This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(313.6, 24%, 40%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EFP%3C/text%3E%3C/svg%3E)
hello I am trying to make a request to obtain the token "https://login.microsoftonline.com/organizations/oauth2/v2.0/token" where I have set all the various fields in the body, such as client_id, scope, username, password, client_secret and grant_type = password. However, I get this error: "AADSTS50076: Due to a configuration change made by your administrator, or because you moved to a new location, you must use multi-factor authentication to access", I tried to remove multi-factor authentication in Azure, but I noticed that it's not actually enabled, so it's like it's set by default, how can I fix it?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(204.8, 23%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAC%3C/text%3E%3C/svg%3E)
I get the same error trying to sign in with Visual Studio Code to sync the settings in cloud. The account I am using is enabled to use MFA in my work environment.
"AADSTS50076: Due to a configuration change made by your administrator, or because you moved to a new location, you must use multi-factor authentication to access '00000003-0000-0000-c000-000000000000'.
Trace ID: ....
Correlation ID: ....
Timestamp: 2023-08-10 07:23:22Z"
I have the same error message:
Invalid_grant: AADSTS50076: Due to a configuration change made by your administrator, or because you moved to a new location, you must use multi-factor authentication to access.
Strange message because multi-factor authentication is enabled and configured. But I do notice an error message in the console of the browser:
Failed to load resource: the server responded with a status of 400 (Bad Request), https://login.microsoftonline.com/be501e6b-bfb7-4e76-9d03-2c567ac6d8a6/oauth2/v2.0/token
When I follow the link I receive an other error:
AADSTS900561: The endpoint only accepts POST, OPTIONS requests. Received a GET request.
In the log I found the message that MFA was interrupted by the User, while I never received an MFA request. I guess the exception in the console is causing the interruption. Doesn't seem like something my administrator can fix?
Small extra note, in my case I am redirected to https://portal.azure.com.mcas.ms/#home, because defender is active. Could this be related?
We have the same problem. It started a couple of weeks ago. Before it worked fine.
We have 1Password SSO and get this error on Windows PCs. We don't get this error on iPhone using Edge browser.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(12.8, 22%, 11%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EM%3C/text%3E%3C/svg%3E)
Im seeing this same error, but from a terraform script that is trying to access a resource i created using my a/d login/pwd.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(60.8, 97%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMS%3C/text%3E%3C/svg%3E)
I have installed Azure AD Powershell.
To use it, I get credentials with e.g. $AzureAdCred = Get-Credential
I am prompted for userid and password. The 365 Identity / Enterprise applications sign-in log says these were accepted successfully. All apparently good so far.
I then try to connect using Connect-AzureAD -Credential $AzureAdCred and receive the AADSTS50076 error.
The 365 Identity / Enterprise Applications sign-in log says:
Status : Interrupted
Application: Azure Active Directory PowerShell
Additional Details: User needs to perform multi-factor authentication
However, the MSFT account has long had MFA switched on, but neither the Get-Credential nor the Connect-AzureAD gave an MFA prompt.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(51.2, 61%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EW6%3C/text%3E%3C/svg%3E)
I get this error when simply reading an item in MS Word Help about predictive text. After showing the associated help text for a couple of seconds, the Help panel switches to showing this error. Our organisation had MFA and I am properly logged on to MS Office/Word, so very weird to get this error.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(220.8, 37%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EWH%3C/text%3E%3C/svg%3E)
This is old, but legacy SharePoint authentication is credential based, and if MFA is required, it prevents legacy SharePoint auth from working. You can use PnP to get a clientContext that uses modern auth- https://pnp.github.io/powershell/cmdlets/Get-PnPContext.html
You'll need to authenticate first using the connect-pnponline command, and that needs to be set up with registering your application https://pnp.github.io/powershell/articles/registerapplication.html
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(153.6, 52%, 24%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJM%3C/text%3E%3C/svg%3E)
configurar acceso condicional si es que esta deshabilitada las politicas de seguridad predeterminada. se puede usar plantillas de seguridad y excluir a las cuentas de sistema como la que usas en Azure ad connect. tienen un nombre asi "On-Premises Directory Synchronization Service Account"
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(3.2, 10%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
This is indeed a nasty bug and because of this Microsoft Azure kept me me away for three days from subscription that I was given access to. This issue suddenly emerged. When everything was working fine, one fine day I just stopped getting notification to Microsoft Authenticator, without any reason!
Solution is you need your admin (in my case it was my client's admin) to revoke MFA for your user id.
Here the admin has to click on "Require re-register multifactor authentication" and "Revoke multifactor authentication sessions"
This is so bad on the part of Microsoft that they didn't even care to see if authenticator has received or not the notification (verification numbers) they sent to it!
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(83.2, 71%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDS%3C/text%3E%3C/svg%3E)
I had to login with my tenant Id to make this go away. Your tenant Id is in the Azure settings and you then pick your subscription.
az login --tenant (guid)