Office 365 Sales Order/Synchronization attempt fails with the following error:
"error":"invalid_request","error_description": "AADSTS50178: User account 'user@resellerDomainCSP.onmicrosoft.com' from identity provider 'https://sts.windows.net/a3831efe-...-8128a3717143/' does not exist in tenant 'End-customer organization' and cannot access the application 'cde22860-...-08622a196d0c' in that tenant. The account needs to be added as an external user in the tenant first. Sign out and sign in again with a different Azure Active Directory user account.'
The same error can be faced on attempt to use the
The following error can be seen in
2018-09-03 00:03:40,604 [ 65] ERROR aps_endpoint: Azure AD Graph API server returned an web exception 'The remote server returned an error: (400) Bad Request.'. System.Net.WebException: The remote server returned an error: (400) Bad Request. at System.Net.HttpWebRequest.GetResponse() at Parallels.Office365.Gateway.Graph.AzureAdGraphHttpWebRequest.ExecuteAndHandleResponse[T](HttpWebRequest webRequest, String requestBodyForPrint) in c:\inetpub\wwwroot\O365App\App_Code\Graph\AzureAdGraphHttpWebRequest.cs:line 200 2018-09-03 00:03:40,619 [ 65] DEBUG aps_endpoint: Azure AD Graph API request POST url: 'https://login.windows.net/5ff865a3-ed94-4d0b-b93e-1da92ac1b79b/oauth2/token',
Customer has enabled Multi-Factor authorization for tenant.
Software-related issue #APSA-20169 "MFA on Microsoft side breaks the O365 integration".
Please contact your Technical Account Manager or Pooled Technical Associate in order to clarify current status of request.
As a workaround, it is required to manually disable the Baseline Security Policy on Microsoft side:
- Sign-in to the Azure portal of a customer's tenant with a global administrator, security administrator, or conditional access administrator account.
- Navigate to the Conditional access blade.
- Click on the baseline policy
- Choose option
Do not use policy