3,985 questions with Microsoft Security | Microsoft Entra | Microsoft Entra External ID tags

Sort by: Updated
Updated Created Answers
1 answer

More Granular Control on Entra External ID Tenant Admin Console

Currently, the "Application Admin" role access allows control over all registered apps in Entra External ID. We recently had an incident where some user flows / app registrations were deleted by mistake. Is there a way to implement more…

Microsoft Security | Microsoft Entra | Microsoft Entra External ID
asked 2026-06-10T13:36:23.7633333+00:00
Jinki Lee 95 Reputation points
commented 2026-06-10T13:42:21.1166667+00:00
Sridevi Machavarapu 32,725 Reputation points Microsoft External Staff Moderator
0 answers

Resource with ID does not Exist when creating Microsoft Entra External ID tenant

When creating a new Microsoft Entra External ID tenant I got this type of error: Resource with ID 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/myproject-env-01/myprojectenv01.onmicrosoft.com' does not exist. If I retry I then get: The resource cannot be…

Microsoft Security | Microsoft Entra | Microsoft Entra External ID
asked 2026-06-10T06:03:54.95+00:00
Scott McCarthy 0 Reputation points
commented 2026-06-10T06:35:27.04+00:00
VEMULA SRISAI 13,230 Reputation points Microsoft External Staff Moderator
1 answer

MTO Cross-Tenant Sync – Specific User Showing as 'External' in Outlook Only (Teams & SharePoint Fine)

Hi Microsoft Community, I'm hoping to get some guidance and validation on an issue we've encountered with a Multi-Tenant Organization (MTO) setup, and whether our applied fix is the correct long-term approach. ENVIRONMENT Two Microsoft 365 tenants…

Microsoft Security | Microsoft Entra | Microsoft Entra External ID
asked 2026-06-10T03:34:10.9466667+00:00
Vinay Shivakoti 0 Reputation points
answered 2026-06-10T03:34:43.17+00:00

AI answer

1 answer

onPasswordSubmitListener breaks sign-in (AADSTS50000) on CIAM tenant even when user has no migration flag set

Hey, hoping someone has hit this. I'm trying to set up JIT password migration on a Microsoft Entra External ID (CIAM) tenant, basically copying users from an old Azure AD B2C tenant and migrating their passwords on first sign-in. I've followed the docs…

Microsoft Security | Microsoft Entra | Microsoft Entra External ID
asked 2026-05-21T21:05:38.6666667+00:00
Michael E 25 Reputation points
commented 2026-06-10T00:48:35.2766667+00:00
TU2 10 Reputation points
0 answers

Can't sign in my account - Azure Login Failure: Identity Verification Error (Phone Verification Failing with Code 399287)

Dear Microsoft Support Team, Mr.[@](/users/na/?userid=PII), ```I am blocked from accessing my Azure account due to a phone identity verification failure. When attempting to log in, I receive the error: _“Sorry, we’re having trouble verifying your…

Microsoft Security | Microsoft Entra | Microsoft Entra External ID
asked 2026-06-09T14:37:27.8233333+00:00
Nghĩa Nhân 0 Reputation points
commented 2026-06-09T17:37:10.3366667+00:00
Rukmini 42,195 Reputation points Microsoft External Staff Moderator
1 answer

Script Limitations to Migrating +400K Users from custom CIAM to Microsoft Entra External ID

We are attemping to migrate our customer data from our custom CIAM to Microsoft Entra External ID. Our backend migration script (400K users) is hitting throttling limits. For example, 3,500 customers migrated in 3.5 minutes before the process paused and…

Microsoft Security | Microsoft Entra | Microsoft Entra External ID
asked 2026-06-08T14:23:36.2466667+00:00
Jinki Lee 95 Reputation points
commented 2026-06-09T12:53:23.4533333+00:00
Sridevi Machavarapu 32,725 Reputation points Microsoft External Staff Moderator
0 answers

Help Needed: Facing 40015 error when trying to set up Linkedin OIDC with Entra External ID

