What causes AADSTS50074?

The user dismissed, cancelled, or let the MFA prompt time out (Authenticator push, SMS, or OTP) during sign-in to Power BI, Fabric, or another Entra-protected app.. The user has no MFA method registered yet, or their registered method (phone, Authenticator app) is unreachable — so the strong-auth challenge cannot be completed.. A Conditional Access policy requires MFA for this app, location, or risk level (e.g. sign-in from a new IP, non-compliant device, or outside a trusted network) and the interrupt was not satisfied.. The user is signing in with an account type that cannot perform MFA in this flow — for example a service account or shared mailbox being used interactively instead of a service principal.. The Authenticator app is out of sync, the device clock is skewed, or the session was interrupted (browser closed, network drop) before the challenge completed.

How do I fix AADSTS50074?

Retry the sign-in and fully complete the MFA prompt — approve the Authenticator push or enter the OTP within the timeout window; do not close the browser tab during the challenge.. If no MFA method is registered or the device is lost, have the user go to https://aka.ms/mfasetup (or https://mysignins.microsoft.com/security-info) to register or reset an authentication method.. In the Entra admin center, open Sign-in logs, filter on the user and error code 50074, and inspect the Conditional Access tab to see exactly which policy required strong auth and why — adjust scope, trusted locations, or grant controls if the policy is over-broad.. For non-interactive workloads (Power BI scheduled refresh, ADF linked services, Fabric pipelines), do not use a user account that is subject to interactive MFA — switch the data source / linked service to a service principal or managed identity, which is exempt from user MFA.. If the issue persists for one user only, have them clear browser cookies for login.microsoftonline.com, sign out of all sessions in My Account, and re-register the Authenticator app to resync the time-based code.

Medium severityauthentication

Power BI Error:
AADSTS50074, MFA Challenge Not Completed

What does this error mean?

The user attempted to sign in but did not satisfy the multi-factor authentication (MFA) challenge required by Conditional Access.

Common causes

1The user dismissed, cancelled, or let the MFA prompt time out (Authenticator push, SMS, or OTP) during sign-in to Power BI, Fabric, or another Entra-protected app.
2The user has no MFA method registered yet, or their registered method (phone, Authenticator app) is unreachable — so the strong-auth challenge cannot be completed.
3A Conditional Access policy requires MFA for this app, location, or risk level (e.g. sign-in from a new IP, non-compliant device, or outside a trusted network) and the interrupt was not satisfied.
4The user is signing in with an account type that cannot perform MFA in this flow — for example a service account or shared mailbox being used interactively instead of a service principal.
5The Authenticator app is out of sync, the device clock is skewed, or the session was interrupted (browser closed, network drop) before the challenge completed.

How to fix it

1Retry the sign-in and fully complete the MFA prompt — approve the Authenticator push or enter the OTP within the timeout window; do not close the browser tab during the challenge.
2If no MFA method is registered or the device is lost, have the user go to https://aka.ms/mfasetup (or https://mysignins.microsoft.com/security-info) to register or reset an authentication method.
3In the Entra admin center, open Sign-in logs, filter on the user and error code 50074, and inspect the Conditional Access tab to see exactly which policy required strong auth and why — adjust scope, trusted locations, or grant controls if the policy is over-broad.
4For non-interactive workloads (Power BI scheduled refresh, ADF linked services, Fabric pipelines), do not use a user account that is subject to interactive MFA — switch the data source / linked service to a service principal or managed identity, which is exempt from user MFA.
5If the issue persists for one user only, have them clear browser cookies for login.microsoftonline.com, sign out of all sessions in My Account, and re-register the Authenticator app to resync the time-based code.

Frequently asked questions

What does AADSTS50074 mean?

Strong authentication is required and the user did

How do I fix this error?

Check your application registration, token configuration, and user permissions in the Azure portal. Review Conditional Access policies if the error is policy-related.

Source · learn.microsoft.com/en-us/entra/identity-platform/reference-error-codes#aadsts-error-codes