Low severityauthentication
Power BI Error:
AADSTS500212
What does this error mean?
The user's home tenant has a Cross-Tenant Access Settings outbound policy that blocks access to the resource tenant.
Common causes
- 1Home tenant has a default outbound Cross-Tenant Access Settings policy of 'Block access' and the resource tenant isn't on the allow list
- 2Organization-specific outbound rule for the resource tenant explicitly blocks all users/groups or all applications
- 3B2B collaboration outbound is disabled for the user, group, or application targeted in the resource tenant
- 4User attempts to sign in to a multi-tenant app registered in another tenant that the home tenant doesn't trust outbound
- 5Recent tightening of External Identities outbound policy after a Zero Trust / conditional access review
How to fix it
- 1Identify the home tenant of the failing user and the resource tenant ID from the sign-in error (the resource tenant is the one hosting the Power BI workspace, Fabric capacity, or ADF/Databricks workspace)
- 2Have the home-tenant admin open Entra ID (Azure AD) → External Identities → Cross-tenant access settings → Organizational settings, add the resource tenant, and set Outbound access → B2B collaboration to Allow for the relevant users/groups and applications
- 3If a default outbound block is in place, either switch the default to Allow or add an explicit organizational allow entry for the resource tenant — default settings only apply when no org-specific entry exists
- 4Verify the user/group isn't excluded by a Conditional Access policy targeting external apps, then have the user clear cached tokens (sign out of office.com / Power BI, or run `dsregcmd /refreshprt`) and retry
- 5If the failure occurs from a service principal (ADF Linked Service, Fabric pipeline, Databricks Power BI connector), confirm the SP's home tenant outbound policy allows the resource tenant for applications, not just users