Error connecting InsightConnect with Microsoft Teams

ichani · November 25, 2024, 4:49am

I have completed the configuration steps and connected to Microsoft Teams. However, when I attempt to connect to Teams, the error shown below appears
Time Now: 1732507284.3262608
Time Ago: 0
Refreshing auth token
Updating Auth Token…
Getting token from: https://login.microsoftonline.com/180ab710-0bdd-4b1b-ae46-97b2f7be6bd6/oauth2/token
An error occurred during plugin execution!

Authentication to Microsoft Graph failed. Some common causes for this error include an invalid username, password, or connection settings.Verify you are using the correct domain name for your user, and verify that user has access to the target tenant. Verify you can log into Office365 with the user account as well.
The result returned was:
{“error”:“interaction_required”,“error_description”:“AADSTS50076: Due to a configuration change made by your administrator, or because you moved to a new location, you must use multi-factor authentication to access ‘00000003-0000-0000-c000-000000000000’. Trace ID: c1c9f98e-d82f-42ca-a98a-39f391266800 Correlation ID: 000c96ea-b062-46b0-a178-6350fb5e61af Timestamp: 2024-11-25 04:01:24Z”,“error_codes”:[50076],“timestamp”:“2024-11-25 04:01:24Z”,“trace_id”:“c1c9f98e-d82f-42ca-a98a-39f391266800”,“correlation_id”:“000c96ea-b062-46b0-a178-6350fb5e61af”,“error_uri”:“https://login.microsoftonline.com/error?code=50076",“suberror”:"basic_action”} Response was: 400 Client Error: Bad Request for url: https://login.microsoftonline.com/180ab710-0bdd-4b1b-ae46-97b2f7be6bd6/oauth2/token
Traceback (most recent call last):
File “/usr/local/lib/python3.8/site-packages/microsoft_teams_rapid7_plugin-4.2.0-py3.8.egg/icon_microsoft_teams/connection/connection.py”, line 54, in get_token
result.raise_for_status()
File “/usr/local/lib/python3.8/site-packages/requests-2.26.0-py3.8.egg/requests/models.py”, line 953, in raise_for_status
raise HTTPError(http_error_msg, response=self)
requests.exceptions.HTTPError: 400 Client Error: Bad Request for url: https://login.microsoftonline.com/180ab710-0bdd-4b1b-ae46-97b2f7be6bd6/oauth2/token

The above exception was the direct cause of the following exception:

Traceback (most recent call last):
File “/usr/local/lib/python3.8/site-packages/insightconnect_plugin_runtime-4.7.6-py3.8.egg/insightconnect_plugin_runtime/plugin.py”, line 376, in handle_step
output = self.start_step(
File “/usr/local/lib/python3.8/site-packages/insightconnect_plugin_runtime-4.7.6-py3.8.egg/insightconnect_plugin_runtime/plugin.py”, line 461, in start_step
connection = self.connection_cache.get(message_body[“connection”], logger)
File “/usr/local/lib/python3.8/site-packages/insightconnect_plugin_runtime-4.7.6-py3.8.egg/insightconnect_plugin_runtime/connection.py”, line 49, in get
conn.connect(parameters)
File “/usr/local/lib/python3.8/site-packages/microsoft_teams_rapid7_plugin-4.2.0-py3.8.egg/icon_microsoft_teams/connection/connection.py”, line 32, in connect
self.check_and_refresh_api_token()
File “/usr/local/lib/python3.8/site-packages/microsoft_teams_rapid7_plugin-4.2.0-py3.8.egg/icon_microsoft_teams/connection/connection.py”, line 78, in check_and_refresh_api_token
self.get_token()
File “/usr/local/lib/python3.8/site-packages/microsoft_teams_rapid7_plugin-4.2.0-py3.8.egg/icon_microsoft_teams/connection/connection.py”, line 56, in get_token
raise PluginException(
insightconnect_plugin_runtime.exceptions.PluginException: An error occurred during plugin execution!

Authentication to Microsoft Graph failed. Some common causes for this error include an invalid username, password, or connection settings.Verify you are using the correct domain name for your user, and verify that user has access to the target tenant. Verify you can log into Office365 with the user account as well.
The result returned was:
{“error”:“interaction_required”,“error_description”:“AADSTS50076: Due to a configuration change made by your administrator, or because you moved to a new location, you must use multi-factor authentication to access ‘00000003-0000-0000-c000-000000000000’. Trace ID: c1c9f98e-d82f-42ca-a98a-39f391266800 Correlation ID: 000c96ea-b062-46b0-a178-6350fb5e61af Timestamp: 2024-11-25 04:01:24Z”,“error_codes”:[50076],“timestamp”:“2024-11-25 04:01:24Z”,“trace_id”:“c1c9f98e-d82f-42ca-a98a-39f391266800”,“correlation_id”:“000c96ea-b062-46b0-a178-6350fb5e61af”,“error_uri”:“https://login.microsoftonline.com/error?code=50076",“suberror”:"basic_action”} Response was: 400 Client Error: Bad Request for url: https://login.microsoftonline.com/180ab710-0bdd-4b1b-ae46-97b2f7be6bd6/oauth2/token
hhh

Please help me resolve this issue. Thank you very much

brandon_mcclure · November 25, 2024, 12:57pm

looks like you are being blocked by your MFA requirements.

ichani · November 26, 2024, 7:29am

Hi Brandon McClure,
Do you have instructions for disabling MFA? Could you please provide me with the guidance?
Thanks

ichani · November 26, 2024, 7:48am

I checked the status of MFA, and it is currently disabled. Please see the image below

gfrouin · November 26, 2024, 2:10pm

This image just tells you that you do not have MFA configured. I would suggest to check your conditional access policies to make sure you do not have a requirement for MFA.
I believe Microsoft started requiring admins to have MFA last year.

You will have to make an exception for this user. I would recommend adding an IP-based restriction in your MFA for this account in order to limit attack surface.

MS Learn: Require MFA for all users with Conditional Access - Microsoft Entra ID | Microsoft Learn

Eric-Wilson · November 27, 2024, 2:47pm

You might also try logging in as the user to make sure there is no MFA on the account and that there is no pending password change that needs to occur.