Fix AADSTS500014 - Exchange Service Principal Disabled

AADSTS500014 – Exchange Online Service Principal Disabled. Fix Disabled Service Principal for Outlook.office365.com

AADSTS500014: Exchange Online Service Principal Disabled - The service principal for a Microsoft 365 resource is disabled. This may indicate that a subscription has lapsed or the administrator has disabled the application.

This error occurs when Microsoft 365 is unable to issue a token for Outlook because the corresponding service principal is disabled in the tenant.


Cause:

  • The Outlook (Exchange Online) service principal is disabled
  • The tenant's Microsoft 365 subscription has lapsed
  • The application was manually disabled in Microsoft Entra ID (Azure AD)

Resolution

  1. Log into the affected customer's Microsoft 365 tenant as an administrator
  2. Go to Microsoft Entra ID> Enterprise Applications
  3. Search for Office 365 Exchange Online (this maps tohttps://outlook.office365.com)
  4. Click on the application, and open Properties
  5. Ensure enabled for users to sign in  is selected

If the tenant's subscription has expired, you may need to renew or re-assign licenses to restore access


If the service principal is missing entirely, Microsoft may need to restore it via a support request. You can also reference Microsoft Docs:

If you are unable to resolve the issue, contact support@sync365.app

    • Related Articles

    • AADSTS500571 – Guest User Account Disabled

      Error: AADSTS500571 – The guest user account is disabled This error typically happens when your named user account (used for delegated admin access) has been added to the customer tenant as a guest user — usually from SharePoint, OneDrive, or Teams ...

    • Master Index Page for Troubleshooting Microsoft 365 Errors

      Troubleshooting Microsoft 365 Errors If you've received an error in Sync 365 related to authentication, consent, token refresh, or license sync, use the links below to find the exact resolution. Authentication& MFA Errors AADSTS50078 – MFA expired ...

    • AADSTS135011 – Device Used During Authentication Is Disabled

      Error: AADSTS135011 – The device used during authentication is disabled This error occurs when the device associated with your delegated admin account in Entra ID (Azure AD) has been disabled or deleted. Cause: Microsoft links authentication tokens ...

    • The account does not have access to partner center

      Error: The account does not have access to partner center This can come up while trying to grant partner center consent. There are a couple reasons this can happen. When prompted to grant consent, ensure you tick the box to grant permissions for the ...

    • AADSTS53003 – Access Blocked by Conditional Access Policy

      Error: AADSTS53003 – Access has been blocked by Conditional Access policies. The policy does not allow token issuance. This error occurs when a Conditional Access policy in the customer tenant blocks access to the Sync 365 service principal or ...