Low severityauthentication
Power BI Error:
AADSTS90092
What does this error mean?
Microsoft Graph returned a non-retryable error during an Entra ID (Azure AD) token or directory call — the request itself is invalid and retrying won't help.
Common causes
- 1App registration is missing required Microsoft Graph permissions, or admin consent has not been granted for the tenant
- 2The signed-in user, group, or service principal referenced in the request no longer exists or was soft-deleted in Entra ID
- 3Malformed claim, scope, or resource identifier in the authorization request (e.g. invalid GUID, wrong tenant ID, or unsupported scope combination)
- 4Conditional Access or directory policy blocks the Graph lookup that Entra ID performs as part of sign-in
- 5Stale or corrupted app manifest after a recent change to redirect URIs, optional claims, or API permissions
How to fix it
- 1Open the failing app registration in Entra admin center → API permissions and verify Microsoft Graph delegated/application permissions are present AND have tenant admin consent (green checkmark)
- 2Check the correlation ID and timestamp from the error in Entra ID → Sign-in logs → filter on AADSTS90092; the 'Additional Details' field usually names the exact Graph object or claim that failed
- 3Validate that the user, group, or service principal in the request still exists and is enabled (Entra ID → Users / Enterprise applications); recreate or restore from soft-delete if needed
- 4If the app manifest was recently edited, revert or re-save it — invalid optional claims and malformed requiredResourceAccess entries trigger this error
- 5For Power BI / Fabric service principal scenarios, confirm the SP is in the 'Allow service principals to use Power BI APIs' security group in the Fabric admin portal and re-grant Graph consent