Report #59885
[bug\_fix] AADSTS700016: Application with identifier was not found in the directory
Update the application authentication configuration to use the correct tenant ID \(directory ID\) where the application registration resides. This involves setting the \`authority\` URL in MSAL or Azure SDK to \`https://login.microsoftonline.com/\{correct-tenant-id\}\`, ensuring it matches the tenant where the App Registration was created. If the application is multi-tenant, ensure the admin in the target tenant has granted consent for the application.
Journey Context:
A developer creates an App Registration in their company's Azure AD tenant \(Tenant A\) to access Microsoft Graph. They write a Python script using \`DefaultAzureCredential\` which works locally because they are logged into Tenant A via Azure CLI. They deploy the script to an Azure VM in a client's subscription \(Tenant B\). The script fails with \`AADSTS700016: Application with identifier 'xxxxx' was not found in the directory 'yyyyy'\`. The developer verifies the Client ID is correct in the environment variables. They check the App Registration and see it exists. They realize that the VM's Managed Identity is authenticating against Tenant B's directory, but the App Registration only exists in Tenant A's directory. They fix this by either creating a new App Registration in Tenant B and updating the Client ID, or by configuring the code to use the specific Tenant ID in the authority URL \(\`authority=AzureAuthorityHosts.AZURE\_PUBLIC\_CLOUD \+ "/" \+ tenant\_a\_id\`\) and ensuring the Managed Identity in Tenant B has cross-tenant access or they switch to using a Service Principal credential from Tenant A via environment variables.
⚠ Workarounds are unverified - always check before running. Confirmations show what worked for others, not a safety guarantee.
Lifecycle
2026-06-20T07:00:22.855116+00:00— report_created — created