Our Azure reference focuses on ARM deployment failures, Entra ID authentication and authorization errors, and storage/runtime service exceptions. Each guide maps provider messages to actionable checks across tenant, subscription, resource group, and policy layers used in real operations.
These are the highest-signal Azure pages for common production failures and the best first routes for internal linking and early user navigation.
Priority guide
Authorization Failed
Fix AuthorizationFailed by validating Azure RBAC scope, role assignments, and deny assignments for the exact ARM action and resource path.
->Priority guide
Invalid Authentication Token Tenant
Fix InvalidAuthenticationTokenTenant by acquiring tokens from the correct tenant authority and validating subscription-to-tenant mapping before ARM ca...
->Priority guide
Resource Not Found
Fix Azure ResourceNotFound by validating full resource IDs, subscription and resource-group scope, provider namespace, deployment outputs, and state d...
->When you need broader context, move from provider-specific pages into the matching error category or incident playbook before changing production behavior.
Showing 16-30 of 63.
Azure AADSTS50126 indicates a primary authentication failure where Microsoft Entra ID cannot validate the provided username and password combination. This occurs before MFA challenges or account-state checks.
Azure AADSTS50158 is a federated security signal indicating that Microsoft Entra ID requires an additional authentication challenge from an external provider, such as Okta, Duo, Ping, or AD FS, before sign-in can complete.
Azure AADSTS53003 is a policy-based rejection. It indicates that while the user’s credentials were valid, the sign-in attempt was blocked by a specific Microsoft Entra Conditional Access policy due to untrusted location, non-compliant device, or high-risk signals.
Azure AADSTS65001 is a permission-grant failure indicating that the application is requesting API scopes, such as Microsoft Graph permissions, that have not yet been approved by the user or an administrator in the target tenant.
Azure AADSTS65004 is a consent-grant failure indicating that the user either explicitly declined the requested permissions or the consent flow was interrupted before the approval could be recorded in Microsoft Entra ID.
Microsoft Entra ID returns `AADSTS700016` when the client application identifier cannot be found in the target tenant directory.
Azure AADSTS7000215 indicates that the client secret value provided in a token request is invalid for the specified application. This is a specific credential mismatch often caused by using the Secret ID instead of the actual secret value or by rotation drift.
Azure AADSTS70011 is a request-shape failure indicating that the `scope` parameter in the authentication request is malformed, misspelled, or contains scopes from multiple unrelated resources in a single token request.
Microsoft Entra ID returns `AADSTS90002` when the tenant identifier in the auth request cannot be found or resolved.
Azure AADSTS90093 is an administrative-approval failure. It indicates that the application is requesting high-privilege API scopes, such as `Directory.Read.All`, or that tenant policy forbids standard users from granting consent to any applications.
Microsoft Entra or Microsoft Graph returns user-not-found responses when the referenced user object cannot be resolved in the active tenant.
Azure returns `AllocationFailed` when the target cluster or region cannot provide the requested VM size/capacity at deployment time.
Azure Resource Manager returns `AuthorizationFailed` when ARM knows who the caller is, but that caller cannot perform the exact `Microsoft.*` action at the evaluated scope.
Azure BadRequest means ARM or a resource provider accepted the request envelope but rejected the rendered payload, parameter values, API-version shape, or nested deployment input as invalid.
Azure BlobNotFound means the container resolved, but the exact blob name, version, or snapshot requested does not exist at that address.