Troubleshooting Microsoft Entra ID (Azure AD)
Learn how to troubleshoot issues related to the Microsoft Entra ID configuration with the firewall.
Can I use the same Azure application I created for Microsoft Entra ID Sync in Sophos Central?
Yes, you can use the same Azure application to protect multiple applications. We recommend creating a separate Azure application to use with the firewall for better isolation and granular security control.
Why am I getting the 500 Internal Server Error message after integrating Microsoft Entra ID with the firewall?
You get this error message if you haven't assigned the following Delegated permissions to the application role:
Why am I getting the AADSTS50011 error message from Microsoft?
You get this error message if you haven't pasted the web admin console URL in Redirect URI in Azure. See step 7 in Add a Microsoft Entra ID (Azure AD) server.
Where can I see the Microsoft Entra ID logs?
You can see the Microsoft Entra ID logs in the following locations:
Advanced shell CLI
- Web admin console logs:
- Captive portal logs:
- Web admin console logs: Admin module
- Captive portal logs: Authentication module
Can I use Microsoft Entra ID SSO to sign in to the web admin console of the auxiliary device?
You can't currently sign in to the web admin console of the auxiliary HA device using Microsoft Entra ID SSO.