What causes AADSTS500014?

An admin set 'Enabled for users to sign-in' to No on the resource's enterprise application in Microsoft Entra ID. The Azure subscription backing the resource (e.g. Power BI Service, Fabric, Azure Data Factory, Databricks) has lapsed, expired or been suspended. The service principal for the resource was deleted or soft-deleted from the tenant and needs to be restored. A Conditional Access or tenant restriction policy is blocking the resource service principal from issuing tokens. The application was disabled by a tenant-wide admin action (e.g. risk-based disablement or governance lifecycle policy)

How do I fix AADSTS500014?

Sign in to the Microsoft Entra admin center > Enterprise applications, locate the resource app from the error (e.g. Power BI Service, Azure Data Factory, Databricks) and open Properties. Set 'Enabled for users to sign-in' to Yes and save — this re-enables the service principal so tokens can be issued. If the toggle is already Yes, verify the Azure subscription tied to the resource is Active in the Azure portal > Subscriptions; renew or reactivate any lapsed/expired subscription. If the service principal is missing, recreate it via PowerShell (`New-MgServicePrincipal -AppId `) or by re-consenting to the application. Review Conditional Access policies and tenant restrictions for blocks targeting the resource application, and check the Entra sign-in logs for the failed request to confirm the resolution

Low severityauthentication

Power BI Error:
AADSTS500014

What does this error mean?

The service principal for the requested resource application is disabled in the Microsoft Entra ID (Azure AD) tenant, so no tokens can be issued.

Common causes

1An admin set 'Enabled for users to sign-in' to No on the resource's enterprise application in Microsoft Entra ID
2The Azure subscription backing the resource (e.g. Power BI Service, Fabric, Azure Data Factory, Databricks) has lapsed, expired or been suspended
3The service principal for the resource was deleted or soft-deleted from the tenant and needs to be restored
4A Conditional Access or tenant restriction policy is blocking the resource service principal from issuing tokens
5The application was disabled by a tenant-wide admin action (e.g. risk-based disablement or governance lifecycle policy)

How to fix it

1Sign in to the Microsoft Entra admin center > Enterprise applications, locate the resource app from the error (e.g. Power BI Service, Azure Data Factory, Databricks) and open Properties
2Set 'Enabled for users to sign-in' to Yes and save — this re-enables the service principal so tokens can be issued
3If the toggle is already Yes, verify the Azure subscription tied to the resource is Active in the Azure portal > Subscriptions; renew or reactivate any lapsed/expired subscription
4If the service principal is missing, recreate it via PowerShell (`New-MgServicePrincipal -AppId <resource-app-id>`) or by re-consenting to the application
5Review Conditional Access policies and tenant restrictions for blocks targeting the resource application, and check the Entra sign-in logs for the failed request to confirm the resolution

Frequently asked questions

What does AADSTS500014 mean?

How do I fix this error?

Check your application registration, token configuration, and user permissions in the Azure portal. Review Conditional Access policies if the error is policy-related.

Source · learn.microsoft.com/en-us/entra/identity-platform/reference-error-codes#aadsts-error-codes