Skip to content

Page permalink

Always use the following permalink when referencing this page. It will remain unchanged in future help versions.

https://docs.sophos.com/nsg/sophos-firewall/19.5/Help/en-us/webhelp/onlinehelp/index.html?contextId=authentication-server-Azure-troubleshooting

Troubleshooting Microsoft Entra ID (Azure AD)

Learn how to troubleshoot issues related to the Microsoft Entra ID integration with the firewall.

Can I use the same Azure application I created for Microsoft Entra ID Sync in Sophos Central?

Yes, you can use the same Azure application to protect multiple applications. We recommend creating a separate Azure application to use with the firewall for better isolation and granular security control.​

Why am I getting the 500 Internal Server Error message after integrating Microsoft Entra ID with the firewall?

You get this error message if you haven't assigned the following Delegated permissions to the application role:

  • User.Read
  • User.ReadAll
  • Group.ReadAll

See (Optional) Create an application role.

Why am I getting the AADSTS50011 error message from Microsoft?

You get this error message if you haven't pasted the web admin console URL in Redirect URI in Azure. See step 7 in Add a Microsoft Entra ID (Azure AD) server.