This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(12.8, 28.999999999999996%, 11%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAT%3C/text%3E%3C/svg%3E)
Hello,
I'm trying to login to https://www.office.com
I'm redirected to Microsoft sign-in page which is expected
I signed in with my UPN ******@mydomain.com
I see that the Entra ID on which I'm registered returned back an ID token and access code back to www.office.com
Token Details:
"aud": "4765445b-32c6-49b0-83e6-1d93765276ca",
"iss": "https://login.microsoftonline.com/my-tenant-id/v2.0"
This all looks fine. However when I look for enterprise applications listed under my Entra ID tenant I don't see an app with the ID 4765445b-32c6-49b0-83e6-1d93765276ca - Note this is the ID assigned for Microsoft 365 web application.
Why does Entra ID issued a token for application not registered in my tenant? I have verified this for power apps sign-in process too. Even though the app does not exist on my Entra ID, token generation is still successful and I'm confused why tokens are generated for a app that does not exist.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(70.4, 96%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EFA%3C/text%3E%3C/svg%3E)
Thanks for reaching out to Microsoft Q&A
That's actually the ClientID of a first party Microsoft application, Office Home:
I'm sorry if that caused you some confusion, but I just wanted to clarify to you that not all Microsoft first party applications will be listed in your tenant.
You can see the list with names and ClientIDs of all Microsoft apps in the document below:
Thanks,
Fabio
That really helps !
I was afraid that I misunderstood the basics of Entra ID OAuth and App Registration.
Behind the scenes how does the token generation actually work for first party microsoft app ?
Thanks,
Ajith
Hi Ajith
Token request process for Microsoft first party application works the same way as any other OAUTH / OIDC application.
You might already know how the flows work, but I'm sending the documentation only for reference.
https://learn.microsoft.com/en-us/entra/identity-platform/v2-oauth2-auth-code-flow
Thanks,
Fabio