Skip to main content
Contact Us
My preferencesSign out
Proofpoint, Inc.

Azure AD (Entra ID) Permissions Error

  1. Last updated
  2. Save as PDF
Situation If required permissions aren’t enabled, you may encounter an Azure ( now known as Entra ID) sync error when running a manual sync test.
Solution Follow the below steps to ensure the necessary permissions are enabled. 

 

Want some help setting up Azure and syncing with Essentials? Check out our article Azure Active Directory Sync Guide.

Potential Permission Error & Resolution 

If required permissions aren’t enabled, you may encounter an Azure sync error when running a manual sync test. Azure will throw an error like the following:

[Authorization_RequestDenied] Insufficient privileges to complete the operation

You need to:

MODIFYING PERMISSIONS WITHIN AZURE (Entra ID)

To modify permissions and resolve the above error:

  1. Log into Azure Active Directory(Entra ID) Admin center.
  2. Navigate to All settings > Required permissions > Windows Azure AD (Entra ID).
  3. Set appropriate permissions under APPLICATION PERMISSIONS and DELEGATED PERMISSIONS (ones shown in sync error).
  4. Under DELEGATED PERMISSIONS, set Sign in and read user profile to No.
  5. Under Enable Access, click Save then immediately click Grant Permissions.

 

All Domains Associated With Your Azure AD Directory (Entra ID) Must Be Added In Order To Perform A Sync. 

ERROR MESSAGE: 

"The following domain(s) 'Domainproofpoint.com' has been found that is not currently associated with your customer account. All domains associated with your Azure AD directory  (Entra ID)must be added in order to perform a sync."

RESOLUTION: 

  • You must ensure all associated domains within your Office 365 are added to the Proofpoint console.
  • Alternatively you can add the domains not associated with your customer account as Management rather than relay. Then re-run the sync.
Invalid Credentials 

ERROR MESSAGE: 

  • Failed to connect. Please check your Azure (Entra ID) credentials.

RESOLUTION: 

You Have Used Up All Of Your Current User Licenses. In Order To Add Additional Licensed Users You Must Contact Your Reseller. 

ERROR MESSAGE: 

  • This organization has no additional user licenses available. The number of user licenses needs to be increased before additional user accounts can be added.
  • You have used up all of your current user licenses. In order to add additional licensed users you must contact your Reseller.

RESOLUTION: 

  • You must contact your re-seller to have your license count increased or user capping disabled
Token Invalid 

ERROR MESSAGE:  

  • The token does not appear to be correct. Please ensure this is valid.

Resolution:

  • If you see this error, there may be a 5- 10 minute propagation from Azure(Entra ID). Azure (Entra ID)can sometimes see a delay in a new token between trusted applications. 
  • After 10 minutes, please re-generate a new token and ensure it is correctly copied into the PP Azure configuration. 

Note: Also ensure the following permissions are set correctly within Azure (Entra ID):

  • Application Permissions : Read Directory Data
  • Delegated Permissions : Read all users' basic profiles
  • Delegated Permissions : Read all groups
  • Delegated Permissions : Read directory data 
Account Manifesto Is Up To Date 

ERROR MESSAGE:  

  • The account manifesto is up to date.
  • No users are being returned.

RESOLUTION: 

Check:

  • Does the user have Admin rights to prevent permission issues
  • Users not returned have an SMTP proxy address & Mail address specified
The Certificate Has Expired On The Azure (Entra ID) App Registrations Side 

ERROR MESSAGE:  

  • "We have come across a problem, and cannot continue. Please contact support quoting 1019d7 if this problem persists."
    • The number after "quoting" always changes.

RESOLUTION: 

Check:

  • This is error is on the customers side. They will have to renew their Certificate on the Azure (Entra ID) App registrations side.
  • If admin creates a new "secret key in the Azure(Entra ID) App", admin must update the Key in the Proofpoint Dashboard under Import and Sync.