Hero Banner

Microsoft Partner Network

Where Microsoft's CSP, MSP, SI, and ISV partners seek new opportunities and learn from each other

Level 1 Contributor

how to add resource group to azure subscription using multi-tenant app


I am seeking your help!

I created a customer tenant and added an azure subscription for that tenant, then I created a multi-tenant app and added its servicePrincipal to the Adminagents group,

when I used this servicePrincipal to create resource group under the customer's tenant using azure rest api I got this error:

'error': {

               'code': 'InvalidAuthenticationToken', 'message': 'The received access token is not valid: at least one                of the claims 'puid' or 'altsecid' or 'oid' should be present. If you are accessing as application                          please make sure service principal is properly created in the tenant.' }


Did you include Azure Management in the API permissions of this app? You might need to go through the authorization code flow again with your user after adding this.

Maybe it would be good to review your approach more thoroughly, if you are Silver or Gold Partner you can open a an Advisory request via https://aka.ms/technicalservices or directly via https://aka.ms/tpdmsform to get 1:1 guidance on this.





Kind regards, Janosch
Receive consultations via Technical Presales and Deployment Services team
Level 1 Contributor

Hi Janosch,

Yes, I have included Azure Service Management and still getting the same error.