What causes AADSTS90036?

Transient or persistent fault in the MSODS WCF backend that Entra ID depends on for directory operations. An Azure AD / Entra ID service incident affecting directory reads during token issuance. Tenant-level data inconsistency in MSODS (corrupt or partially replicated directory object) that the WCF call cannot resolve. A directory operation (user, group, or service principal lookup) hitting an unhandled, non-retryable code path in MSODS. Regional Entra ID infrastructure degradation surfacing as MsodsServiceUnretryableFailure for affected tenants

How do I fix AADSTS90036?

Check the Azure / Entra service health dashboard (status.azure.com and Service Health in the Azure portal) for an active Azure AD / Entra ID incident in your tenant's region before debugging anything else.. Capture the full correlation ID, request ID, and timestamp (UTC) from the failing sign-in — for Power BI refresh, pull these from the dataset refresh history; for ADF, from the pipeline activity error; for Databricks, from the job run output. Microsoft Support cannot trace MSODS failures without these.. Reproduce the failure with a different identity (another user, or a service principal vs. a user account) on the same Power BI dataset / ADF linked service / Fabric item. If only one principal fails, the issue is tied to that directory object in MSODS, not to your app.. Open a Microsoft Support ticket under Entra ID → Sign-in problems and explicitly include 'AADSTS90036 MsodsServiceUnretryableFailure' plus the correlation IDs — this error is explicitly documented as requiring a support ticket because the WCF fault details are only visible to Microsoft.. While the ticket is open, fail over scheduled refreshes and pipeline auths to a backup service principal or gateway-stored credential where possible, so business-critical refreshes are not blocked by the affected identity.

Low severityauthentication

Power BI Error:
AADSTS90036

What does this error mean?

A non-retryable failure occurred in the WCF service hosted by Microsoft Online Directory Services (MSODS) during sign-in.

Common causes

1Transient or persistent fault in the MSODS WCF backend that Entra ID depends on for directory operations
2An Azure AD / Entra ID service incident affecting directory reads during token issuance
3Tenant-level data inconsistency in MSODS (corrupt or partially replicated directory object) that the WCF call cannot resolve
4A directory operation (user, group, or service principal lookup) hitting an unhandled, non-retryable code path in MSODS
5Regional Entra ID infrastructure degradation surfacing as MsodsServiceUnretryableFailure for affected tenants

How to fix it

1Check the Azure / Entra service health dashboard (status.azure.com and Service Health in the Azure portal) for an active Azure AD / Entra ID incident in your tenant's region before debugging anything else.
2Capture the full correlation ID, request ID, and timestamp (UTC) from the failing sign-in — for Power BI refresh, pull these from the dataset refresh history; for ADF, from the pipeline activity error; for Databricks, from the job run output. Microsoft Support cannot trace MSODS failures without these.
3Reproduce the failure with a different identity (another user, or a service principal vs. a user account) on the same Power BI dataset / ADF linked service / Fabric item. If only one principal fails, the issue is tied to that directory object in MSODS, not to your app.
4Open a Microsoft Support ticket under Entra ID → Sign-in problems and explicitly include 'AADSTS90036 MsodsServiceUnretryableFailure' plus the correlation IDs — this error is explicitly documented as requiring a support ticket because the WCF fault details are only visible to Microsoft.
5While the ticket is open, fail over scheduled refreshes and pipeline auths to a backup service principal or gateway-stored credential where possible, so business-critical refreshes are not blocked by the affected identity.

Frequently asked questions

What does AADSTS90036 mean?

An unexpected, non-retryable error from the WCF service hosted by MSODS has occurred. Open a support ticket to get more details on the error.

How do I fix this error?

Check your application registration, token configuration, and user permissions in the Azure portal. Review Conditional Access policies if the error is policy-related.

Source · learn.microsoft.com/en-us/entra/identity-platform/reference-error-codes#aadsts-error-codes