Low severityauthentication
Power BI Error:
AADSTS50005
What does this error mean?
Conditional Access policy blocked the sign-in because the device platform isn't allowed by the policy.
Common causes
- 1A Conditional Access policy with a 'Device platforms' condition excludes the platform the user is signing in from (e.g. Linux or an unknown/unsupported OS).
- 2The user signs in from a platform that isn't included in the supported platforms list of the CA policy targeting the Power BI / Fabric / Microsoft 365 app.
- 3On-premises data gateway or scheduled refresh service account runs on an OS/platform that the CA policy classifies as unsupported.
- 4CA policy requires a compliant or Hybrid Entra-joined device, and the device reports as an unrecognized platform so it falls into the 'unsupported' bucket.
- 5Service principal or automation hitting an interactive endpoint where a device-platform CA policy applies.
How to fix it
- 1Open the Microsoft Entra admin center → Protection → Conditional Access → Policies, and identify the policy with a 'Device platforms' condition targeting the affected app (Power BI Service, Fabric, or the SAML/OIDC app in the sign-in log).
- 2In Entra ID → Sign-in logs, find the failed sign-in for the user and open the 'Conditional Access' tab to see exactly which policy reported 'Failure' — that is the policy to adjust.
- 3Either add the user's platform to the policy's 'Include' list under Device platforms, or move the user/group to an exclusion, or have the user retry from a supported platform (Windows / macOS / iOS / Android).
- 4If this is hitting a Power BI scheduled refresh or on-premises data gateway, switch to a service principal (where supported) or exclude the gateway service account from the device-platform CA policy, since gateways often present as an unsupported platform.
- 5After changing the policy, wait a few minutes for replication and have the user clear cached tokens (sign out of Power BI Desktop / browser session) before retrying.