, or a federated user needs to get the multi-factor claim from the federated identity provider.
Why? User is not enrolled in MFA
Fix!
- Enroll Huntress Service Account in MFA
AADSTS530032
BlockedByConditionalAccessOnSecurityPolicy - The tenant admin has configured a security policy that blocks this request. Check the security policies that are defined on the tenant level to determine if your request meets the policy requirements.
Why? Identity protection is blocking the dedicated Huntress service account.
Fix!
Comments
0 comments
Please sign in to leave a comment.