"AADSTS700003: Device object was not found in the tenant" issue started since the beginning of September about azure-activedirectory-library-for-java HOT 3 CLOSED

Hi @slavag, there have been no changes in the library, so I suspect this might be related to changes happening on the service. Could you please share the configuration values for applications where you are seeing issues so we can investigate further? Value for authority, tenant id, client id, and resource would be a good start. Feel free to email them via email to sagonzal @ microsoft if you would like to avoid posting that information here.

from azure-activedirectory-library-for-java.

@sangonzal Thanks, will send you in private.

from azure-activedirectory-library-for-java.

Discussed via email. Posting answer here in case anyone runs into this issue in the future:

The AAD service has shipped a security fix to validate that a device that matches the deviceId claim from a token is actually read from directory and is enabled irrespective of device based conditional access policies.

The reason that the tokens are rejected is because the presence of the deviceId claim indicates a binding to that device and when this device is not found in the directory it indicates a revocation action where the device was deleted or disabled and tokens for that device will no longer be valid.

You can either:

• Work with the tenant administrator to get the device record restored https://docs.microsoft.com/en-us/azure/active-directory/devices/device-management-azure-portal#device-management-tasks",
• Acquire a new set of tokens, including a new refresh token.

from azure-activedirectory-library-for-java.