53003 Access has been blocked due to conditional access policies.
65001 Application X doesn't have permission to access application Y or the permission has been revoked. Or The user or administrator has not consented to use the application with ID X. Send an interactive authorization request for this user and resource. Or The user or administrator has not consented to use the application with ID X. Send an authorization request to your tenant admin to act on behalf of the App : Y for Resource : Z.
50155 Device authentication failed for this user.
50097 Device Authentication Required - DeviceId -DeviceAltSecId claims are null OR no device corresponding to the device identifier exists.
50129 Device is not Workplace joined - Workplace join is required to register the device.
50158 External security challenge was not satisfied.
50089 Flow token expired - Authentication Failed. Have user try signing-in again with username -password.
50173 Fresh auth token is needed. Have the user re-sign using fresh credentials.
50055 Invalid password, entered expired password.
50126 Invalid username or password or Invalid on-premise username or password.
500121 Authentication failed during strong authentication request.
50088 Limit on telecom MFA calls reached. Please try again in a few minutes.
16000 Either multiple user identities are available for the current request or selected account is not supported for the scenario.
530003 Your device is required to be managed to access this resource
160011 Selected user account was invalid.
90072 User account '{user}' from identity provider '{idp}' does not exist in tenant '{tenant}' and cannot access the application '{application}'({appName}) in that tenant. The account needs to be added as an external user in the tenant first. Sign out and sign in again with a different Azure Active Directory user account
530021 Application does not meet the conditional access approved app requirements.
501314 Silent interrupt required to recognize browser capabilities. Used to differentiate between Safari running in iPadOS or Mac.
50014 The user's redemption is in a pending state. The guest user account is not fully created yet.
500581 Rendering JavaScript. Fetching sessions for single-sign-on on V2 with prompt=none requires javascript to verify if any MSA accounts are signed in.
90095 Actual message content is runtime specific. Please see returned exception message for details.
530002 Your device is required to be compliant to access this resource.
16003 The user account does not exist in the directory or the user hasn't been explicitly added to the tenant. To sign into this application, the account must be added to the directory.
500881 Limit on telecom MFA calls reached. Please retry with PhoneAppNotification or try again in a few minutes.
9002325 Proof Key for Code Exchange is required for cross-origin authorization code redemption.
50199 For security reasons, user confirmation is required for this request. Please repeat the request allowing user interaction.
135011 Device used during the authentication is disabled.
7000112 Application '{appIdentifier}'({appName}) is disabled.
530001 Browser not supported.
140000 Request nonce is expired. Current time: {curTime}, expiry time of assertion {expTime}.
530033 Remote device flow blocked due to device based conditional access.
50201 This message prompt interrupt will be shown to the user during login when additional information should be provided to user.
50087 A transient error has occurred during strong authentication. Please try again.
530032 User blocked due to risk on home tenant.
50008 SAML assertion is missing or misconfigured in the token. Contact your federation provider.
50133 Session is invalid due to expiration or recent password change.
50058 The application tried to perform a silent sign in and the user could not be silently signed in. The application needs to start an interactive flow giving users an option to sign in. Contact app owner.
50011 The reply address is missing, misconfigured, or does not match reply addresses configured for the application. Try out the resolution listed at https://docs.microsoft.com/azure/active-directory/application-sign-in-problem-federated-sso-gallery#the-reply-address-does-not-match-the-reply-addresses-configured-for-the-application. If you still see issues, contact the application owner or app admin.
70044 The session has expired or is invalid due to sign-in frequency checks by conditional access.
50105 The signed in user is not assigned to a role for the signed in application. Assign the user to the application. For more information: https://docs.microsoft.com/en-us/azure/active-directory/application-sign-in-problem-federated-sso-gallery#user-not-assigned-a-role.
50140 This error occurred due to 'Keep me signed in' interrupt when the user was signing-in.
90014 Used in various cases when an expected field is not present in the credential.
50057 User account is disabled. The account has been disabled by an administrator.
50076 User did not pass the MFA challenge (non interactive).
50074 User did not pass the MFA challenge.
50059 User does not exist in directory. Contact your tenant admin.
50020 User is unauthorized - unable to issue tokens because of version issue - issuer name is not specified - problems with issuer name (null -max length). Contact the app owner.
50079 User needs to enroll for second factor authentication.
50072 Users' needs to enroll for second factor authentication (interactive).
50053 Sign-in was blocked because it came from an IP address with malicious activity