AADSTS50173 - The provided grant has expired due to it being revoked
Error: AADSTS50173 - The provided grant has expired due to it being revoked
This error usually appears when a delegated admin account’s MFA configuration has changed — for example, when MFA was turned off, reset, or conditional access was newly applied, or a password was changed or reset.
Cause: Microsoft invalidates the session if MFA was reset or modified, requiring a fresh token via re-consent.
Resolution
Re-consent the delegated admin account in Sync 365 to refresh the token:
- Login to Sync 365
- Go to Company → Delegated admin tab
- Verify which account is currently active (do not delete it)
- Click Add → Grant partner center consent
- Log in using the current delegated admin account
- Ensure you’re prompted for MFA — this is required for Partner Center token validation
This should reissue the refresh token and restore access to the customer tenant.
Related Articles
AADSTS50078 – MFA Expired Due to Admin Policy
Error: AADSTS50078 – Presented MFA has expired due to policies configured by your administrator This error usually appears when a delegated admin account’s MFA configuration has changed — for example, when MFA was turned off, reset, or conditional ...
AADSTS700082 – Refresh Token Expired Due to Inactivity
Error: AADSTS700082 – The refresh token has expired due to inactivity This typically occurs when the customer tenant has an MFA setting that allows "remember MFA for X days", which breaks token refresh after extended inactivity. Cause: The “remember ...
AADSTS50076 – MFA Required Due to Location or Policy Change
Error: AADSTS50076 – Due to a configuration change made by your administrator, or because you moved to a new location, you must use multi-factor authentication to access This error is raised when Microsoft detects a change in MFA posture — such as an ...
The account does not have access to partner center
Error: The account does not have access to partner center This can come up while trying to grant partner center consent. There are a couple reasons this can happen. When prompted to grant consent, ensure you tick the box to grant permissions for the ...
AADSTS50079: Due to a configuration change made by your administrator, or because you moved to a new location, you must enroll in multi-factor authentication
Error: AADSTS50079: Due to a configuration change made by your administrator, or because you moved to a new location, you must enroll in multi-factor authentication to access This can typically be caused by a conditional access policy in your ...