Share via

error code - caa2000b on multiple outlook accounts

achu 0 Reputation points
2025-05-11T19:45:09.4466667+00:00

User's image

Above error is showing up for multiple accounts.

Subscription is active. Tried to create new account and tested - showing the same error.

Community Center Not monitored

3 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Johnny 250 Reputation points
    2025-05-12T02:09:49.4566667+00:00

    Based on the error message in your screenshot, the issue appears to be related to a disabled service principal for a particular resource. Even though the subscription is active, if the service principal that governs authentication for this application is disabled, tokens won't be issued for it, leading to the error across multiple accounts.

    Troubleshooting Steps:

    1. Verify Subscription StatusDouble-check that the subscription is truly active and not in a grace period or pending renewal
    2. Check the Service Principal StatusIn Azure AD, go to Enterprise Applications, search for the affected application, and confirm if its service principal is disabled
    3. Enable the Service PrincipalIf it is disabled, re-enable it to restore authentication flow
    4. Confirm Tenant-Wide PoliciesLook into Conditional Access policies or security configurations that may be blocking access
    5. Refer to Microsoft DocumentationThe error message links to Microsoft WAM Errors, which might have additional relevant guidance
    6. Test AuthenticationAfter making adjustments, attempt logging in with the affected accounts to confirm resolution

    If the issue persists, reviewing audit logs in Azure AD can provide further insights into potential blocking factors.

    1 person found this answer helpful.
    0 comments
  2. Chris Mouncey 5 Reputation points
    2025-05-13T08:07:58.04+00:00

    The issue is connected to the Enterprise App: Microsoft Information Protection API

    To Fix the issue

    From Microsoft Entra:

    • Go to Enterprise applications in the Entra Portal
    • Remove filters to view all Enterprise Applications (disabled apps don’t show up by default)

    Search for App ID 40775b29-2688-46b6-a3b5-b256bd04df9f (Or Microsoft Information Protection)

    • Open the Microsoft Information Protection API
    • Under Properties, set Enabled for users to sign-in? to Yes
    1 person found this answer helpful.
  3. Anonymous
    2025-05-12T07:05:17.6833333+00:00

    Hi Achu,

    If you locate Microsoft 365 admin center>Users>Active users and check the licenses of a user, what licenses would the user have? - Microsoft 365 Business (Basic, Standard, Premium)

    • Microsoft 365 Enterprise (E1, E3, E5)
    • Exchange Online Plan 1 or Plan 2 (standalone)
    • Office 365 Education/Government plans (if applicable)

    These licenses include Exchange Online, which allows Outlook to connect to your work/school email, calendar, and contacts. Note: Microsoft 365 F1 does not include rights to an Exchange mailbox.

    If you have the correct license but still get errors (like CAA2000B), try:

    • Unassign licenses and re-assign licenses for users.
    • Re-adding the account in Outlook.
    • Updating Outlook to the latest version.
    • Checking MFA/conditional access policies: (Azure AD > Security > Conditional Access) to see if the policy is blocking access.

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment". Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.