Share via

"Strong Authentication is required" in Data Migration Assistant?

Jaime Stuardo 51 Reputation points
2025-03-14T12:15:12.79+00:00

Hello... I am using Data Migration Assistant. When I enter Azure credentials for it to retrieve subscription, and after I used Authenticator, I get this error:

Failed to fetch subscription list from Azure. AADSTS50074: Strong Authentication is required. Trace ID: 3edcf887-8383-41a4-a442-93525dea1300 Correlation ID: af49e232-9d3a-410d-891d-6f68a891908c Timestamp: 2025-03-14 11:21:15Z

I also tried to authenticate using my e-mail and strong password, but the same happens.

How can I solve it?

Thanks

Jaime

Microsoft Authenticator
Microsoft Authenticator
A Microsoft app for iOS and Android devices that enables authentication with two-factor verification, phone sign-in, and code generation.
8,645 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Techhelp Volunteer 225 Reputation points
    2025-03-15T18:00:44.3466667+00:00

    Check this Microsoft article https://learn.microsoft.com/en-us/entra/identity-platform/reference-error-codes

    The error message AADSTS50074: Strong Authentication is required indicates that Azure Active Directory (AAD) requires multi-factor authentication (MFA) for your account, but the authentication process is not being completed successfully. This is a common issue when using tools like Data Migration Assistant that interact with Azure services.

    Here are some steps you can take to resolve this issue:

    1. Ensure MFA is Properly Configured

    • Verify that your Azure account has MFA enabled and that you are using the correct method (e.g., Microsoft Authenticator app, SMS, or email) to complete the authentication.
    • If you are using the Microsoft Authenticator app, ensure that the app is set up correctly and that you are approving the notification or entering the correct code.

    2. Clear Cached Credentials

    • Sometimes, cached credentials can cause issues. Clear any cached Azure credentials on your machine:
      • On Windows, go to Control Panel > Credential Manager and remove any stored Azure credentials.
      • Alternatively, you can use the az logout command if you have the Azure CLI installed.

    3. Use a Different Authentication Method

    • If the Microsoft Authenticator app is not working, try using a different MFA method, such as SMS or email.
    • You can configure additional MFA methods in the Azure portal:
      1. Go to the Azure portal.
      2. Navigate to Azure Active Directory > Security > MFA.
      3. Add or update your MFA methods.

    4. Check Conditional Access Policies

    • Your organization might have Conditional Access policies that restrict access from certain locations or devices. Check with your Azure administrator to ensure that your account is not blocked by such policies.

    5. Use a Service Principal or Managed Identity

    • If you are repeatedly facing issues with user credentials, consider using a Service Principal or Managed Identity for authentication:
      • A Service Principal is an identity created for applications to access Azure resources.
      • A Managed Identity is an automatically managed identity in Azure Active Directory for Azure services.
    • You can create a Service Principal using the Azure CLI: 
      
     az ad sp create-for-rbac --name "DataMigrationAssistant"
    • Use the Service Principal credentials (Client ID, Tenant ID, and Client Secret) in the Data Migration Assistant.

    6. Check for Azure AD Tenant Restrictions

    • If your organization has restrictions on which tenants can be accessed, ensure that your Azure AD tenant is allowed. This is often configured in Azure AD > External Identities > Cross-tenant access settings.

    7. Update Data Migration Assistant

    • Ensure that you are using the latest version of the Data Migration Assistant. Older versions may have compatibility issues with Azure authentication.

    8. Contact Your Azure Administrator

    • If none of the above steps work, contact your Azure administrator to:
      • Verify that your account has the necessary permissions to access Azure subscriptions.
      • Check if there are any restrictions or policies blocking your access.

    9. Review Azure Activity Logs

    • The Trace ID and Correlation ID in the error message can be used to investigate the issue further. Your Azure administrator can use these IDs to review the Azure AD logs and identify the root cause.

    Example of Using Service Principal with Data Migration Assistant:

    1. Create a Service Principal: 
      
   az ad sp create-for-rbac --name "DataMigrationAssistant"
    2. Assign the necessary roles to the Service Principal: 
      
   az role assignment create --assignee <Client ID> --role "Contributor" --scope /subscriptions/<Subscription ID>
    3. Use the Service Principal credentials in the Data Migration Assistant:
      • Client ID
      • Client Secret
      • Tenant ID

    If you continue to face issues, provide the Trace ID and Correlation ID to your Azure administrator or Microsoft Support for further investigation. https://learn.microsoft.com/en-us/azure/azure-portal/supportability/how-to-create-azure-support-request

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.