How to fix the error "AADSTS50076: Due to a configuration change made by your administrator, or because you moved to a new location, you must use multi-factor authentication to access

Question

hello I am trying to make a request to obtain the token "https://login.microsoftonline.com/organizations/oauth2/v2.0/token" where I have set all the various fields in the body, such as client_id, scope, username, password, client_secret and grant_type = password. However, I get this error: "AADSTS50076: Due to a configuration change made by your administrator, or because you moved to a new location, you must use multi-factor authentication to access", I tried to remove multi-factor authentication in Azure, but I noticed that it's not actually enabled, so it's like it's set by default, how can I fix it?

Answer 1

Hello Francescopio,

I'd recommend checking three things:

1. Check if security defaults are turned on (which enforces MFA).
2. Check whether you have a sign-in risk on your account. If there is a sign-in risk policy that enforces MFA, then this could be your issue.
3. Check for Conditional Access Policies that enforce MFA on your account.

You could also take a deeper look into your sign-in logs in Azure active Directory to get more details on the message.

Hopefully this helps.

---

If this is helpful please accept answer.

Answer 2

Just ran into this issue today. It had to do with entrada MFA enforcement. Go to your entrada MFA security management and disable the enforcement policies for the account used for the AAD sync. I still have legacy MFA enabled no problem and didnt drill down yet to see exactly which policy killed it but that should get anyone experiencing the issue headed in the right direction. I'll post more as I play with it more later (it's late here!).

Answer 3

Dear @Dillon Silzer I wanted to onboard WAC. Seeing the same error. Some workflows don't work anymore with MFA accounts
Described a workaround for the issue:
https://techcommunity.microsoft.com/t5/windows-admin-center-blog/windows-admin-center-version-2306-is-now-generally-available/bc-p/3869089/highlight/true#M496

Answer 4

I get the same error trying to sign in with Visual Studio Code to sync the settings in cloud. The account I am using is enabled to use MFA in my work environment.

"AADSTS50076: Due to a configuration change made by your administrator, or because you moved to a new location, you must use multi-factor authentication to access '00000003-0000-0000-c000-000000000000'.
Trace ID: ....
Correlation ID: ....
Timestamp: 2023-08-10 07:23:22Z"

Answer 5

I have the same error message:

Invalid_grant: AADSTS50076: Due to a configuration change made by your administrator, or because you moved to a new location, you must use multi-factor authentication to access.

Strange message because multi-factor authentication is enabled and configured. But I do notice an error message in the console of the browser:

Failed to load resource: the server responded with a status of 400 (Bad Request), https://login.microsoftonline.com/be501e6b-bfb7-4e76-9d03-2c567ac6d8a6/oauth2/v2.0/token

When I follow the link I receive an other error:

AADSTS900561: The endpoint only accepts POST, OPTIONS requests. Received a GET request.

In the log I found the message that MFA was interrupted by the User, while I never received an MFA request. I guess the exception in the console is causing the interruption. Doesn't seem like something my administrator can fix?