Version: 1.3.0

AAD Error Code

Enrich ASIM Compatible

Synopsis

Converts Azure Active Directory (AAD) error codes to human-readable error descriptions using ASIM lookup logic.

Schema

- aad_errcode:
    description: <text>
    field: <ident>
    target_field: <ident>
    if: <script>
    ignore_failure: <boolean>
    ignore_missing: <boolean>
    on_failure: <processor[]>
    on_success: <processor[]>
    tag: <string>

Configuration

The following fields are used to define the processor:

Field	Required	Default	Description
`field`	Y		Field containing the AAD error code
`target_field`	N	Same as `field`	Field to store the error description
`description`	N	-	Explanatory notes
`if`	N	-	Condition to run
`ignore_failure`	N	`false`	See Handling Failures
`ignore_missing`	N	`false`	Continue processing if the field is missing
`on_failure`	N	-	See Handling Failures
`on_success`	N	-	See Handling Success
`tag`	N	-	Identifier

Details

The processor accepts error codes in various formats (string, integer, float) and converts them to standardized error descriptions. It uses ASIM-compatible error categorization:

Authentication failed - Invalid credentials or authentication errors
No such user or password - User not found or invalid password
User locked - Account locked due to security policies
Password expired - Password needs to be reset
User disabled - Account has been disabled
Logon violates policy - Access blocked by security policies
Device not compliant - Device doesn't meet compliance requirements

If an error code is not recognized, it returns "Unassigned".

info

This processor is designed specifically for Azure Active Directory error codes. It may not be suitable for other authentication systems or identity providers.

warning

The error code mappings are based on commonly documented AAD error codes. Microsoft may introduce new error codes or change existing ones, which would require updating the processor's lookup table.

Examples

Basic Usage

Convert a numeric AAD error code...	`{ "error_code": 50126 }` `- aad_errcode: field: error_code`
to a human-readable description:	`{ "error_code": "No such user or password" }`

Using Target Field

Store the description in a separate field...	`{ "aad_error": "50053" }` `- aad_errcode: field: aad_error target_field: error_description`
while preserving the original code:	`{ "aad_error": "50053", "error_description": "User locked" }`

Authentication Errors

Common authentication failure codes...	`{ "login_error": 50012 }` `- aad_errcode: field: login_error target_field: auth_result`
are mapped to standard descriptions:	`{ "login_error": 50012, "auth_result": "Authentication failed" }`

Password-related error codes...	`{ "error_id": "50144" }` `- aad_errcode: field: error_id`
are categorized appropriately:	`{ "error_id": "Password expired" }`

Conditional Access Errors

Conditional access violations...	`{ "access_error": 53000 }` `- aad_errcode: field: access_error target_field: compliance_status`
indicate device compliance issues:	`{ "access_error": 53000, "compliance_status": "Device not compliant" }`

B2C Error Codes

Azure AD B2C specific errors...	`{ "b2c_error": "AADB2C90118" }` `- aad_errcode: field: b2c_error target_field: user_action`
are also supported:	`{ "b2c_error": "AADB2C90118", "user_action": "User password reset requested" }`

Unknown Error Codes

Unrecognized error codes...	`{ "unknown_error": 99999 }` `- aad_errcode: field: unknown_error`
default to "Unassigned":	`{ "unknown_error": "Unassigned" }`

Synopsis​

Schema​

Configuration​

Details​

Examples​

Basic Usage​

Using Target Field​

Authentication Errors​

Password Related Errors​

Conditional Access Errors​

B2C Error Codes​

Unknown Error Codes​