Oath with Azure AD Setup Trouble

We are trying to setup Oath with Azure AD but running into issues getting that to work. Our OSS instance is hosted on our AWS Linux instance.

Our config looks like this:

[auth.azuread]
name = Azure AD
enabled = true
allow_sign_up = true
client_id = ourID
client_secret = oursecret
scopes = openid email profile
auth_url = OAuth 2.0 authorization endpoint (v2) URL
token_url = OAuth 2.0 token endpoint (v2) URL
allowed_domains = ourdomain
allowed_groups = our azure ad security group object id
role_attribute_strict = false

Our redirect URI is: https://monitoring.domain.com:3000/login/azuread

Are these all correct? Do we need to set a root URL?
We are receiving this error when trying to sign in with Microsoft
Sign in

Sorry, but we’re having trouble signing you in.
AADSTS50011: The redirect URI ‘https://localhost:3000/login/azuread’ specified in the request does not match the redirect URIs configured for the application ‘id’. Make sure the redirect URI sent in the request matches one added to your application in the Azure portal.

grafana version? Other basic details?

also try increasing the verbosity of the Grafana server logs to debug and note any errors. For printing to console, set the console logs to debug as well.