This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(310.4, 23%, 40%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESH%3C/text%3E%3C/svg%3E)
When I did an "az login" I received this message:
"error":"interaction_required","error_description":"AADSTS50076: Due to a configuration change made by your administrator, or because you moved to a new location, you must use multi-factor authentication to access '797f4846-ba00-4fd7-ba43-dac1f8f63013'.\r\nTrace ID: 348d5fb2-e91a-476d-b7e1-6d4d787d0400\r\nCorrelation ID: 700a81e3-75c9-47e0-aad5-94bfed299947\r\nTimestamp: 2020-04-16 18:04:46Z","error_codes":[50076],"timestamp":"2020-04-16 18:04:46Z","trace_id":"348d5fb2-e91a-476d-b7e1-6d4d787d0400","correlation_id":"700a81e3-75c9-47e0-aad5-94bfed299947","error_uri":"https://login.microsoftonline.com/error?code=50076","suberror":"basic_action"
However, when I go to my SignInSignUp flow, it shows MFA (multifactor Authentication) is disabled. What is going on? Do I have a problem or not?
Thanks
Siegfried
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(112.00000000000001, 76%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ES%3C/text%3E%3C/svg%3E)
Hi,
Yesterday our developer got the same message out of nowhere. Saying "you must use multi-factor authentication to access '797f4846-ba00-4fd7-ba43-dac1f8f63013".
But the AAD user itself can access his office.com resources with the same account and MFA for him works. He event reset the MFA device - still works, but he can't add his account to Visual studio. Tried different VMs. This is not related to VM's.
I just had a nice session with Brice from Azure support.
As part of a Microsoft AADB2C tutorial, I had created another azure directory/B2Ctenant. I was not aware that this process also created had created another user account. I don't know what this account is for -- I don't remember needing it for the AADB2C tutorial (so far). Deleting this new user account seems to have solved the problem (which was just an error message).
Thank you Brice
Siegfried
@Siegfried Heintze , I tracked the error based on the correlation ID that you shared and found that Security Defaults applied to Azure CLI.
Since you have disabled Security Defaults, I would suggest you to close any existing PowerShell/Azure CLI sessions, where you are trying az login and start a new session. Looks like the change will take effect on new session.
-----------------------------------------------------------------------------------------------------------
Please do not forget to "Accept the answer" wherever the information provided helps you to help others in the community.
OK, I have taken your advice and I have logged out ("az logout") a second time to confirm that I am logged out.
I now do "az login" again and get a very similar message. While it does not seem to be causing any problem, I'm hesitant to ignore it without understanding it better.
WARNING: You have logged in. Now let us find all the subscriptions to which you have access...
WARNING: Failed to authenticate '{'additional_properties': {}, 'id': '/tenants/1e694636-92fd-4ca7-b666-d0545514eb69', 'tenant_id': '1e694636-92fd-4ca7-b666-d0545514eb69'}' due to error 'Get Token request returned http error: 400 and server response: {"error":"interaction_required","error_description":"AADSTS50076: Due to a configuration change made by your administrator, or because you moved to a new location, you must use multi-factor authentication to access '797f4846-ba00-4fd7-ba43-dac1f8f63013'.\r\nTrace ID: e1cc0115-d02f-4446-ac27-cc6b71376400\r\nCorrelation ID: 5d598d3c-c264-47bf-9154-f13d1a42f4c5\r\nTimestamp: 2020-05-04 16:23:21Z","error_codes":[50076],"timestamp":"2020-05-04 16:23:21Z","trace_id":"e1cc0115-d02f-4446-ac27-cc6b71376400","correlation_id":"5d598d3c-c264-47bf-9154-f13d1a42f4c5","error_uri":"https://login.microsoftonline.com/error?code=50076","suberror":"basic_action"}'
[
{
"cloudName": "AzureCloud",
"id": "acc26051-92a5-4ed1-a226-64a187bc27db",
"isDefault": true,
"name": "Azure subscription 1",
"state": "Enabled",
"tenantId": "7a838aec-0b9e-4856-a3b5-2b02613f36a2",
"user": {
"name": "sheintze@hotmail.com",
"type": "user"
}
}
]
Try creating a new user under Azure Active Directory > Users and test with that account.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(92.8, 89%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EP%3C/text%3E%3C/svg%3E)
In my case this happened because in my current browser, I had selected a different Azure Directory (Tenant) that the one I was trying to access with the CloudShell. So the /devicelogin was using the code to try and access the AD selected in the browser and not the one I had selected in the CloudShell => Easiest solution: just logout of your browser session and start a new one to do the /devicelogin