Microsoft Azure AD - error_description:Due to a configuration change made by your administrator, or because you moved to a new location etc

Asked 28/6, 2021 at 8:47 Answered 3/10, 2023 at 2:1

azure-active-directory wso2 microsoft-graph-api multi-factor-authentication

I am facing ERROR like below when connecting Microsoft Azure AD after enabling MFA. Before that it gets connected. Today while login, it required me to enable this security feature in my Phone(Microsoft Auithenticator APP). Unless this feature added, i can't able to access MS Outlook in Microsoft 365.

I am using WSO2 Outlook Connector to make connection with Microsoft Graph API

ERROR:

"error":"interaction_required","error_description":"AADSTS50076: Due to a configuration change made by your administrator, or because you moved to a new location, you must use multi-factor authentication to access '00000002-0000-0ff1-ce00-000000000000

Clobber answered 28/6, 2021 at 8:47 Comment(5)

How do you get the access token for MS Graph API? – Cesium 28/6, 2021 at 8:54

@Cesium Thanks for your response. AccessToken and refresh token these kind of credentials already generated and the same has been raised in #67971458 – Clobber 28/6, 2021 at 8:57

If you are using a refresh token, you might need to get a new one. – Cesium 28/6, 2021 at 10:14

@Cesium When I disable MFA, the same refresh token working fine while connect with MS Graph API. I think there is no issue with credentials. when i enable MFA, it failed to connect. Let me know if any thing i need to include while generate credentials/ any settings required to give grant permission like below. social.msdn.microsoft.com/Forums/en-US/… – Clobber 28/6, 2021 at 12:28

I get this error during login to visual studio. :( – Quintie 14/4, 2022 at 8:48

Possible solutions:

Use a interactive flow instead.
If you are using a interactive flow and still getting this error, ensure openid is one of the scopes during the interactive sign-in. You might be getting the error after the interactive sign-in and trying to exchange the authorization code for a access token...
```
https://login.microsoftonline.com/contoso.onmicrosoft.com/oauth2/authorize
?client_id=########-####-####-####-############
&response_type=code
&scope=openid groups.read.all
&nonce=1234
&redirect_uri=https://app.contoso.com
```
Notice "scope=openid groups.read.all" in the request above.
Add the client application to the exception list of the Conditional Access Policy
Add the user to the exception list of the Conditional Access Policy
If not using conditional access policies and the user is directly enabled for MFA, then as a last resort, disable MFA for the user if solutions above (specifically solution #1 and #2) do not work for you.

Frayne answered 6/7, 2021 at 14:39 Comment(0)

You must go to Azure portal https://portal.azure.com

Then go to Azure Active Directory > Properties tab > Manage security defaults > Select Disabled

This disables MFA

Mickens answered 7/7, 2023 at 19:42 Comment(2)

For those who can not find Azure Active Directory in their portal: It has been renamed to Microsoft Entra ID. – Ashleighashlen 13/3 at 9:45

This works after changing the Security defaults to disabled – Milore 25/6 at 21:13

You can use:

Install-Module AzureAD
Connect-AzureAD

Teakwood answered 3/10, 2023 at 2:1 Comment(0)

-1

I resolved the error by logging in from the command line:

az login

Laconic answered 26/2, 2023 at 18:18 Comment(1)

I aslo resolved the issue by running "az login" from the command prompt (which is part of Azure CLI). This solved the issue where Visual Studio was not able to authenticate with Azure for Azure Services. – Tourer 24/7 at 16:3

Recommended topics

Hot tags