Hello, this looks like conditional access is enabled on your synchronization account.
You need to remove this account from CAP policies
You can mark it 'Accept Answer' and 'Upvote' if this helped you
Regards,
Abiola
This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
have upgrade Entra Connect Sync. I am getting error during upgradinf configuration like this:
Configure AAD Sync
An error occurred executing Configure AAD Sync task: System.InvalidOperationException:
There was an issue obtaining cloud sync intervals --- >
Microsoft.Identity.Client.MsalUiRequiredException: AADSTS50079: Due to a configuration
change made by your administrator, or because you moved to a new location, you must enroll
in multi-factor authentication to access '00000002-0000-0000-c000-000000000000'. Trace ID:
30899e49-84c1-43e1-9ad5-272f73b4e600 Correlation ID: 4db1d100-d056-40d5-
aaae-8572bfa3a79b Timestamp: 2024-11-11 16:02:18Z
at
Microsoft.Online.Deployment.Client.Framework.MSALAuthenticationProvider.AuthenticateMS
AL(AzureService azureService, String userName, SecureString password, Boolean
useCachedToken, String& access Token, String& errorCode, String& additionalDetails, Boolean
throwOnException, Boolean throwExceptionOnMFAError)
at
Microsoft.Online.Deployment.Client.Framework.MSALAuthenticationProvider.AcquireServiceTo
ken(AzureService azureService, String& serviceEndpoint, String& errorCode, String&
additionalDetail, AuthenticationStatus& status, Boolean throwOnException, Boolean
throwExceptionOnMFAError)
at
Microsoft.Online.Deployment.Client.Framework.MSALAuthenticationProvider.AcquireServiceTo
ken(AzureService azureService, String& serviceEndpoint, String& additionalDetail,
AuthenticationStatus& status, Boolean throwOnException)
at
Microsoft.Online.Deployment.Client.Framework.MSALAuthenticationProvider.AcquireServiceTo
ken(AzureService azureService, String& additionalDetail, Boolean throwOnException)
at Microsoft.Online.Coexistence.ProvisionHelper.GetSecurityToken()
at
Microsoft.Azure.ActiveDirectory.Synchronization.ProvisioningWebServiceAdapter.Provisioning
WebServiceAdapter.InitializeProvisionHelper()
at
Microsoft.Azure.ActiveDirectory.Synchronization.ProvisioningWebServiceAdapter.Provisioning
WebServiceAdapter.Initialize()
at
Microsoft.Azure.ActiveDirectory.Synchronization.ProvisioningWebServiceAdapter.Provisioning
WebServiceAdapter.GetCompanyConfiguration(Boolean includeLicenseInformation)
at
Microsoft.Azure.ActiveDirectory.Synchronization.AADConfig.get_CloudEnforcedSyncSchedulerl
nterval()
at
Microsoft.MetadirectoryServices.Scheduler.SchedulerSettingUtilities.get CurrentSchedulerSetti
ngs()
--- End of inner exception stack trace ---
at
Microsoft.MetadirectoryServices.Scheduler.SchedulerSettingUtilities.get_CurrentSchedulerSetti
ngs()
at SchedulerUtils.GetCurrentSchedulerSettings(SchedulerUtils* , ConfigAttrNode* pcanList,
Ulnt32 ccanltems, Char ** syncSettingsSerialized, Char ** errorString)
I have tried to set exception from MFA and Conditional Access for admin account used for setting Sync but the result is same.
Any proposition?
Hello, this looks like conditional access is enabled on your synchronization account.
You need to remove this account from CAP policies
You can mark it 'Accept Answer' and 'Upvote' if this helped you
Regards,
Abiola