What causes AADSTS50134?

User starts device code flow on one network/region and completes the https://microsoft.com/devicelogin step on a different network (e.g. VPN switch, mobile hotspot, different country). Client app is hardcoded to a regional Entra ID endpoint (e.g. login.microsoftonline.us or a sovereign cloud) while the user authorizes via the global endpoint login.microsoftonline.com. Cached device code from a previous session is reused after the user's traffic has been re-routed to a different Azure datacenter. Conditional Access or geo-routing (Front Door, regional load balancer) sends the authorization request to a different Azure region than the original /devicecode call. Mismatch between national clouds — initiating against Azure Commercial but authorizing in Azure Government / China / Germany

How do I fix AADSTS50134?

Restart the device flow from scratch on the client — discard the old user_code/device_code and call /oauth2/v2.0/devicecode again so a fresh code is issued from the current datacenter. Complete the https://microsoft.com/devicelogin step from the same network as the initiating client (disable VPN, avoid switching between mobile/Wi-Fi mid-flow). Verify the client uses the same authority host as the user's browser — pin to https://login.microsoftonline.com/{tenant} on both sides, and avoid mixing global with sovereign clouds (login.microsoftonline.us, .partner.microsoftonline.cn, .microsoftonline.de). If you run behind Azure Front Door or a custom regional endpoint, ensure session affinity so /devicecode and /token requests land in the same backend region. For Power BI / Fabric service principals using device flow for delegated scopes, switch to client credentials or authorization code + PKCE — device flow is rarely the right grant for unattended pipelines and is the most common source of this error

Low severityauthentication

Power BI Error:
AADSTS50134

What does this error mean?

The device used to authorize an OAuth 2.0 device flow request is in a different Microsoft Entra ID data center than the device that initiated it.

Common causes

1User starts device code flow on one network/region and completes the https://microsoft.com/devicelogin step on a different network (e.g. VPN switch, mobile hotspot, different country)
2Client app is hardcoded to a regional Entra ID endpoint (e.g. login.microsoftonline.us or a sovereign cloud) while the user authorizes via the global endpoint login.microsoftonline.com
3Cached device code from a previous session is reused after the user's traffic has been re-routed to a different Azure datacenter
4Conditional Access or geo-routing (Front Door, regional load balancer) sends the authorization request to a different Azure region than the original /devicecode call
5Mismatch between national clouds — initiating against Azure Commercial but authorizing in Azure Government / China / Germany

How to fix it

1Restart the device flow from scratch on the client — discard the old user_code/device_code and call /oauth2/v2.0/devicecode again so a fresh code is issued from the current datacenter
2Complete the https://microsoft.com/devicelogin step from the same network as the initiating client (disable VPN, avoid switching between mobile/Wi-Fi mid-flow)
3Verify the client uses the same authority host as the user's browser — pin to https://login.microsoftonline.com/{tenant} on both sides, and avoid mixing global with sovereign clouds (login.microsoftonline.us, .partner.microsoftonline.cn, .microsoftonline.de)
4If you run behind Azure Front Door or a custom regional endpoint, ensure session affinity so /devicecode and /token requests land in the same backend region
5For Power BI / Fabric service principals using device flow for delegated scopes, switch to client credentials or authorization code + PKCE — device flow is rarely the right grant for unattended pipelines and is the most common source of this error

Frequently asked questions

What does AADSTS50134 mean?

Wrong data center. To authori

How do I fix this error?

Check your application registration, token configuration, and user permissions in the Azure portal. Review Conditional Access policies if the error is policy-related.

Source · learn.microsoft.com/en-us/entra/identity-platform/reference-error-codes#aadsts-error-codes