Share via

Unable to Switch Directory in Azure Portal

Nacho Tech 1 Reputation point
2023-01-09T17:52:36.987+00:00

I keep receiving the error:

Sign-in failed
Error code: AADSTS50079
Error message: Due to a configuration change made by your administrator, or because you moved to a new location, you must enroll in multi-factor authentication to access

However the account does have MFA enabled (it prompts me at every sign in).

Microsoft Security Microsoft Entra Microsoft Entra ID

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. JamesTran-MSFT 36,906 Reputation points Microsoft Employee Moderator
    2023-01-30T16:38:12.6466667+00:00

    @Nacho Tech Thank you for your post!

    Error Message: AADSTS50079: Due to a configuration change made by your administrator, or because you moved to a new location, you must enroll in multi-factor authentication to access.

    From your error message, I was able to find it within our Azure AD Authentication and authorization error codes documentation and it looks like there could've been a configuration change that is causing your sign-in to fail.

    > UserStrongAuthEnrollmentRequired - Due to a configuration change made by the admin such as a Conditional Access policy, per-user enforcement, or because the user moved to a new location, the user is required to use multi-factor authentication. Either a managed user needs to register security info to complete multi-factor authentication, or a federated user needs to get the multi-factor claim from the federated identity provider.

    • Since there aren't any other Admin's within your tenant, did you recently update your tenant's MFA setting's?
    • Are you using Azure SQL Database with Azure AD Multi-Factor Authentication?
    • Do you have any users that can login and that have permissions to edit any CA policies that might be enforcing this MFA config?

    Any additional details or screenshots would be greatly appreciated!

    If you have any other questions, please let me know. Thank you for your time and patience throughout this issue.

  2. JamesTran-MSFT 36,906 Reputation points Microsoft Employee Moderator
    2023-01-30T16:38:33.87+00:00

    @Nacho Tech

    Thank you for following up on this and for sharing your error details!

    Error Message:

    AADSTS90072: User account 'xxxxxxx' from identity provider 'live.com' does not exist in tenant 'Microsoft Services'... The account needs to be added as an external user in the tenant first....

    I looked into your Correlation ID, and it looks like the user you used when signing into aka.mset doesn't exist in the tenant. For more info - Error AADSTS50020 - User account from identity provider does not exist in tenant.

    Going back to your initial error message - AADSTS50079: Due to a configuration change made by your administrator, or because you moved to a new location, you must enroll in multi-factor authentication to access.

    • Are you or any other users still able to log into your tenant or gain access to it?
    • Can you revert the changes you made to enable MFA or are you completely locked out of your tenant?

    Related Issue:

    AADSTS50076: Due to a configuration change made by your administrator

    If you have any other questions, please let me know.

    Thank you for your time and patience throughout this issue.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.