How to fix the error "AADSTS50076: Due to a configuration change made by your administrator, or because you moved to a new location, you must use multi-factor authentication to access

Question

How to fix the error "AADSTS50076: Due to a configuration change made by your administrator, or because you moved to a new location, you must use multi-factor authentication to access

Francescopio Pascale 95

hello I am trying to make a request to obtain the token "https://login.microsoftonline.com/organizations/oauth2/v2.0/token" where I have set all the various fields in the body, such as client_id, scope, username, password, client_secret and grant_type = password. However, I get this error: "AADSTS50076: Due to a configuration change made by your administrator, or because you moved to a new location, you must use multi-factor authentication to access", I tried to remove multi-factor authentication in Azure, but I noticed that it's not actually enabled, so it's like it's set by default, how can I fix it?

Armando Contestabile 0 Reputation points

2023-08-10T07:29:15.6766667+00:00

I get the same error trying to sign in with Visual Studio Code to sync the settings in cloud. The account I am using is enabled to use MFA in my work environment.

"AADSTS50076: Due to a configuration change made by your administrator, or because you moved to a new location, you must use multi-factor authentication to access '00000003-0000-0000-c000-000000000000'.
Trace ID: ....
Correlation ID: ....
Timestamp: 2023-08-10 07:23:22Z"
Dick van Straaten 0 Reputation points

2023-08-10T19:40:18.57+00:00

I have the same error message:

Invalid_grant: AADSTS50076: Due to a configuration change made by your administrator, or because you moved to a new location, you must use multi-factor authentication to access.

Strange message because multi-factor authentication is enabled and configured. But I do notice an error message in the console of the browser:

Failed to load resource: the server responded with a status of 400 (Bad Request), https://login.microsoftonline.com/be501e6b-bfb7-4e76-9d03-2c567ac6d8a6/oauth2/v2.0/token

When I follow the link I receive an other error:

AADSTS900561: The endpoint only accepts POST, OPTIONS requests. Received a GET request.

In the log I found the message that MFA was interrupted by the User, while I never received an MFA request. I guess the exception in the console is causing the interruption. Doesn't seem like something my administrator can fix?
Dick van Straaten 0 Reputation points

2023-08-10T19:42:04.89+00:00

Small extra note, in my case I am redirected to https://portal.azure.com.mcas.ms/#home, because defender is active. Could this be related?
Floris vdZ 6 Reputation points

2023-08-22T14:39:00.3233333+00:00

We have the same problem. It started a couple of weeks ago. Before it worked fine.

We have 1Password SSO and get this error on Windows PCs. We don't get this error on iPhone using Edge browser.
mike010101 0 Reputation points

2023-09-05T19:45:13.3666667+00:00

Im seeing this same error, but from a terraform script that is trying to access a resource i created using my a/d login/pwd.
Max Stewart 1 Reputation point

2023-09-30T11:32:13.5333333+00:00
I have installed Azure AD Powershell.

To use it, I get credentials with e.g. $AzureAdCred = Get-Credential

I am prompted for userid and password. The 365 Identity / Enterprise applications sign-in log says these were accepted successfully. All apparently good so far.

I then try to connect using Connect-AzureAD -Credential $AzureAdCred and receive the AADSTS50076 error.

The 365 Identity / Enterprise Applications sign-in log says:

Status : Interrupted Application: Azure Active Directory PowerShell Additional Details: User needs to perform multi-factor authentication

However, the MSFT account has long had MFA switched on, but neither the Get-Credential nor the Connect-AzureAD gave an MFA prompt.
WimPOST-6362 0 Reputation points

2023-10-19T07:42:16.21+00:00

I get this error when simply reading an item in MS Word Help about predictive text. After showing the associated help text for a couple of seconds, the Help panel switches to showing this error. Our organisation had MFA and I am properly logged on to MS Office/Word, so very weird to get this error.

8 answers

Your answer

Armando Contestabile 0 Reputation points

2023-08-10T07:29:15.6766667+00:00

I get the same error trying to sign in with Visual Studio Code to sync the settings in cloud. The account I am using is enabled to use MFA in my work environment.

"AADSTS50076: Due to a configuration change made by your administrator, or because you moved to a new location, you must use multi-factor authentication to access '00000003-0000-0000-c000-000000000000'.
Trace ID: ....
Correlation ID: ....
Timestamp: 2023-08-10 07:23:22Z"
Dick van Straaten 0 Reputation points

2023-08-10T19:40:18.57+00:00

I have the same error message:

Invalid_grant: AADSTS50076: Due to a configuration change made by your administrator, or because you moved to a new location, you must use multi-factor authentication to access.

Strange message because multi-factor authentication is enabled and configured. But I do notice an error message in the console of the browser:

Failed to load resource: the server responded with a status of 400 (Bad Request), https://login.microsoftonline.com/be501e6b-bfb7-4e76-9d03-2c567ac6d8a6/oauth2/v2.0/token

When I follow the link I receive an other error:

AADSTS900561: The endpoint only accepts POST, OPTIONS requests. Received a GET request.

