I have recently been working on a Multi-tenant Web Application that makes use of delegated permissions. After developing the application for a while I found that I needed to add another delegated permission to the application which I did using the normal methods. However, when I tried to make use of the new delegated permission with the test user I had been using for a while I didn’t get prompted for the application’s consent as I did originally and I ran into the error:
Its not very clear fromt he documentation that adding an ACL also affects internal virtual network communications as well as external endpoint access on the port defined. For Example: If you have two machines in different services connected via the same virtual network and are using the internal subnet IP for communication, the ACL will be applied to the traffic on the internal IP aswell as the external IP/Endpoint you apply it to, even if your not accessing the port via the external IP/endpoint.