Low severityauthentication
Power BI Error:
AADSTS50150
What does this error mean?
The user or admin has not granted the application consent to access the requested Microsoft Graph or Power BI scopes.
Common causes
- 1The application requests delegated scopes (e.g. Power BI, Fabric, Dataverse) that the user has not yet consented to
- 2Admin consent is required for the requested permissions but has not been granted in the Entra ID (Azure AD) tenant
- 3Previously granted consent was revoked by an admin or by the user via 'My Apps'
- 4The app registration's API permissions were changed and now include scopes beyond the originally consented set
- 5Conditional Access or tenant-wide 'user consent disabled' policy blocks the consent prompt
How to fix it
- 1Reproduce the sign-in and capture the requested scopes from the URL or MSAL logs — these are the permissions missing consent
- 2In the Entra ID portal → Enterprise applications → your app → Permissions, click 'Grant admin consent for <tenant>' if scopes require admin approval
- 3If user consent is sufficient, have the user sign in again and accept the consent prompt; if no prompt appears, check Entra ID → Enterprise applications → Consent and permissions for tenant-wide restrictions
- 4In the App registration, verify API permissions match what the app actually requests and remove unused scopes to keep the consent surface minimal
- 5For service principals used by Power BI / ADF / Fabric pipelines, re-grant tenant admin consent and rotate the client secret/certificate if the principal was previously revoked