Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Bug(?) with Microsoft 365 mailbox integration

Vilius Šumskas
Vilius Šumskas
Contributor
June 26, 2025

Does anybody know how technically exactly Jira Service Management integrates with Microsoft 365 mailboxes? Which OAuth grant type is used and if it somehow tied to the machine the integration was set-up the first time?

We had a custom email address configured for at least couple of years now. It worked perfectly fine to this day, but today it started to produce Connection access token retrieval errors until it was rate limited by Jira itself. On Microsoft side the audit log for the mailbox said:

Failure reason: Device object was not found in the tenant '{tenantName}' directory.
Additional Details: Invalid grant due to the following reasons: - Requested SAML 2.0 assertion has invalid Subject Confirmation Method - Application On-Behalf-Of flow is not supported on V2 - Primary refresh token is not signed with session key - Invalid external refresh token - The access grant was obtained for a different tenant

The only thing that changed exactly at the same time errors started to appear was that my own PC was reinstalled and rejoined to Microsoft Azure AD. This is the same PC I set-up Microsoft email integration in Jira Service Management from.

Is this a bug or known limitation?

Answer
Watch
Like Be the first to like this
51 views

1 answer

0 votes
Marc - Devoteam
Marc - Devoteam
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
June 27, 2025

HI @Vilius Šumskas 

This error relates to to the Jira device object is not found or has been deleted from your Azure Tenant Entra ID, this is not an issue on the Jira side.

https://learn.microsoft.com/en-us/troubleshoot/entra/entra-id/app-integration/error-code-aadsts700003-device-object-not-found 

https://support.atlassian.com/jira/kb/failure-to-connect-to-office365-mail-box-due-to-aadsts700003-device-object-was-not-found-in-the-tenant/ 

View More Comments
Vilius Šumskas
Vilius Šumskas
Contributor
June 27, 2025

Yes I understand that the cause of the issue is that device object on MS side is deleted, but that's not the question I was asking.

The question is why the integration depends on some device object? Such integration should not be tied to any one user device. It's an integration between MS and Jira itself, not between MS, Jira and my PC. My PC doesn't even have that mailbox configured.

It's clearly something buggy on the OAuth implementation side.

 

Like
Marc - Devoteam
Marc - Devoteam
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
June 27, 2025

Hi @Vilius Šumskas 

Your PC has nothing to do with the integration

Entra ID uses this in its terminology, this is not your device. The Device ID is an ID 

So don't read the word device as your PC.

"A device identity is an object in Microsoft Entra ID. This device object is similar to users, groups, or applications. A device identity gives administrators information they can use when making access or configuration decisions."

Like
Vilius Šumskas
Vilius Šumskas
Contributor
June 27, 2025

Device ID is exactly that, a pointer to the Computer/Mobilephone/Tablet/whatever object in the Entra (ex-Azure AD).

I have confirmed that M365 email integration in JSM is tied to the device you are configuring integration with a few moment ago. Steps to reproduce:

1. Install Windows VM and connect it to Entra ID.

2. Setup JSM custom email mailbox.

3. Go to MS Entra Portal and delete Windows VM object.

Result: JSM email integration stops working.

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira Service Desk
Jira Service Management
DEPLOYMENT TYPE
CLOUD
PRODUCT PLAN
STANDARD
PERMISSIONS LEVEL
Product Admin
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Notice at Collection Terms Security