AADSTS50079: Due to a configuration change made by your administrator, or because you moved to a new location, you must enroll in multi-factor authentication

AADSTS50079: Due to a configuration change made by your administrator, or because you moved to a new location, you must enroll in multi-factor authentication

Error: AADSTS50079: Due to a configuration change made by your administrator, or because you moved to a new location, you must enroll in multi-factor authentication to access

This can typically be caused by a conditional access policy in your customer tenant.


Cause: When a conditional access policy is blocking your partner tenant access.

How to Identify the Policy

  • Login to the customer's Azure portal
  • Open Microsoft Entra ID (Azure AD)
  • Go to Users → Sign-in logs
  • Find the sign-in attempt by"<Your company name> Technician"
  • Click into the failed sign-in to see the Conditional Access policy blocking access

Resolution

Customer Tenants

Exclude service provider users from ALL conditional access policies

  • Log into conditional access policies in the customer tenant
  • For each policy add an exclusion to "Users and Groups"
    • Select: Guest or external users> Service provider users > Enter your partner tenant ID.
If there are no identified policies, follow the below steps:

Re-consent the delegated admin account so a fresh token is issued:

  1. Login to Sync 365
  2. Go to Company → Delegated admin  tab
  3. Take note of the currently active account (do not delete it)
  4. Click Add → Grant partner center consent
  5. Log in with the delegated admin account
  6. Ensure that you are prompted for MFA — this is required for Partner Center token refresh

Once consent completes, the error should clear automatically.

    • Related Articles

    • AADSTS50076 – MFA Required Due to Location or Policy Change

      Error: AADSTS50076 – Due to a configuration change made by your administrator, or because you moved to a new location, you must use multi-factor authentication to access This error is raised when Microsoft detects a change in MFA posture — such as an ...

    • AADSTS700082 – Refresh Token Expired Due to Inactivity

      Error: AADSTS700082 – The refresh token has expired due to inactivity This typically occurs when the customer tenant has an MFA setting that allows "remember MFA for X days", which breaks token refresh after extended inactivity. Cause: The “remember ...

    • Master Index Page for Troubleshooting Microsoft 365 Errors

      Troubleshooting Microsoft 365 Errors If you've received an error in Sync 365 related to authentication, consent, token refresh, or license sync, use the links below to find the exact resolution. Authentication& MFA Errors AADSTS50078 – MFA expired ...

    • AADSTS50078 – MFA Expired Due to Admin Policy

      Error: AADSTS50078 – Presented MFA has expired due to policies configured by your administrator This error usually appears when a delegated admin account’s MFA configuration has changed — for example, when MFA was turned off, reset, or conditional ...

    • AADSTS530034 / AADSTS530032 – Delegated Admin Blocked Due to Risk

      Error: AADSTS530034 / AADSTS530032 – Delegated administrator or user blocked due to risk This error occurs when Microsoft flags the delegated admin account as a risky user, or when security defaults block access unexpectedly. Cause: Risky user ...