Team: Managed Identity Threat Detection and Response (ITDR)
Product: Huntress Managed Identity Threat Detection and Response (ITDR)
Environment: Microsoft 365 (Entra admin center)
Summary: This article helps you resolve the AADSTS650051 error when mapping a Microsoft 365 tenant to Huntress Managed ITDR or Managed Defender for Endpoint integrations.
In this Article
Error Meaning
When you see the following error during Huntress Managed ITDR or Managed Defender for Endpoint tenant mapping:
AADSTS650051: Consent action for Application '<Application_ID>' failed due to following error: The <Application_ID> service principal name is already present for the tenant <Tenant_ID>.
This error means Microsoft Entra ID believes a service principal (Enterprise Application) for the Huntress app already exists in the tenant often from a prior or partially completed consent attempt. In most cases you should work with that existing Enterprise Application (for example, verifying it in Entra and manually granting admin consent if available) and then rerun the Huntress mapping, rather than immediately deleting it and trying to create a new one.
Troubleshooting Steps
Retry the mapping flow from an Incognito or Private browser session to rule out cached tenant sessions:
- Go to office.com and sign out of all Microsoft 365 accounts.
- Close all browser windows.
- Open a new Incognito/Private window (no extensions, no other profiles).
- Sign in to the Huntress platform and retry the Microsoft 365 mapping flow.
If you still see the AADSTS650051 error, use the steps below in order. After each step, retry the Huntress Microsoft 365 mapping flow.
Manually complete consent on the existing Enterprise Application
If the app object already exists, finish admin consent on that same object.
- Start the Huntress Microsoft 365 integration flow until you see the AADSTS650051 error.
- In the Entra admin center, open Enterprise applications.
- Open Huntress Security Platform (Direct) (or the app that matches the Application ID shown in the error).
- Go to the Permissions or API permissions area, then select Grant admin consent for your organization (if available) and confirm.
- Wait 2 minutes.
- Return to Huntress and run the mapping flow again. Keep the Enterprise Application in place while retrying.
Use a different Global Administrator account
Rule out user-specific authentication state and conditional access quirks tied to the original admin.
- Create a temporary Global Administrator account in the affected tenant.
- Sign out of all Microsoft 365 accounts at office.com, then close all browser windows.
- Open a new Incognito/Private window.
- Start the Huntress Microsoft 365 mapping flow.
- When Microsoft prompts for authentication, sign in with the temporary Global Administrator account.
- After onboarding succeeds and the tenant shows Healthy in Huntress, remove the temporary admin account if it is no longer needed.
Delete the existing Enterprise Application
Caution: Deleting the Enterprise Application can break an existing Huntress Microsoft 365 integration for this tenant until it is remapped and consented again.
- In the Entra admin center, go to Enterprise applications.
- Find the Enterprise Application that matches the Application ID in the AADSTS650051 error.
- Delete the application.
- Wait 10 minutes for Microsoft to propagate the deletion.
- From a new Incognito/Private window, retry the Huntress Microsoft 365 integration or mapping using a Global Administrator account.
Check whether the tenant is already mapped in Huntress
If the error persists, the tenant may already be mapped to a different Huntress account, or there may be a backend issue that requires investigation.
Contact Huntress Support with the following details:
- The Tenant ID
- The full AADSTS650051 error text
- A screenshot of the Enterprise Application overview and permissions page for the Huntress app
Email this information to support@huntress.com.