Share via

Microsoft Entra ID App not accessible to other organisations

Ricardas Kauneckas 0 Reputation points
2024-09-30T15:39:39.03+00:00

Hi all,

I have an external PHP-based application that allows users to send emails via the Microsoft Graph API instead of SMTP which will be deprecated soon. For this, I registered an application under Entra App registrations with delegated permission scopes Mail.Send and offline_access. The app is configured to allow all types of Microsoft accounts, and during testing with personal and internal company Microsoft accounts, everything works perfectly. I'm using the authorization code flow for authentication:

  1. The user logs in.
  2. The user consents to the required permissions (prompt=consent).
  3. The user is redirected back to the application with an access and refresh token.

However, when a user with a external company (organizational) account tries to authorize the app, they encounter the following error after logging in:

AADSTS650053: The application 'My App Name' requested scope 'offline_access, Mail.Send' which doesn't exist on the resource '00000003-0000-0000-c000-000000000000'. Contact the app vendor.

I’ve tried various configurations but haven’t been able to resolve the issue. My question is: does the external company tenant require any specific configuration, or am I missing something on my end? How can I get this working for organizational accounts if it's already functioning for personal Microsoft accounts?

Any help or suggestions would be greatly appreciated.

 

Best regards, Ricardas Kauneckas

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
22,067 questions
0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.