Low severityauthentication
Power BI Error:
AADSTS90099
What does this error mean?
A partner delegated admin tried to use an app in a customer tenant where it has not been pre-consented or authorized.
Common causes
- 1The customer (external) tenant has not granted pre-consent to the calling application
- 2The app was not authorized through the Partner Center 'Granular Delegated Admin Privileges' (GDAP) flow
- 3A CSP partner is using delegated admin permissions for an app that was never registered as a multi-tenant app in the customer tenant
- 4Required API permissions on the application were changed but the customer tenant has not re-consented
- 5The signed-in partner user lacks an active GDAP relationship with the customer tenant for the requested roles
How to fix it
- 1Confirm whether the call is being made under a partner delegated admin (CSP/GDAP) context — AADSTS90099 only fires in that flow; if not, the app is being called against the wrong tenant
- 2In the customer tenant, have a Global Administrator pre-consent the application: Entra ID (Azure AD) → Enterprise applications → grant admin consent for the app's required permissions
- 3If you are a CSP partner, call the Partner Center API (or use the Partner Center portal) to authorize the application against the customer tenant under your GDAP relationship
- 4Verify the GDAP relationship between the partner tenant and the customer tenant is active and includes the roles needed by the app's permissions
- 5Re-acquire the token after consent has propagated (can take a few minutes) and retry the original request