PIM for Entra auth fails (AADSTS700007: The grant was issued for a different client id)

Microsoft removed FOCI support from Microsoft Azure CLI (04b07795-8ddb-461a-bbee-02f9e1bf7b46). As a result, token refresh to Managed Meeting Rooms (eb20f3e3-3dce-4d2c-b721-ebb8d4414067) fails. This prevents Entra PIM role assignments from being enumerated:

```
[Debug] Starting authentication: Action=Auth Purpose=PimforEntra AuthMethod=AuthCode BroCi=False
[*] Authenticating for PimforEntra using AuthCode
[*] Sending request to token endpoint
[!] Request Error:
[!] Error: invalid_grant
[!] Error Description: AADSTS700007: The grant was issued for a different client id. Trace ID: 7f2cdecb-66c8-4d20-b181-43ffb98c5700 Correlation ID: 930e91a8-63ba-48f5-960f-7b52a88e9685 Timestamp: 2026-01-26 19:08:31Z
[!] Aborting....
[!] PIM Data will not be collected
```

**Workaround**: Use the BroCi auth flow: `.\run_EntraFalcon.ps1 -BroCi`



Provide feedback

Saved searches

Use saved searches to filter your results more quickly

PIM for Entra auth fails (AADSTS700007: The grant was issued for a different client id) #6

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

PIM for Entra auth fails (AADSTS700007: The grant was issued for a different client id) #6

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions