How to Fix AADSTS500011: Resource principal named <name> was not found in the tenant
Error message
AADSTS500011: The resource principal named '<name>' was not found in the tenant named '<tenant>'.
If you're seeing "AADSTS500011: Resource principal named <name> was not found in the tenant", you're not alone. Here's what it means, why it happens, and the steps to resolve it.
What this error means
The token request asked for an audience/resource (API) that has no service principal in this tenant, so Entra has nothing to issue a token for.
Why this happens
Common causes: requested resource string is wrong (typo or stale GUID), the API's service principal was deleted from the tenant, or the API is multi-tenant but hasn't been provisioned via consent in this tenant yet.
Step-by-step fix
Confirm the resource value being requested. For Microsoft Graph it should be `https://graph.microsoft.com` or its app ID `00000003-0000-0000-c000-000000000000`.
Look for the resource service principal in this tenant.
commandGet-MgServicePrincipal -Filter "appId eq '<resource-app-id>'"If it's missing, an admin can provision it by visiting an admin-consent URL for that resource, or by running:
commandNew-MgServicePrincipal -AppId '<resource-app-id>'
Affected products
Entra ID
Still broken? Try these
- If the resource is a third-party SaaS, ask their admin to share an admin-consent URL.
- Confirm the token endpoint URL targets the correct tenant ID.
- Verify scope/resource format — v1 endpoints use a resource URI, v2 endpoints use scopes ending in /.default.
Related errors
Frequently asked questions
What does "AADSTS500011: Resource principal named <name> was not found in the tenant" mean?
The token request asked for an audience/resource (API) that has no service principal in this tenant, so Entra has nothing to issue a token for.
What causes "AADSTS500011: Resource principal named <name> was not found in the tenant"?
Common causes: requested resource string is wrong (typo or stale GUID), the API's service principal was deleted from the tenant, or the API is multi-tenant but hasn't been provisioned via consent in this tenant yet.
How do I fix "AADSTS500011: Resource principal named <name> was not found in the tenant"?
1. Confirm the resource value being requested. For Microsoft Graph it should be `https://graph.microsoft.com` or its app ID `00000003-0000-0000-c000-000000000000`. 2. Look for the resource service principal in this tenant. 3. If it's missing, an admin can provision it by visiting an admin-consent URL for that resource, or by running: Always test changes in a non-production environment first.
Browse more errors in Entra ID: Fix Microsoft Entra ID (Azure AD) errors. AADSTS error codes, admin consent, app role assignment, Conditional Access, and user lookup problems. Or paste your own error into the error decoder tool to find a match. You can also go back to the homepage to browse common errors by topic.