diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/microsoft-graph-security-api-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/microsoft-graph-security-api-source.md
index 69eb45ffb7..7462bb7fcb 100644
--- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/microsoft-graph-security-api-source.md
+++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/microsoft-graph-security-api-source.md
@@ -133,9 +133,16 @@ https://github.com/SumoLogic/sumologic-documentation/blob/main/static/files/c2c/
 ```sh reference
 https://github.com/SumoLogic/sumologic-documentation/blob/main/static/files/c2c/microsoft-graph-security-api/example.tf
 ```
+## Troubleshooting
+
+### 403 Error with "Account is not provisioned"
+
+
+The "**Unauthorized request - Account is not provisioned**" error occurs when Microsoft Defender For Cloud hasn't started collecting alerts. This issue is explained [here](https://stackoverflow.com/questions/79380921/microsoft-graph-api-security-alerts-v2-gives-error-unauthorized-request-acco). Make sure to go to your Microsoft Defender for Cloud account, click on **Incidents** and then **Alerts**. If it's the first time, you will see a screen loading the information. Once you see the list of alerts screen, restart your source and you should no longer see the error.
 
 ## FAQ
 
+
 :::info
 Click [here](/docs/c2c/info) for more information about Cloud-to-Cloud sources.
 :::