Low severityauthentication
Power BI Error:
AADSTS50079
What does this error mean?
User must complete multifactor authentication enrollment before sign-in can proceed, but security info is not yet registered.
Common causes
- 1A new Conditional Access policy was rolled out that requires MFA, but the user has never registered MFA methods
- 2Per-user MFA was enabled for the account in the legacy Microsoft Entra ID (Azure AD) MFA portal
- 3The user signed in from a new location, IP, or device that triggered an MFA-required Conditional Access rule
- 4For federated users (ADFS, Okta, Ping): the federated identity provider isn't sending the required MFA claim (`http://schemas.microsoft.com/claims/multipleauthn`) back to Entra ID
- 5Security defaults were enabled on the tenant, forcing MFA registration for all users
How to fix it
- 1Have the user visit https://aka.ms/mfasetup (or https://mysignins.microsoft.com/security-info) and register at least one MFA method (Authenticator app, phone, FIDO2 key)
- 2In the Microsoft Entra admin center, open Users → the affected user → Authentication methods to confirm enrollment completed; for service/automation accounts, exclude them from the MFA Conditional Access policy or use a workload identity instead
- 3If this is a Power BI / Fabric / ADF scheduled refresh failing under a user account, switch the data source credentials to a service principal or managed identity — interactive MFA cannot complete in an unattended refresh
- 4For federated tenants: configure the federated IdP (ADFS, Okta) to issue the `multipleauthn` claim, or set `federatedIdpMfaBehavior` to `enforceMfaByFederatedIdp` / `acceptIfMfaDoneByFederatedIdp` on the domain via Graph
- 5Review which Conditional Access policy triggered this in Entra ID → Sign-in logs → select the failed sign-in → Conditional Access tab, and confirm whether the policy scope is intentional