TEAM: Huntress Managed Identity Threat Detection and Response (ITDR, formerly MDR for Microsoft 365)
ENVIRONMENT: Microsoft Azure Portal
SUMMARY: Error AADSTS65001 often indicates that the user or administrator has not consented to use the application. See below for additional details on correcting this error.
1. Sign in to your Azure Portal.
2. Locate your Huntress Admin Account.
- Navigate to the "Groups" section.
- Then hit the “+ Add memberships” at the top.
- Select "AdminAgents" from the options.
- Click on "Select. At the bottom
- If done correctly, you should see a banner at the top right that says "Successfully Added Group Membership."
- After you have finished this, please head back to your Huntress Dashboard and head to your integrations tab.
- Find the Microsoft 365 tab and click the pencil icon to edit your mappings.
- Choose any mapping you like and click the x to unmap it.
- Important to be on the safe side; leave it unmapped for 6 or 7 minutes, it will NOT work if it is unmapped for less than 5 minutes
- After you have allowed at least 5 minutes to pass please remap that tenant.
- If you take a look at any of your mapped tenants and click the "view all users" button you should see user data now being populated. If you see this, then you have successfully corrected the issue!
- If you see Users and/or data ingesting, please IGNORE the red banners. As of 7/28 we are working on a fix to clear those that should be rolled out in the near future.
- If you do not see any users wait about an hour and check back in. If after an hour there are still no users, please open a ticket with support.
- Check back in a few hours, and you should see data starting to be ingested. If you do not see any data being ingested after 24 hours, please open a ticket with support.
If you are still not getting users or data and the AADSTS65001 Error after completing the above steps and waiting 24 hours then please try the fix listed in this guide: Fixing AADSTS50076.