How to find "forbidden" messages for applications in Entra ID?

Bronze Contributor


I thought to ask from here, but which different log methods Entra ID offers for troubleshooting login issues? In my case, I have had an application running on the VMs in Entra and it has been working fine. They are using the client secrets from the application registration to accessing Entra.


Last Monday was the latest day when that application was working, and since then the app logs on the VMs are full of forbidden messages when it is trying to access to


The challenge I have is, I cannot find that forbidden message from anywhere on Entra logs? I can only see those "success" before Monday when the application has been working. But I'm a bit lost from where I should try to find those forbidden information? The client secrets are fine from the portal point of view.


This have something to do with token, as part of the forbidden error it says:

MSAL: Token Acquisition 1004 failed.


But the question is, what log in Entra I should be using to find this issue?


No, nothing has change :D

As usually :D

2 Replies

@Petri X 


Are you using AAD for integration? If yes, may check on sig-on logs


Wishing to see it is that easy :) As I wrote, I can see the success lines, but then silence. I have tried to use with application name, which was working for those successfully lines.

Perhaps I need to search that by the IP-address instead.