AADSTS50076 – MFA Required Due to Location or Policy Change
Error: AADSTS50076 – Due to a configuration change made by your administrator, or because you moved to a new location, you must use multi-factor authentication to access
This error is raised when Microsoft detects a change in MFA posture — such as an admin resetting MFA, user changing password, or logging in from a new location/device.
Cause: When MFA is reset or re-evaluated, Microsoft invalidates old tokens. Sync 365 then fails to authenticate until a new MFA-compliant token is issued.
Resolution
To resolve this, re-consent the delegated admin account so a fresh token is issued:
- Login to Sync 365
- Go to Company → Delegated admin tab
- Take note of the currently active account (do not delete it)
- Click Add → Grant partner center consent
- Log in with the delegated admin account
- Ensure that you are prompted for MFA — this is required for Partner Center token refresh
Once consent completes, the error should clear automatically.
Related Articles
AADSTS50079: Due to a configuration change made by your administrator, or because you moved to a new location, you must enroll in multi-factor authentication
Error: AADSTS50079: Due to a configuration change made by your administrator, or because you moved to a new location, you must enroll in multi-factor authentication to access This can typically be caused by a conditional access policy in your ...
AADSTS50078 – MFA Expired Due to Admin Policy
Error: AADSTS50078 – Presented MFA has expired due to policies configured by your administrator This error usually appears when a delegated admin account’s MFA configuration has changed — for example, when MFA was turned off, reset, or conditional ...
AADSTS700082 – Refresh Token Expired Due to Inactivity
Error: AADSTS700082 – The refresh token has expired due to inactivity This typically occurs when the customer tenant has an MFA setting that allows "remember MFA for X days", which breaks token refresh after extended inactivity. Cause: The “remember ...
AADSTS50173 - The provided grant has expired due to it being revoked
Error: AADSTS50173 - The provided grant has expired due to it being revoked This error usually appears when a delegated admin account’s MFA configuration has changed — for example, when MFA was turned off, reset, or conditional access was newly ...
AADSTS53000: Device is not in required device state: compliant. Conditional Access policy requires a compliant device, and the device is not compliant. The user must enroll their device with an approved MDM provider like Intune
Error: AADSTS53000: Device is not in required device state: compliant. Conditional Access policy requires a compliant device, and the device is not compliant. The user must enroll their device with an approved MDM provider like Intune If you’ve ...