In the log I found the message that MFA was interrupted by the User, while I never received an MFA request. I guess the exception in the console is causing the interruption. Doesn't seem like something my administrator can fix?
Dick van Straaten 0 Reputation points

2023-08-10T19:42:04.89+00:00

Small extra note, in my case I am redirected to https://portal.azure.com.mcas.ms/#home, because defender is active. Could this be related?
Floris vdZ 6 Reputation points

2023-08-22T14:39:00.3233333+00:00

We have the same problem. It started a couple of weeks ago. Before it worked fine.

We have 1Password SSO and get this error on Windows PCs. We don't get this error on iPhone using Edge browser.
mike010101 0 Reputation points

2023-09-05T19:45:13.3666667+00:00

Im seeing this same error, but from a terraform script that is trying to access a resource i created using my a/d login/pwd.
Max Stewart 1 Reputation point

2023-09-30T11:32:13.5333333+00:00

I have installed Azure AD Powershell.

To use it, I get credentials with e.g. $AzureAdCred = Get-Credential

I am prompted for userid and password. The 365 Identity / Enterprise applications sign-in log says these were accepted successfully. All apparently good so far.

I then try to connect using Connect-AzureAD -Credential $AzureAdCred and receive the AADSTS50076 error.

The 365 Identity / Enterprise Applications sign-in log says:

Status : Interrupted Application: Azure Active Directory PowerShell Additional Details: User needs to perform multi-factor authentication

However, the MSFT account has long had MFA switched on, but neither the Get-Credential nor the Connect-AzureAD gave an MFA prompt.
WimPOST-6362 0 Reputation points

2023-10-19T07:42:16.21+00:00

I get this error when simply reading an item in MS Word Help about predictive text. After showing the associated help text for a couple of seconds, the Help panel switches to showing this error. Our organisation had MFA and I am properly logged on to MS Office/Word, so very weird to get this error.

Answer 1

Dillon Silzer 57,716

Hello Francescopio,

I'd recommend checking three things:

Check if security defaults are turned on (which enforces MFA).
Check whether you have a sign-in risk on your account. If there is a sign-in risk policy that enforces MFA, then this could be your issue.
Check for Conditional Access Policies that enforce MFA on your account.

You could also take a deeper look into your sign-in logs in Azure active Directory to get more details on the message.

Hopefully this helps.

If this is helpful please accept answer.

Dannie Myers 10 Reputation points

2023-05-30T15:10:24.26+00:00

Where do you check these settings?
Dick van Straaten 0 Reputation points

2023-08-10T19:43:57.52+00:00

There only exception that I found is that MFA was interrupted by the user, but this is definitely not the case. As explained in my post the website throws an error, my guess is that this error interrupts the MFA routine.

Answer 2

Infinity Solutions Arizona 5

Just ran into this issue today. It had to do with entrada MFA enforcement. Go to your entrada MFA security management and disable the enforcement policies for the account used for the AAD sync. I still have legacy MFA enabled no problem and didnt drill down yet to see exactly which policy killed it but that should get anyone experiencing the issue headed in the right direction. I'll post more as I play with it more later (it's late here!).

Answer 3

Karl Wester-Ebbinghaus 41 MVP

Dear @Dillon Silzer I wanted to onboard WAC. Seeing the same error. Some workflows don't work anymore with MFA accounts
Described a workaround for the issue:
https://techcommunity.microsoft.com/t5/windows-admin-center-blog/windows-admin-center-version-2306-is-now-generally-available/bc-p/3869089/highlight/true#M496

Answer 4

Niels de Jager 0

Not sure if this helps anyone since it's an old post. But this seems to be happening if you have an conditional access policy that requires MFA. But also have a IP exclusion that does not require MFA..

Tanvir Anjum 0 Reputation points

2024-03-01T03:58:22.75+00:00

I have the same problem. I also have conditional policy you mentioned above. Did you find any fix? I am scratching my head for last 3 days on this
Niels de Jager 0 Reputation points

2024-03-01T10:53:31.6433333+00:00

For us it was for the 1password application to work. We are now in the 1password beta-program that fixed this issue. Another solution would be to exclude the app from the CA rule. You can then choose to create a new rule for only that app that always requires MFA. So no IP exclusion.

Answer 5

Harshvir Bhati 26

Hello,

I just had the issue and I was able to resolve it after the az login command on PowerShell, then I ran the az get access token.

I hope this helps.

Atul 1 Reputation point

2025-01-02T04:55:50.2133333+00:00

How exactly did you ran az get access token in PowerShell?
Get-AzAccessToken : The term 'Get-AzAccessToken' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again.
Ramyapriya Pasula 40 Reputation points

2025-01-07T09:17:09.24+00:00

After the az login and get access token, what should be done? didnt get exactly what you told @Harshvir Bhati

Share via

How to fix the error "AADSTS50076: Due to a configuration change made by your administrator, or because you moved to a new location, you must use multi-factor authentication to access

8 answers

Your answer