question

MohanKrishnaPechetti-1528 avatar image
0 Votes"
MohanKrishnaPechetti-1528 asked RakeshJagatap-4451 commented

Admin consent fails on first try, succeeds if retried

when we install app in org-level first time got error. after retry it is succeed
what is problem with that?

Error: Operation: Create; Exception: [Status Code: Forbidden; Reason: The request is not authorized for this user or application.]

azure-active-directoryazure-ad-enterpriseapps
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi, if the posted answer resolves your question, please mark it as the answer by clicking the check mark. Doing so helps others find answers to their questions.

0 Votes 0 ·

1 Answer

MarileeTurscak-MSFT avatar image
0 Votes"
MarileeTurscak-MSFT answered MarileeTurscak-MSFT edited

This error can also occur when a user is prevented from consenting to an application due to Microsoft detecting that the permissions request is risky. In this case, an audit event will also be logged with a Category of "ApplicationManagement", Activity Type of "Consent to application" and Status Reason of "Risky application detected". That might be a reason for it to succeed on the retry.

Other possibilities are that there was a permission change or a delay between data centers.

Do you get any audit events or additional errors?

I would recommend visiting the troubleshooting guide for more clues.

Without having insight into your tenant, we may need to open a support case for this. I am leaving details for how to claim this option in a private comment for you.


5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.