Skip to content
The XG Series hardware appliances will reach end-of-life (EOL) on March 31, 2025. Click here to see the XG to XGS migration documentation.

Page permalink

Always use the following permalink when referencing this page. It will remain unchanged in future help versions.

https://docs.sophos.com/nsg/sophos-firewall/19.5/Help/en-us/webhelp/onlinehelp/index.html?contextId=authentication-server-Azure-troubleshooting

Troubleshooting Microsoft Entra ID (Azure AD)

Learn how to troubleshoot issues related to the Microsoft Entra ID integration with the firewall.

Can I use the same Azure application I created for Microsoft Entra ID Sync in Sophos Central?

Yes, you can use the same Azure application to protect multiple applications. We recommend creating a separate Azure application to use with the firewall for better isolation and granular security control.​

Why am I getting the 500 Internal Server Error message after integrating Microsoft Entra ID with the firewall?

You get this error message if you haven't assigned the following Delegated permissions to the application role:

  • User.Read
  • User.ReadAll
  • Group.ReadAll

See (Optional) Create an application role.

Why am I getting the AADSTS50011 error message from Microsoft?

You get this error message if you haven't pasted the web admin console URL in Redirect URI on Azure. See step 7 in Add a Microsoft Entra ID (Azure AD) server.