Skip to main content
My preferencesSign out
Proofpoint, Inc.

Azure AD Permissions Error

Situation If required permissions aren’t enabled, you may encounter an Azure sync error when running a manual sync test.
Solution Follow the below steps to ensure the necessary permissions are enabled.

 

Want some help setting up Azure and syncing with Essentials? Check out our article Azure Active Directory Sync Guide.

Potential Permission Error & Resolution 

If required permissions aren’t enabled, you may encounter an Azure sync error when running a manual sync test. Azure will throw an error like the following:

[Authorization_RequestDenied] Insufficient privileges to complete the operation

You need to:

MODIFYING PERMISSIONS WITHIN AZURE: 

To modify permissions and resolve the above error:

  1. Log into Azure Active Directory Admin center.
  2. Navigate to All settings > Required permissions > Windows Azure AD.
  3. Set appropriate permissions under APPLICATION PERMISSIONS and DELEGATED PERMISSIONS (ones shown in sync error).
  4. Under DELEGATED PERMISSIONS, set Sign in and read user profile to No.
  5. Under Enable Access, click Save then immediately click Grant Permissions.

 

All Domains Associated With Your Azure AD Directory Must Be Added In Order To Perform A Sync. 

ERROR MESSAGE: 

"The following domain(s) 'Domainproofpoint.com' has been found that is not currently associated with your customer account. All domains associated with your Azure AD directory must be added in order to perform a sync."

RESOLUTION: 

  • You must ensure all associated domains within your Office 365 are added to the Proofpoint console.
  • Alternatively you can add the domains not associated with your customer account as Management rather than relay. Then re-run the sync.
Invalid Credentials 

ERROR MESSAGE: 

  • Failed to connect. Please check your Azure credentials.

RESOLUTION: 

You Have Used Up All Of Your Current User Licenses. In Order To Add Additional Licensed Users You Must Contact Your Reseller. 

ERROR MESSAGE: 

  • This organization has no additional user licenses available. The number of user licenses needs to be increased before additional user accounts can be added.
  • You have used up all of your current user licenses. In order to add additional licensed users you must contact your Reseller.

RESOLUTION: 

  • You must contact your re-seller to have your license count increased or user capping disabled
Token Invalid 

ERROR MESSAGE:  

  • The token does not appear to be correct. Please ensure this is valid.

Resolution:

  • If you see this error, there may be a 5- 10 minute propagation from Azure. Azure can sometimes see a delay in a new token between trusted applications. 
  • After 10 minutes, please re-generate a new token and ensure it is correctly copied into the PP Azure configuration. 

Note: Also ensure the following permissions are set correctly within Azure:

  • Application Permissions : Read Directory Data
  • Delegated Permissions : Read all users' basic profiles
  • Delegated Permissions : Read all groups
  • Delegated Permissions : Read directory data 
Account Manifesto Is Up To Date 

ERROR MESSAGE:  

  • The account manifesto is up to date.
  • No users are being returned.

RESOLUTION: 

Check:

  • Does the user have Admin rights to prevent permission issues
  • Users not returned have an SMTP proxy address & Mail address specified
The Certificate Has Expired On The Azure App Registrations Side 

ERROR MESSAGE:  

  • "We have come across a problem, and cannot continue. Please contact support quoting 1019d7 if this problem persists."
    • The number after "quoting" always changes.

RESOLUTION: 

Check:

  • This is error is on the customers side. They will have to renew their Certificate on the Azure App registrations side.
  • If admin creates a new "secret key in the Azure App", admin must update the Key in the Proofpoint Dashboard under Import and Sync.