Skip to main content

MS Graph AADSTS50076 Error

Jack Pitney
Updated

The AADSTS50076 error indicates that multi-factor authentication (MFA) is now required for your account due to a recent configuration change, moving to a new location, or a security policy. To fix this, your administrator can revoke your MFA sessions, you may need to re-register your authentication methods, or you might need to use a different authentication flow if MFA is a new requirement. [1, 2, 3, 4, 5]

For users experiencing the error

  • Contact your administrator: The most direct solution is to have your administrator revoke your MFA sessions in the Microsoft Entra portal, as suggested by Microsoft Learn users.
  • Go through the MFA setup again: After your administrator revokes your sessions, you should be able to log in again and be prompted to set up your authentication methods (like the Microsoft Authenticator app) as if for the first time.
  • Check your location: If you've recently traveled, the "moved to a new location" flag might be set, triggering MFA. Your administrator can investigate sign-in logs or conditional access policies for this. [1, 2, 3, 5, 6]

For administrators

  • Revoke MFA sessions: Go to Microsoft Entra ID > Users, select the affected user, and under "Authentication methods," select "Revoke multifactor authentication sessions".
  • Examine sign-in logs: Use the sign-in logs in the Microsoft Entra admin center to find more details on why MFA is being triggered.
  • Check security policies: Review any recent changes to your tenant's security settings, such as new or updated MFA policies, Conditional Access policies, or Security Defaults that may be enforcing MFA.
  • Consider the authentication flow: If MFA is a permanent requirement, you may need to adjust how your application or service handles authentication to support the MFA challenge, or use an authorization code flow, as discussed on Stack Overflow. [1, 2, 4, 6, 7]

 

[1] https://learn.microsoft.com/en-us/answers/questions/1484975/oauth2-token-endpoint-getting-error-interaction-re

[2] https://learn.microsoft.com/en-us/answers/questions/2277876/aadsts50076

[3] https://learn.microsoft.com/en-sg/answers/questions/1337701/aadsts50076-due-to-a-configuration-change-made-by

[4] https://dell-help.druva.com/en/articles/12179478-exchange-online-backups-failing-with-euauth-caused-by-mfa-configuration-change-aadsts50076

[5] https://desk.cozyroc.com/portal/en/kb/articles/error-message-aadsts50076-due-to-a-configuration-change-made-by-your-administrator-or-because-you-moved-to-a-new-location-you-must-use-multi-factor-authentication-to-access

[6] https://learn.microsoft.com/en-us/answers/questions/1288552/how-to-fix-the-error-aadsts50076-due-to-a-configur

[7] https://stackoverflow.com/questions/76460724/aad-outh-generate-token-failure-aadsts50076

Comments

0 comments

Article is closed for comments.

Powered by Zendesk