diff --git a/src/deployment/registration.py b/src/deployment/registration.py
index 827741119..8089ffaab 100644
--- a/src/deployment/registration.py
+++ b/src/deployment/registration.py
@@ -5,6 +5,7 @@
 
 import argparse
 import logging
+import re
 import time
 import urllib.parse
 from datetime import datetime, timedelta
@@ -85,15 +86,16 @@ OperationResult = TypeVar("OperationResult")
 
 
 def retry(
-    operation: Callable[[], OperationResult],
+    operation: Callable[[Any], OperationResult],
     description: str,
     tries: int = 10,
     wait_duration: int = 10,
+    data: Any = None,
 ) -> OperationResult:
     count = 0
     while True:
         try:
-            return operation()
+            return operation(data)
         except GraphQueryError as err:
             error = err
             # modeled after AZ-CLI's handling of missing application
@@ -279,7 +281,7 @@ def create_application_registration(
 def add_application_password(
     app_object_id: UUID, subscription_id: str
 ) -> Tuple[str, str]:
-    def create_password() -> Tuple[str, str]:
+    def create_password(data: Any) -> Tuple[str, str]:
         password = add_application_password_impl(app_object_id, subscription_id)
         logger.info("app password created")
         return password
@@ -384,18 +386,36 @@ def authorize_application(
 
         onefuzz_app_id = onefuzz_app["id"]
 
-        def add_preauthorized_app() -> None:
-            query_microsoft_graph(
-                method="PATCH",
-                resource="applications/%s" % onefuzz_app_id,
-                body={
-                    "api": {
-                        "preAuthorizedApplications": preAuthorizedApplications.to_list()
-                    }
-                },
-            )
+        def add_preauthorized_app(app_list: List[Dict]) -> None:
+            try:
+                query_microsoft_graph(
+                    method="PATCH",
+                    resource="applications/%s" % onefuzz_app_id,
+                    body={"api": {"preAuthorizedApplications": app_list}},
+                )
+            except GraphQueryError as e:
+                m = re.search(
+                    "Property PreAuthorizedApplication references "
+                    "applications (.*) that cannot be found.",
+                    e.message,
+                )
+                if m:
+                    invalid_app_id = m.group(1)
+                    if invalid_app_id:
+                        for app in app_list:
+                            if app["appId"] == invalid_app_id:
+                                logger.warning(
+                                    f"removing invalid id {invalid_app_id} for the next request"
+                                )
+                                app_list.remove(app)
 
-        retry(add_preauthorized_app, "authorize application")
+                raise e
+
+        retry(
+            add_preauthorized_app,
+            "authorize application",
+            data=preAuthorizedApplications.to_list(),
+        )
     except AuthenticationError:
         logger.warning("*** Browse to: %s", FIX_URL % onefuzz_app_id)
         logger.warning("*** Then add the client application %s", registration_app_id)