Summary
This article describes typical issues with managed tenants in Cayosoft Guardian and how to resolve them.
How to check health check results
Cayosoft Guardian regularly checks the health of its components and raises an alert if there is an issue detected. The health check alerts are global alerts that are visible to all users in a form of a banner with buttons.
To find the details of a specific health check:
- On the banner, press Health Check Results button.
- In the Check managed tenants action, go to Errors and warnings tab.
- Observe checked components and corresponding error messages.
How to resolve issues related to consent or credentials
Refresh token was revoked
Error message in change monitoring jobs:
An error occurred while authenticating to tenant <your tenant>.onmicrosoft.com. The provided grant has expired due to it being revoked, a fresh auth token is needed. The user might have changed or reset their password. The grant was issued on '<date and time>' and the TokensValidFrom date (before which tokens are not valid) for this user is '<date and time>'. Trace ID: <id> Correlation ID: <id> Timestamp: <date and time>.
<div class="undefined ">Failed to connect to Azure AD. Reason: An error occurred while authenticating to tenant <your tenant>.onmicrosoft.com. Due to a configuration change made by your administrator, or because you moved to a new location, you must use multi-factor authentication to access '<GUID>'. Trace ID: <ID> Correlation ID: <ID> Timestamp: <Date and time>
Repeat the Grant Access action using the connection credentials.</div>
Solution:
You need to re-grant consent for the credentials used for this tenant management. After completing this procedure, the account will receive a new token and jobs will continue to work:
- Navigate to Configuration > Management tenants, select the problem tenant and open its Properties.
- On Credentials tab, select credentials and double-click to open Properties.
- Click on Grant Access button.
- In Access to Azure AD form, click on Grant and provide valid credentials. Click Accept to complete the operation.
- Save.
General solution
The issues with consent or credentials might be associated with the connection account or Cayosoft Guardian application lacking permissions.
- In Azure Portal, check that the connection account has a Global Admin role.
- To re-grant consent, go to Configuration->Managed Tenants.
- Select the tenant and press Delete.
- Press Add and complete the wizard.
Comments
0 comments
Please sign in to leave a comment.