Azure event codes

All codes for reference

Microsoft Entra authentication & authorization error codes - Microsoft identity platformMicrosoftLearn

Another good resource

Other Entra ID / Azure AD SignIn errorsFabian Bader

Codes to look for:

status.errorCode	Error code info
1000000	Expected error when the user attempts to connect a LinkedIn account to their AAD accoun
502031	User has not registered the authenticator app and registration is required
500121	multiple failed multi-factor authentication (MFA) requests for a single user within an Azure AD tenant. This behavior can be a sign that an adversary is attempting to bypass MFA by repeatedly prompting the user for authentication. If confirmed malicious, this activity could lead to unauthorized access
500113
500011	Developer error - the app requested access to a resource (application) that isn't installed in your tenant. If you expect the app to be installed, you may need to provide administrator permissions to add it. Check with the developers of the resource and application to understand what the right setup for your tenant is
399218	For security reasons, user confirmation is required to sign in to this tenant.
90072	PassThroughUserMfaError - The external account that the user signs in with doesn't exist on the tenant that they signed into; so the user can't satisfy the MFA requirements for the tenant, also might occur if the users are synced, but there is a mismatch in the ImmutableID (sourceAnchor) attribute between Active Directory and Microsoft Entra ID
70044	The session has expired or is invalid due to sign-in frequency checks by conditional access, on the side of application
65002	The API owner before requesting tokens for that API. A developer in your tenant might be attempting to reuse an App ID. This error prevents them from impersonating a Microsoft application to call other APIs. They must move to another app ID they register
65001	MFA requirement skipped due to IP address or The user or administrator has not consented to use the application with ID or MFA completed in Azure AD -- The user or administrator has not consented to use the application with ID
53003	Access has been blocked by Conditional Access policies
50203	User has not registered the authenticator app and must register or snooze this notification.
50158	External security challenge not satisfied. User will be redirected to another page or authentication provider to satisfy additional authentication challenges.
50155	Device auth failed for a user, device is disabled or pending on AAD. Disabling : Disabling a device prevents it from authenticating via Azure AD Pending : Pending devices indicates that the device has been synchronized successfully using Azure AD connect form
50140	Error occurred when clicking "keep me signed in" after login
50133	Auto sign out from password expiration or recent password change
50129	The device is not workplace joined. Workplace join is required to register the device
50126	Invalid Username or password
50125	Sign in was interrupted because of password reset or password registration
50105	Signed in user isn't assigned to a role for the app requested
50089	(Auto Log Out) Expected - auth codes, refresh tokens, and sessions expire over time or are revoked by the user or an admin. The app will request a new login from the user.
50088	Limit on telecom MFA calls reached. Please try again in a few minutes.
50079	User Strong Auth Enrollment Required, Due to a configuration change made by the admin such as a Conditional Access policy, per-user enforcement. the user is required to use multi-factor authentication
50076	(Failed MFA) A user must use MFA to Access this resource
50074	User Did not pass the MFA challenge
50072	The user was presented options to provide contact options so that they can do MFA, you must enroll in multi-factor authentication to access
50057	The user account is disabled.
50053	IdsLocked - The account is locked because the user tried to sign in too many times with an incorrect user ID or password. The user is blocked due to repeated sign-in attempts, Or, sign-in was blocked because it came from an IP address with malicious activity.
16003	The user account does not exist in the directory or the user hasn't been explicitly added to the tenant. To sign into this application, the account must be added to the directory. This can be the case when someone is sent to a login URL for your tenant without being a member, or picks the wrong user account.