AADSTS50076:

Question

AADSTS50076:

Eleanor Delaney 0

{

"statusCode": 400,

"headers": {

"Cache-Control": "no-store, no-cache",

"Pragma": "no-cache",

"Strict-Transport-Security": "max-age=31536000; includeSubDomains",

"X-Content-Type-Options": "nosniff",

"P3P": "CP="DSP CUR OTPi IND OTRi ONL FIN"",

"x-ms-request-id": "06276611-9b07-4307-90a6-cb0066d80100",

"x-ms-ests-server": "2.1.20824.5 - SCUS ProdSlices",

"x-ms-srs": "1.P",

"Content-Security-Policy-Report-Only": "object-src 'none'; base-uri 'self'; script-src 'self' 'nonce-2bYaKS5y5orjXxhJcxrUUg' 'unsafe-inline' 'unsafe-eval' https://.msauth.net https://.msftauth.net https://.msftauthimages.net https://.msauthimages.net https://.msidentity.com https://.microsoftonline-p.com https://.microsoftazuread-sso.com https://.azureedge.net https://.outlook.com https://.office.com https://.office365.com https://.microsoft.com https://*.bing.com 'report-sample'; report-uri https://csp.microsoft.com/report/ESTS-UX-All",

"X-XSS-Protection": "0",

"Set-Cookie": "fpc=ArPrY6m8tktHowNg2X6y3qjjNfLtAQAAAKvjvt8OAAAA; expires=Thu, 19-Jun-2025 20:57:15 GMT; path=/; secure; HttpOnly; SameSite=None,x-ms-gateway-slice=estsfd; path=/; secure; samesite=none; httponly,stsservicecookie=estsfd; path=/; secure; samesite=none; httponly",

"Date": "Tue, 20 May 2025 20:57:15 GMT",

"Content-Type": "application/json; charset=utf-8",

"Expires": "-1",

"Content-Length": "635"

},

"body": {

"error": "invalid_grant",

"error_description": "AADSTS50076: Due to a configuration change made by your administrator, or because you moved to a new location, you must use multi-factor authentication to access '00000003-0000-0000-c000-000000000000'. Trace ID: 06276611-9b07-4307-90a6-cb0066d80100 Correlation ID: aaf737a1-23d2-42f7-9c03-cf1ec58dc57b Timestamp: 2025-05-20 20:57:15Z",

"error_codes": [

50076

],

"timestamp": "2025-05-20 20:57:15Z",

"trace_id": "06276611-9b07-4307-90a6-cb0066d80100",

"correlation_id": "aaf737a1-23d2-42f7-9c03-cf1ec58dc57b",

"error_uri": "https://login.microsoftonline.com/error?code=50076",

"suberror": "basic_action"

0 comments

2 answers

Your answer

Answer 1

Hi @Eleanor Delaney ,
This error: AADSTS50076: Due to a configuration change made by your administrator, or because you moved to a new location, you must use multi-factor authentication to access '00000003-0000-0000-c000-000000000000' indicates that your tenant now requires Multi-Factor Authentication (MFA) for the access scenario in use.

Since the resource in question ('00000003-0000-0000-c000-000000000000') is Microsoft Graph, it’s unlikely that you’re using the ROPC flow.

Recommended Actions:

Examine Sign-In Logs: To gain more insight into why this error is triggered, inspect the Azure AD sign-in logs. In particular, check the details associated with the correlation ID aaf737a1-23d2-42f7-9c03-cf1ec58dc57b to determine which Conditional Access policies were applied during the sign-in attempt.

Check Tenant Security Settings: Please review any recent changes to your tenant’s security policies in the Azure portal. Verify under Azure Active Directory > Security > Conditional Access as well as under Azure Active Directory > Properties > Manage Security Defaults if there are any policies enforcing MFA based on location, risk, or other factors.

If the above answer was helpful and resolved your query, do click "Accept Answer" and "Yes" for was this answer helpful.

Best regards,
Eric

Answer 2

Akhilesh Vallamkonda 15,355 Moderator

Hi @Eleanor Delaney

I understand that you are encountering the error AADSTS50076: Due to a configuration change made by your administrator, or because you moved to a new location, you must use multi-factor authentication to access '00000003-0000-0000-c000-000000000000'. To address this issue, if you are the admin of your tenant try any of the following solutions.

Disable MFA for the affected user account.
Sign in to Microsoft Entra portal using Authentication Administrator(Least Privileged role) or with Global Administrator(Highest Privileged role) in the affected user's tenant and go to Microsoft Entra ID -> Users -> Select the affected User -> Go to Authentication Methods -> Select Revoke Multi factor Authentication Sessions to revoke the user's MFA settings and check the behavior.

Hope this helps. If you still do not see enough information to isolate the issue, please let me know in the comment section.

If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.

Akhilesh Vallamkonda 15,355 Reputation points Moderator

2025-05-26T09:13:30.7433333+00:00

@Eleanor Delaney
Following up to see is my response was helpful. And, if you have any further query and questions, please do let us know in comments section.
Akhilesh Vallamkonda 15,355 Reputation points Moderator

2025-05-27T09:25:11.83+00:00

@Eleanor Delaney
Following up to see is my response was helpful. If this answers your query, do click Accept Answer and Yes for was this answer helpful. If you have any further query and questions, please do let us know in comments section.
Eleanor Delaney 0 Reputation points

2025-05-28T17:07:52.2533333+00:00

hi there, thanks for your help (I'm new to this) its seems to be that the owner of the flow needs MTA turned off or be in a condition group setting. I'm working on creating a new user as I'm a one man show and global admin, MTA cannot be turned off for that

Share via

AADSTS50076:

2 answers

Your answer