This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(313.6, 24%, 40%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EFP%3C/text%3E%3C/svg%3E)
hello I am trying to make a request to obtain the token "https://login.microsoftonline.com/organizations/oauth2/v2.0/token" where I have set all the various fields in the body, such as client_id, scope, username, password, client_secret and grant_type = password. However, I get this error: "AADSTS50076: Due to a configuration change made by your administrator, or because you moved to a new location, you must use multi-factor authentication to access", I tried to remove multi-factor authentication in Azure, but I noticed that it's not actually enabled, so it's like it's set by default, how can I fix it?
A cloud-based identity and access management service for securing user authentication and resource access
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(204.8, 23%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAC%3C/text%3E%3C/svg%3E)
I get the same error trying to sign in with Visual Studio Code to sync the settings in cloud. The account I am using is enabled to use MFA in my work environment.
"AADSTS50076: Due to a configuration change made by your administrator, or because you moved to a new location, you must use multi-factor authentication to access '00000003-0000-0000-c000-000000000000'.
Trace ID: ....
Correlation ID: ....
Timestamp: 2023-08-10 07:23:22Z"
I have the same error message:
Invalid_grant: AADSTS50076: Due to a configuration change made by your administrator, or because you moved to a new location, you must use multi-factor authentication to access.
Strange message because multi-factor authentication is enabled and configured. But I do notice an error message in the console of the browser:
Failed to load resource: the server responded with a status of 400 (Bad Request), https://login.microsoftonline.com/be501e6b-bfb7-4e76-9d03-2c567ac6d8a6/oauth2/v2.0/token
When I follow the link I receive an other error:
AADSTS900561: The endpoint only accepts POST, OPTIONS requests. Received a GET request.
In the log I found the message that MFA was interrupted by the User, while I never received an MFA request. I guess the exception in the console is causing the interruption. Doesn't seem like something my administrator can fix?
Small extra note, in my case I am redirected to https://portal.azure.com.mcas.ms/#home, because defender is active. Could this be related?
We have the same problem. It started a couple of weeks ago. Before it worked fine.
We have 1Password SSO and get this error on Windows PCs. We don't get this error on iPhone using Edge browser.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(12.8, 22%, 11%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EM%3C/text%3E%3C/svg%3E)
Im seeing this same error, but from a terraform script that is trying to access a resource i created using my a/d login/pwd.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(60.8, 97%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMS%3C/text%3E%3C/svg%3E)
I have installed Azure AD Powershell.
To use it, I get credentials with e.g. $AzureAdCred = Get-Credential
I am prompted for userid and password. The 365 Identity / Enterprise applications sign-in log says these were accepted successfully. All apparently good so far.
I then try to connect using Connect-AzureAD -Credential $AzureAdCred and receive the AADSTS50076 error.
The 365 Identity / Enterprise Applications sign-in log says:
Status : Interrupted
Application: Azure Active Directory PowerShell
Additional Details: User needs to perform multi-factor authentication
However, the MSFT account has long had MFA switched on, but neither the Get-Credential nor the Connect-AzureAD gave an MFA prompt.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(51.2, 61%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EW6%3C/text%3E%3C/svg%3E)
I get this error when simply reading an item in MS Word Help about predictive text. After showing the associated help text for a couple of seconds, the Help panel switches to showing this error. Our organisation had MFA and I am properly logged on to MS Office/Word, so very weird to get this error.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(220.8, 37%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EWH%3C/text%3E%3C/svg%3E)
This is old, but legacy SharePoint authentication is credential based, and if MFA is required, it prevents legacy SharePoint auth from working. You can use PnP to get a clientContext that uses modern auth- https://pnp.github.io/powershell/cmdlets/Get-PnPContext.html
You'll need to authenticate first using the connect-pnponline command, and that needs to be set up with registering your application https://pnp.github.io/powershell/articles/registerapplication.html
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(102.4, 27%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EM%3C/text%3E%3C/svg%3E)
I solved this issue by re authenticating to my data source from the Power BI web semantic model. (For context, I am working on Power BI web, pulling data from Azure DevOps to "My Workspace.")
I got the following error: AADSTS50076: Due to a configuration change made by your administrator, or because you moved to a new location, you must use multi-factor authentication to access
To solve this:
once you sign in, refresh the semantic model, and the error should be gone.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(83.2, 71%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDS%3C/text%3E%3C/svg%3E)
I had to login with my tenant Id to make this go away. Your tenant Id is in the Azure settings and you then pick your subscription.
az login --tenant (guid)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(112.00000000000001, 24%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EVP%3C/text%3E%3C/svg%3E)
This worked for me to. But first i did az logout.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(172.8, 66%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EIS%3C/text%3E%3C/svg%3E)
Just ran into this issue today. It had to do with entrada MFA enforcement. Go to your entrada MFA security management and disable the enforcement policies for the account used for the AAD sync. I still have legacy MFA enabled no problem and didnt drill down yet to see exactly which policy killed it but that should get anyone experiencing the issue headed in the right direction. I'll post more as I play with it more later (it's late here!).
Hello Francescopio,
I'd recommend checking three things:
You could also take a deeper look into your sign-in logs in Azure active Directory to get more details on the message.
Hopefully this helps.
If this is helpful please accept answer.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(195.2, 80%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDM%3C/text%3E%3C/svg%3E)
There only exception that I found is that MFA was interrupted by the user, but this is definitely not the case. As explained in my post the website throws an error, my guess is that this error interrupts the MFA routine.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(259.20000000000005, 34%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3END%3C/text%3E%3C/svg%3E)
Not sure if this helps anyone since it's an old post. But this seems to be happening if you have an conditional access policy that requires MFA. But also have a IP exclusion that does not require MFA..
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(3.2, 89%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETA%3C/text%3E%3C/svg%3E)
I have the same problem. I also have conditional policy you mentioned above. Did you find any fix? I am scratching my head for last 3 days on this
For us it was for the 1password application to work. We are now in the 1password beta-program that fixed this issue. Another solution would be to exclude the app from the CA rule. You can then choose to create a new rule for only that app that always requires MFA. So no IP exclusion.
Dear @Dillon Silzer I wanted to onboard WAC. Seeing the same error. Some workflows don't work anymore with MFA accounts
Described a workaround for the issue:
https://techcommunity.microsoft.com/t5/windows-admin-center-blog/windows-admin-center-version-2306-is-now-generally-available/bc-p/3869089/highlight/true#M496