Hello, I'm trying to configure LinkedIn as a custom OpenID Connect (OIDC) identity provider in Microsoft Entra External ID, but I consistently receive AADSTS40015 during sign-in. What I've already verified LinkedIn OIDC endpoints are configured correctly…

Microsoft Security | Microsoft Entra | Microsoft Entra External ID
asked 2026-06-09T08:33:32.8533333+00:00
Taha Murtaza Ali 0 Reputation points
commented 2026-06-09T11:06:31.6466667+00:00
Taha Murtaza Ali 0 Reputation points
1 answer

Microsoft Entra error 700003 on web-account RDP sign-in to Azure VM — how do I clear a deleted-device reference bound to a cloud-only user?

Follow-up: blocked validating cloud-only Entra Kerberos SMB in UK South — recurring Entra error 700003 (deleted device) on the test client This is a follow-up to my open question on whether cloud-only Microsoft Entra Kerberos with per-group share-level…

Microsoft Security | Microsoft Entra | Microsoft Entra External ID
asked 2026-06-06T22:35:24.7033333+00:00
hcetticz 20 Reputation points
commented 2026-06-09T08:59:56.7533333+00:00
Shubham Sharma 17,145 Reputation points Microsoft External Staff Moderator
0 answers

Help Needed: Custom OIDC Provider (LinkedIn) in Entra External ID - AADSTS40015 after successful Postman test

Hello everyone, I'm trying to configure LinkedIn as a custom OpenID Connect (OIDC) provider in my Azure Entra External ID (CIAM) tenant, but I'm stuck on the final step. I've gone through several stages of troubleshooting and can confirm that the…

Microsoft Security | Microsoft Entra | Microsoft Entra External ID
asked 2025-10-15T07:02:28.2566667+00:00
Daniel Bär 125 Reputation points
edited a comment 2026-06-09T07:17:25.03+00:00
Taha Murtaza Ali 0 Reputation points
1 answer One of the answers was accepted by the question author.

Entra External ID sign-up redirect url with custom domain redirecting back to ciamlogin.com domain

Hi, I have created a working custom login domain using Entra External Id + frontdoor and everything is working great except for when a user signs up with a new email address. They are correctly redirected back to the custom domain site to the…

Microsoft Security | Microsoft Entra | Microsoft Entra External ID
asked 2026-06-08T02:24:09.4266667+00:00
Paul Karl Gaynor 40 Reputation points
accepted 2026-06-09T05:19:10.8566667+00:00
Paul Karl Gaynor 40 Reputation points
1 answer One of the answers was accepted by the question author.

B2C Tenant Password reset email issue

When we use the Self-service password reset in our Azure B2C tenants, it triggers the password reset verification email. But the emails are not getting received. We tried with multiple email addresses from different domains and none of them work. This…

Microsoft Security | Microsoft Entra | Microsoft Entra External ID
asked 2026-06-05T01:02:42.0533333+00:00
Kumar Krishnamoorthy 21 Reputation points
accepted 2026-06-09T04:36:15.96+00:00
Kumar Krishnamoorthy 21 Reputation points
1 answer

AADSTS165000 "Token was not provided" when login_hint is sent to a CIAM user flow federating to a custom OpenID Connect IdP

Environment Microsoft Entra External ID (CIAM / external tenant). A server-side web app signs users in via OIDC (Authorization Code + PKCE) against the external tenant. One identity provider is a custom OpenID Connect IdP that federates to another…

Microsoft Security | Microsoft Entra | Microsoft Entra External ID
asked 2026-06-07T09:09:00.69+00:00
Alberto Molina Martínez 0 Reputation points
commented 2026-06-09T04:25:48.79+00:00
Shubham Sharma 17,145 Reputation points Microsoft External Staff Moderator
2 answers

MFA for Azure VMS

We have a requirement to enable MFA for azure VMs. We have enabled the managed identity and installed the AAD ext. and tried with 1 user and It allows the user to login with entra credentials. However after setting up conditional access policy its not…

