What causes AADSTS50180?

Seamless SSO is not enabled on the Microsoft Entra ID (Azure AD) tenant in Microsoft Entra Connect. The client sent a `prompt=none` / Integrated Windows Auth request while the tenant only supports interactive or password-hash/PTA sign-in. The user's domain is federated to an on-prem IdP (ADFS) but the request was routed to Entra ID directly instead of the federation endpoint. The `AZUREADSSOACC` computer account is missing or the Kerberos decryption key is out of sync after a tenant change. Browser/device is not domain-joined or not on the corporate network, so no Kerberos ticket can be issued for `autologon.microsoftazuread-sso.com`

How do I fix AADSTS50180?

Verify Seamless SSO status: open Microsoft Entra Connect on the sync server → `Change user sign-in` → confirm `Enable single sign-on` is checked, or run `Get-ADComputer AZUREADSSOACC` in AD to confirm the computer account exists. If Seamless SSO should be on, enable it in Entra Connect and roll over the Kerberos decryption key with `Update-AzureADSSOForest` (PowerShell module `AzureADSSO.psd1`) — repeat every 30 days as Microsoft recommends. Add `https://autologon.microsoftazuread-sso.com` to the Local Intranet zone via GPO (`User Configuration → Administrative Templates → Windows Components → Internet Explorer → Internet Control Panel → Security Page → Site to Zone Assignment List`) and set zone auth to `Automatic logon only in Intranet zone`. If Seamless SSO is not desired, remove `prompt=none` / IWA hints from the client request so the user gets the interactive sign-in flow, or switch the federation/auth method (PHS, PTA, or ADFS) that fits your tenant. For Power BI Gateway / ADF / Fabric service principals: don't use IWA — use a service principal with a client secret or certificate, or a managed identity, instead of relying on Windows Integrated Auth

Low severityauthentication

Power BI Error:
AADSTS50180, Seamless SSO not enabled

What does this error mean?

Sign-in expected Integrated Windows Authentication, but Seamless SSO is not enabled on the Microsoft Entra ID (Azure AD) tenant.

Common causes

1Seamless SSO is not enabled on the Microsoft Entra ID (Azure AD) tenant in Microsoft Entra Connect
2The client sent a `prompt=none` / Integrated Windows Auth request while the tenant only supports interactive or password-hash/PTA sign-in
3The user's domain is federated to an on-prem IdP (ADFS) but the request was routed to Entra ID directly instead of the federation endpoint
4The `AZUREADSSOACC` computer account is missing or the Kerberos decryption key is out of sync after a tenant change
5Browser/device is not domain-joined or not on the corporate network, so no Kerberos ticket can be issued for `autologon.microsoftazuread-sso.com`

How to fix it

1Verify Seamless SSO status: open Microsoft Entra Connect on the sync server → `Change user sign-in` → confirm `Enable single sign-on` is checked, or run `Get-ADComputer AZUREADSSOACC` in AD to confirm the computer account exists
2If Seamless SSO should be on, enable it in Entra Connect and roll over the Kerberos decryption key with `Update-AzureADSSOForest` (PowerShell module `AzureADSSO.psd1`) — repeat every 30 days as Microsoft recommends
3Add `https://autologon.microsoftazuread-sso.com` to the Local Intranet zone via GPO (`User Configuration → Administrative Templates → Windows Components → Internet Explorer → Internet Control Panel → Security Page → Site to Zone Assignment List`) and set zone auth to `Automatic logon only in Intranet zone`
4If Seamless SSO is not desired, remove `prompt=none` / IWA hints from the client request so the user gets the interactive sign-in flow, or switch the federation/auth method (PHS, PTA, or ADFS) that fits your tenant
5For Power BI Gateway / ADF / Fabric service principals: don't use IWA — use a service principal with a client secret or certificate, or a managed identity, instead of relying on Windows Integrated Auth

Frequently asked questions

What does AADSTS50180 mean?

Integrated Windows authentication is needed. Enable the tenant for Seamless SSO.

How do I fix this error?

Check your application registration, token configuration, and user permissions in the Azure portal. Review Conditional Access policies if the error is policy-related.

Source · learn.microsoft.com/en-us/entra/identity-platform/reference-error-codes#aadsts-error-codes