Critical severityauthentication
Power BI Refresh Error:
AADSTS50053
What does this error mean?
AADSTS50053 is returned by Microsoft Entra ID when an account has been locked due to too many failed authentication attempts, triggering the smart lockout policy. In Power BI Embedded, this typically affects service principal or master user accounts used for token generation.
Common causes
- 1An automated process or deployment pipeline is repeatedly attempting to authenticate with an outdated or incorrect password, triggering smart lockout
- 2Multiple instances of the application are simultaneously retrying failed auth requests with bad credentials, compounding lockout
- 3A master user account password was recently changed but old credentials remain cached or hardcoded in one or more services
- 4A brute-force or credential stuffing attack is targeting the account, causing legitimate lockout as a security response
How to fix it
- 1Step 1: Immediately stop all automated retry loops or scheduled jobs that are sending authentication requests with the locked account credentials to prevent extending the lockout duration
- 2Step 2: Wait for the Microsoft Entra smart lockout period to expire (typically 1 minute for the first lockout, increasing with subsequent lockouts) or contact your Azure AD administrator to reset the lockout via the Azure portal
- 3Step 3: Identify and correct the source of failed authentication attempts — locate all services, config files, and pipelines using this account and verify the credentials are current
- 4Step 4: If using a master user account for Power BI Embedded, strongly consider migrating to a service principal authentication model, which is more resilient and the Microsoft-recommended approach
- 5Step 5: After the lockout clears and credentials are corrected, test authentication in isolation before re-enabling automated processes