This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(124.80000000000001, 56.00000000000001%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKG%3C/text%3E%3C/svg%3E)
Hi Team,
The power shell command to set maximum devices per user is giving below error
code:
$pscredential = New-Object System.Management.Automation.PSCredential($userName, $userPassword)
Connect-MSOlService -Credential $pscredential
Set-MsolDeviceRegistrationServicePolicy -MaximumDevicesPerUser 1 -ErrorAction Stop
Error:
Failed to update maximum devices per user, Error:Microsoft.IdentityModel.Clients.ActiveDirectory.AdalException: user_interaction_required: One of two conditions was encountered: 1.
The PromptBehavior.Never flag was passed, but the constraint could not be honored, because user interaction was required. 2. An error occurred during a silent web authentication tha
t prevented the http authentication flow from completing in a short enough time frame
at Microsoft.IdentityModel.Clients.ActiveDirectory.Internal.Platform.WebUI.<AcquireAuthorizationAsync>d__20.MoveNext() in D:\a\1\s\src\Microsoft.IdentityModel.Clients.ActiveDirec
tory\Platforms\net45\WebUI.cs:line 102
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.IdentityModel.Clients.ActiveDirectory.Internal.Flows.AcquireTokenInteractiveHandler.<AcquireAuthorizationAsync>d__15.MoveNext() in D:\a\1\s\src\Microsoft.IdentityMod
el.Clients.ActiveDirectory\Internal\Flows\AcquireTokenInteractiveHandler.cs:line 178
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.IdentityModel.Clients.ActiveDirectory.Internal.Flows.AcquireTokenInteractiveHandler.<PreTokenRequestAsync>d__14.MoveNext() in D:\a\1\s\src\Microsoft.IdentityModel.Cl
ients.ActiveDirectory\Internal\Flows\AcquireTokenInteractiveHandler.cs:line 165
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.IdentityModel.Clients.ActiveDirectory.Internal.Flows.AcquireTokenHandlerBase.<RunAsync>d__60.MoveNext() in D:\a\1\s\src\Microsoft.IdentityModel.Clients.ActiveDirecto
ry\Internal\Flows\AcquireTokenHandlerBase.cs:line 241
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext.<AcquireTokenCommonAsync>d__42.MoveNext() in D:\a\1\s\src\Microsoft.IdentityModel.Clients.ActiveDirectory
\AuthenticationContext.cs:line 608
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext.<AcquireTokenAsync>d__34.MoveNext() in D:\a\1\s\src\Microsoft.IdentityModel.Clients.ActiveDirectory\Authe
nticationContext.cs:line 442
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.Online.Administration.Automation.CommonFiles.AuthManager.GetAdrsAuthenticationHeader() in X:\bt\1225946\repo\src\dev\PowerShell.V1\modules\psmodule\CommonFiles\AuthM
anager.cs:line 244
at Microsoft.Online.Administration.Automation.SetDeviceRegistrationServicePolicy.ProcessRecord() in X:\bt\1225946\repo\src\dev\PowerShell.V1\modules\psmodule\Cmdlets\DeviceRegist
rationServiceCmdlets.cs:line 224
ErrorCode: user_interaction_required
It was working a week ago but now we are facing this error.
Kindly help on resolving this.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(44.800000000000004, 78%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESG%3C/text%3E%3C/svg%3E)
@Krupa Gundraju (Larsen & Toubro Infotech Limit)
As mentioned above you will have to set " Devices | Device settings | Require Multi-Factor Authentication to register or join devices with Azure AD" to "No" to fix this issue.
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.
This looks like an authentication issue, and likely because MFA is required. Instead of passing credentials, try connecting via Connect-MsolService without providing any parameters.
In any case, as the MSOnline module is on a deprecation path, consider using the Graph API instead to update the policy: https://learn.microsoft.com/en-us/graph/api/resources/deviceregistrationpolicy?view=graph-rest-beta&viewFallbackFrom=graph-rest-1.0
@Vasil Michev without providing any param I tried connecting Connect-MsolService and now the error is
Set-MsolDeviceRegistrationServicePolicy : AADSTS50072: Due to a configuration change made by your administrator, or because you moved to a new location, you must enroll in
multi-factor authentication to access 'XXX'. what change could cause this issue? I can revert that particular configuration and test.
We need to automate it priorly using power shell without interactive mode. Is it possible?
Not sure how come it was working a week ago and now it throws error.
Just login in a normal browser window with said user and complete the MFA registration process. As long as you don't force MFA on each login, you will then be able to pass credentials.
Hi @Vasil Michev , MFA is not enabled on this account, and we are able to login with just username and password. but still I can see this error even I tried by not passing any parameters to Connect-MSOlService and authentication is successful, but the command is giving
Set-MsolDeviceRegistrationServicePolicy : AADSTS50072: Due to a configuration change made by your administrator, or because you moved to a new location, you must enroll in
multi-factor authentication to access 'XXXXX'.
The same command was able to set max devices per user but now it's not working.
All I can tell you is that it works as expected here. And given that the error message you're getting strongly suggests something related to authentication/CA policies/MFA, going over the enrollment process might solve it for you.
The issue here was with Devices | Device settings | Require Multi-Factor Authentication to register or join devices with Azure AD. post setting this to 'no' it is working as expected.
@Krupa Gundraju (Larsen & Toubro Infotech Limit)
Great that you were able to resolve the issue by turning off the setting "Require Multi-Factor Authentication to register or join devices with Azure AD" in Device settings.
As Microsoft Q&A platform doesn't allow you to accept your own answer, I will be posting this as an answer below. Please accept the answer as this will be helpful to other community members reading this thread.