Hi 

I think you're referring to Azure AD LOGIN, right? 

And if you are getting a 503 unavailable .... that generally means there is a network boundary somewhere that is preventing access from Apigee into that URL.  

From what you've described, I think that the Azure AD login endpoint is not the issue. It is unchanged, right?  You can reach it from Apigee trial, but not from "your AWS Apigee", right? 

Since the Azure login API is not changed, then... it is probably not the Azure login API that is the problem. 

You can reach it from Apigee trial, which means the Azure login API endpoint is accessible from the Internet.

You cannot reach it (get 503 unavailable) from "your AWS Apigee". What exactly is your AWS Apigee?  Is that an OPDK system? 

If you are hosting your own Apigee OPDK in AWS, then.... it sounds to me that the reason for the 503 unavailable is, you haven't configured the AWS EC2 systems to allow outbound internet access.

Is your AWS Apigee an OPDK setup in VPC? if its the case you may need to clear the network blockages like firewall and things.

@dchiesa1  @sillan_dt 

Yes we have our apigee setup in VPC also we have configured AWS EC2 systems to allow outbound internet access. We are getting responses from other services.

Also If I hit same login URL ( https://login.microsoftonline.com/{tenant_id}/oauth2/v2.0/token)from AWS terminal it is giving me response.

But when I try to call it via apigee proxy it is  giving service unavailable error. 

@Ajitav  So I tested actual https://login.microsoftonline.com/{tenant_id}/oauth2/v2.0/token 

from message processor terminal I got correct response. But when I use my apigee proxy URL to test it I got 503 error.