Share via

In MS Azure I cannot update supported account type in the authentication panel

Taylor 0 Reputation points
2026-03-05T14:39:50.19+00:00

My development team cannot access the needed services on Azure. When i try to change supported account types to any Entra ID, I receive the failure notice below. Please help.User's image

Microsoft Security | Microsoft Entra | Microsoft Entra External ID
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. VEMULA SRISAI 11,715 Reputation points Microsoft External Staff Moderator
    2026-03-05T16:22:02.7966667+00:00

    Taylor You’re hitting this error because the app registration has an invalid or unsupported value for api.requestedAccessTokenVersion, which blocks changing the Supported account types.

    Fix:

    1. Go to Microsoft Entra ID → App registrations → [App] → Manifest
    2. Set:

    JSON

    "api": {

    "requestedAccessTokenVersion": 2

    }

    1. Save the manifest.
    2. Go back to Authentication → Supported account types and select Any Entra ID tenant (multi‑tenant).

    After setting the token version to 2, the change should save successfully. If you still face issues, please share the App ID and current manifest settings.

  2. Q&A Assist
    2026-03-05T14:40:16.1+00:00
    AI generated content. This question contains an answer created with AI from Q&A Assist. Learn more

    The failure occurs because the app’s current configuration doesn’t support changing the supported account types directly in the Authentication blade. Specifically, the underlying signInAudience and related properties (such as the App ID URI) must be valid for multi‑tenant or personal Microsoft accounts.

    Use the app registration manifest to adjust the supported account types instead of the Authentication (Preview) pane:

    1. In the Microsoft Entra admin center, go to Entra ID → App registrations and select the application.
    2. Select Manifest.
    3. Download the JSON manifest.
    4. Locate the signInAudience property and set it to the value that matches the required audience, for example:
      • AzureADMyOrg – single tenant
      • AzureADMultipleOrgs – any organizational directory (multitenant)
      • AzureADandPersonalMicrosoftAccount – any Entra ID tenant + personal Microsoft accounts
      • PersonalMicrosoftAccount – personal Microsoft accounts only
    5. Save the JSON file and upload it back in the Manifest editor.

    If changing to a multitenant or personal‑account audience still fails, check the Application ID URI (App ID URI):

    • For a multitenant app, the App ID URI must be globally unique and its host name must match one of the tenant’s verified domains (for example, https://contoso.com/myapp if contoso.com is a verified domain).
    • If the App ID URI does not follow this pattern, converting the app registration to multi‑tenant fails. In that case, update the App ID URI to use a verified domain and then try changing the supported account types again.

    If the app was originally created as single‑tenant and the signInAudience cannot be changed (or the portal blocks the change), re‑create the app registration with the correct account type selected from the start and migrate configuration (redirect URIs, permissions, secrets/certificates) to the new registration.

    References:

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.