What causes AADSTS53004?

User has never completed MFA registration (no phone, Authenticator app, or other method enrolled in Entra ID). Identity Protection flagged the user as risky, blocking 'proof-up' (MFA registration) until an admin clears the risk. Conditional Access policy 'Register security information' requires MFA setup from a trusted location/device the user isn't on. Tenant-wide Security Defaults or MFA enforcement was recently enabled and the user hasn't enrolled yet. User's MFA methods were reset or revoked by an admin and re-registration is now required

How do I fix AADSTS53004?

Have the user navigate to https://aka.ms/mfasetup (or https://mysignins.microsoft.com/security-info) from a trusted network/device and complete MFA registration with a phone number or Microsoft Authenticator. If registration itself is blocked, an admin must open Microsoft Entra ID > Security > Risky users, locate the user, and select 'Confirm user safe' or 'Dismiss user risk' to unblock proof-up. Admin: review Conditional Access policies targeting the 'Register security information' user action — temporarily exclude the user or require registration only from a trusted location so they can enroll. Admin: in Entra ID > Users > Authentication methods, verify the user has no stale methods; if needed, click 'Require re-register MFA' so the user starts a clean enrollment. Once registration succeeds, retry the Power BI / Fabric sign-in; if the error persists, check Entra ID sign-in logs for the exact Conditional Access policy that fired

Low severityauthentication

Power BI Error:
AADSTS53004, MFA Registration Required

What does this error mean?

User is blocked from signing in because they must complete multifactor authentication (MFA) registration first.

Common causes

1User has never completed MFA registration (no phone, Authenticator app, or other method enrolled in Entra ID)
2Identity Protection flagged the user as risky, blocking 'proof-up' (MFA registration) until an admin clears the risk
3Conditional Access policy 'Register security information' requires MFA setup from a trusted location/device the user isn't on
4Tenant-wide Security Defaults or MFA enforcement was recently enabled and the user hasn't enrolled yet
5User's MFA methods were reset or revoked by an admin and re-registration is now required

How to fix it

1Have the user navigate to https://aka.ms/mfasetup (or https://mysignins.microsoft.com/security-info) from a trusted network/device and complete MFA registration with a phone number or Microsoft Authenticator
2If registration itself is blocked, an admin must open Microsoft Entra ID > Security > Risky users, locate the user, and select 'Confirm user safe' or 'Dismiss user risk' to unblock proof-up
3Admin: review Conditional Access policies targeting the 'Register security information' user action — temporarily exclude the user or require registration only from a trusted location so they can enroll
4Admin: in Entra ID > Users > Authentication methods, verify the user has no stale methods; if needed, click 'Require re-register MFA' so the user starts a clean enrollment
5Once registration succeeds, retry the Power BI / Fabric sign-in; if the error persists, check Entra ID sign-in logs for the exact Conditional Access policy that fired

Frequently asked questions

What does AADSTS53004 mean?

User needs to complete the multifactor authentication registration process before accessing this content. User should register for multifactor authentication.

How do I fix this error?

Check your application registration, token configuration, and user permissions in the Azure portal. Review Conditional Access policies if the error is policy-related.

Source · learn.microsoft.com/en-us/entra/identity-platform/reference-error-codes#aadsts-error-codes