AADSTS50078 – MFA Expired Due to Admin Policy
Error: AADSTS50078 – Presented MFA has expired due to policies configured by your administrator
This error usually appears when a delegated admin account’s MFA configuration has changed — for example, when MFA was turned off, reset, or conditional access was newly applied.
Cause: Microsoft invalidates the session if MFA was reset or modified, requiring a fresh token via re-consent.
Resolution
Re-consent the delegated admin account in Sync 365 to refresh the token:
- Login to Sync 365
- Go to Company → Delegated admin tab
- Verify which account is currently active (do not delete it)
- Click Add → Grant partner center consent
- Log in using the current delegated admin account
- Ensure you’re prompted for MFA — this is required for Partner Center token validation
This should reissue the refresh token and restore access to the customer tenant.
Related Articles
AADSTS700082 – Refresh Token Expired Due to Inactivity
Error: AADSTS700082 – The refresh token has expired due to inactivity This typically occurs when the customer tenant has an MFA setting that allows "remember MFA for X days", which breaks token refresh after extended inactivity. Cause: The “remember ...
AADSTS50076 – MFA Required Due to Location or Policy Change
Error: AADSTS50076 – Due to a configuration change made by your administrator, or because you moved to a new location, you must use multi-factor authentication to access This error is raised when Microsoft detects a change in MFA posture — such as an ...
AADSTS50173 - The provided grant has expired due to it being revoked
Error: AADSTS50173 - The provided grant has expired due to it being revoked This error usually appears when a delegated admin account’s MFA configuration has changed — for example, when MFA was turned off, reset, or conditional access was newly ...
AADSTS530034 / AADSTS530032 – Delegated Admin Blocked Due to Risk
Error: AADSTS530034 / AADSTS530032 – Delegated administrator or user blocked due to risk This error occurs when Microsoft flags the delegated admin account as a risky user, or when security defaults block access unexpectedly. Cause: Risky user ...
AADSTS50079: Due to a configuration change made by your administrator, or because you moved to a new location, you must enroll in multi-factor authentication
Error: AADSTS50079: Due to a configuration change made by your administrator, or because you moved to a new location, you must enroll in multi-factor authentication to access This can typically be caused by a conditional access policy in your ...