Perform the following actions:
Check if Identity Store is configured in the web console.
Check that the values provided during the configuration of Identity Store (Client id, Client Secret, Tenant name, Tenant id) in the web console match with your App Registration.
Verify that the appropriate API permissions are added and granted to your application. If you do not provide proper permissions to your App Registration, then Azure AD fails to authenticate the user.
Check if that specific logged-in user or a group is assigned to a specified App Role.