Microsoft Security | Microsoft Entra | Microsoft Entra External ID
asked 2026-06-06T05:01:19.0933333+00:00
Nitish kumar 0 Reputation points
commented 2026-06-08T08:26:56.59+00:00
Nitish kumar 0 Reputation points
0 answers

block_iframe_reload excpetion when recieving authentication repsonse

Hello, We have a React application that is refreshing a session with Microsoft Entra External. We are calling acquire token silent endpoint. We have already done the suggestions in the article…

Microsoft Security | Microsoft Entra | Microsoft Entra External ID
asked 2026-06-05T07:42:10.97+00:00
Lisa 60 Reputation points
commented 2026-06-08T05:54:07.9566667+00:00
Shubham Sharma 17,145 Reputation points Microsoft External Staff Moderator
1 answer

returns AADSTS50219 error when legacy user log in with correct password and the custom azure function returning MigratePassword action

The custom Azure function only returns three actions: microsoft.graph.passwordSubmit.MigratePassword, microsoft.graph.passwordSubmit.Retry, and microsoft.graph.passwordSubmit.Block. Among these, the other response actions (Retry and Block) behave as…

Microsoft Security | Microsoft Entra | Microsoft Entra External ID
asked 2026-06-03T11:54:18.8833333+00:00
TU2 10 Reputation points
commented 2026-06-08T03:02:02.51+00:00
TU2 10 Reputation points
1 answer

Invitations are blocked for this directory due to suspicious activity for more than 12 users

Invitations are blocked for this directory due to suspicious activity for more than 12 users. We've had this issue for a week with no resolution, after trying to invite 220 users to a new tenant, it's blocked at 12 users. It says to contact Microsoft…

Microsoft Security | Microsoft Entra | Microsoft Entra External ID
asked 2026-06-05T23:51:16.52+00:00
JJ Brantingham 0 Reputation points
edited an answer 2026-06-06T08:32:09.3566667+00:00
Martin Egli 545 Reputation points
2 answers One of the answers was accepted by the question author.

Microsoft Entra External Microsoft SSO sign in page

Hello, We are using Microsoft Entra External as an identity provider. We use the Google and Apple identity providers in our user flow and these are working fine. However for the Microsoft sign in flow we have a couple of questions: Custom background …

Microsoft Security | Microsoft Entra | Microsoft Entra External ID
asked 2026-05-08T13:06:22.6566667+00:00
Lisa 60 Reputation points
accepted 2026-06-05T07:10:03.5466667+00:00
Lisa 60 Reputation points
0 answers

B2B guest invitations blocked tenant-wide due to "suspicious activity"

All outbound B2B guest invitations from our tenant are being rejected with a tenant-wide block. We are a legitimate organization and need this fraud/abuse hold reviewed and lifted. WHAT WE ARE DOING We run an internal learning application (an Azure…

Microsoft Security | Microsoft Entra | Microsoft Entra External ID
asked 2026-06-03T04:02:36.2666667+00:00
William 0 Reputation points
edited the question 2026-06-05T01:21:36.27+00:00
William 0 Reputation points
0 answers

I can't access a directory created for Azure B2C tenants. I'm the administrator.

I can't access a directory created for Azure B2C tenants. It prompts me for MFA, but MFA isn't set up correctly. Even though I've disabled the MFA option for my user in my institution's directory, this change isn't reflected for my user in the B2C…

Microsoft Security | Microsoft Entra | Microsoft Entra External ID
asked 2026-06-04T14:27:20.46+00:00
Cristian Maripangui González 20 Reputation points
commented 2026-06-04T14:45:57.4833333+00:00
Cristian Maripangui González 20 Reputation points
0 answers

User invitation failed due to Insufficient privileges to complete the operation

User invitation failed due to Insufficient privileges to complete the operation. However I am global administrator while API response is Invitations are blocked for this directory due to suspicious activity

Microsoft Security | Microsoft Entra | Microsoft Entra External ID
asked 2026-05-21T10:00:00.16+00:00
Karim Atef 0 Reputation points
commented 2026-06-04T07:41:41.8466667+00:00
Carolyne-3676 1,136 Reputation points