Low severityauthentication
Power BI Error:
AADSTS90082, Unsupported Authentication Policy
What does this error mean?
Microsoft Entra ID (Azure AD) rejected the sign-in because the requested authentication policy uses legacy WS-Federation against OrgID, which is no longer supported.
Common causes
- 1Legacy client or SDK still requesting the WS-Federation (wsfed) endpoint instead of OAuth 2.0 / OIDC against login.microsoftonline.com
- 2Outdated on-premises data gateway or Power BI Desktop build using a deprecated auth library (ADAL instead of MSAL)
- 3Custom application configured with a federated/WS-Trust identity provider that no longer maps to a supported Entra ID policy
- 4Service principal or connector using a token endpoint version (v1.0) or grant type that is disabled on the tenant
- 5Conditional Access or tenant policy that blocks the legacy authentication protocol the client is attempting
How to fix it
- 1Identify the client triggering the error (Power BI Desktop, on-premises data gateway, custom app, ADF linked service) via the correlation ID in the sign-in logs in the Entra admin center → Sign-in logs.
- 2Upgrade the client: install the latest Power BI Desktop and on-premises data gateway (MSAL-based), or migrate custom apps from ADAL to MSAL and from the v1.0 to the v2.0 token endpoint.
- 3In the app registration (Entra ID → App registrations), verify the supported authentication flows: enable OAuth 2.0 / OpenID Connect and remove any WS-Federation / SAML-only configuration that is no longer required.
- 4If a federated identity provider is in use, confirm with your Entra ID administrator that the federation trust is healthy (Get-MgDomainFederationConfiguration) and that the user's domain is not stuck in a legacy OrgID federation state.
- 5Re-test sign-in; if it still fails, capture a Fiddler / network trace of the /authorize request and open a Microsoft support case with the correlation ID and timestamp.