Forum Discussion
AADReporting failed non-interactive logins
Hi everyone,
recently we got some failed non-interactive logons for AADReporting for admin accounts
Anyone knows what could cause these errors?
wvkranenburg This most likely means the 'AADReporting' application is configured to use certificate based authentication, and there's something wrong with a certificate used somewhere along the line. Assuming you know who/what is trying to sign in to the AADReporting app, I'd start with checking if the proper cert is installed.
pvanberlothank you for taking the time to answer! As far as I am aware this AADReporting app is a first party Microsoft app, and though I can see for which users it is triggering these failed logons, in the Enterprise app properties I can not see any owners or users connected. Could it be some third party integration that uses this connection under the hood?
Is there any change of this being triggered with malicious intend?
wvkranenburg I've not seen 'AADReporting' show up anywhere yet, but of course I don't know everything 🙂
I'd be wary, if it's a third party app or an app registration added into your tenant, and an admin is trying to sign in and you're not aware of it, for all we know it could be something malicious. It could very well be an app which uses this under the hood to report on Azure AD, it could also be integration with a SIEM solution that uses it or something like that.
If I were you, I'd check the (Graph) API permissions the app supposedly has, and take action depending on those. Imagine the app was granted the Users.ReadWrite.All permission, I'd be very suspicious if the app is named "AADReporting".
- AADReporting is the type of application API for Microsoft Graph in which detect the sign-in attempts for the developers which has experiencing authentication issues , The portal is having issues getting an authentication token. The experience rendered may be degraded. Additional information from the call to get a token: Extension: Microsoft_Azure_ActivityLog Resource: microsoft.graph Details: AADSTS50013: Assertion failed signature validation. [Reason - The key was not found., Thumbprint of key used by client]
- Am I understanding you correctly that it is an internal MS portal has issues getting a token, or should I look for a third party graph API app having troubles?
