Share via

Airwatch & azure ad

Polo22 1 Reputation point
2021-04-21T14:44:01.037+00:00

Hi there,
I try to enroll a PC (W10) in Airwatch throught Azure AD. Airwatch App in enterprise applications on my Azure Active Directory is configured to reach my Airwatch.
So when I login as my AAD User to join Azure Active Directory domain on my windows 10 pc, I got this error:

Error: CAA2000B
server message: AADSTS50001: the resource principal named <my airwatch url> was not found in the tenant named <my aad tenant>
This can happen if the application has not been installed by the administrator of the tenant or consented to by any user in the tenant.
You might have sent your authentification request to the wrong tenant.

I dont know where to look now to resolve this. Im not admin in AAD but Ive checked parameters of consent, users can consent applications.

If someone ever had this problem..

Thank you for your help.

Microsoft Security | Microsoft Entra | Microsoft Entra ID
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Marilee Turscak-MSFT 37,206 Reputation points Microsoft Employee Moderator
    2021-04-21T21:20:27.25+00:00

    Have you assigned the correct permissions to your client app for access? Make sure you have set the Application ID URI under the application’s “Expose an API” section.

    90103-image.png

    0 comments
  2. Polo22 1 Reputation point
    2021-04-22T09:48:30.317+00:00

    In App registration, I see 2 apps:

    • On-premises MDM application with (in “Expose an API” section) :

    Application ID URI: <my mdm url>/DeviceServices

    • Airwatch application

    Application ID URI: Airwatch -> should I change this in <my mdm url>/DeviceServices too?

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.