戻る
-
タイトル
ADC Fails with above error when MFA is Enabled -
説明
When MFA is enabled on the Organizational Level by Microsoft, ADC fails with error. The Following Error is observed in ADC.wlog
Failed to connect ExOnline 'https://outlook.office365.com/powershell-liveid' with user name: HR@M365x68875496.onmicrosoft.com. The credentials may expire. Please see more detailed from logs.
AADSTS50076: Due to a configuration change made by your administrator, or because you moved to a new location, you must use multi-factor authentication to access '00000002-0000-0ff1-ce00-000000000000'. Trace ID: a1a80a39-6f9d-4fcb-bb0b-d41324090901 Correlation ID: d58a4e87-0af1-450c-a9e6-2595def78c96 Timestamp: 2024-04-24 06:03:10Z ---> Microsoft.Identity.Client.MsalUiRequiredException: AADSTS50076: Due to a configuration change made by your administrator, or because you moved to a new location, you must use multi-factor authentication to access '00000002-0000-0ff1-ce00-000000000000'. Trace ID: a1a80a39-6f9d-4fcb-bb0b-d41324090901 Correlation ID: d58a4e87-0af1-450c-a9e6-2595def78c96 Timestamp: 2024-04-24 06:03:10Z
-
原因
Multi-Factor Authentication is enabled by default on all Organizational Tenants. -
対策
Some Configuration needs to be changed for the QAM Service Account in the Azure Portal.
1. Go to Azure Portal and login with the Global Admin Credentials.
2. Navigate to the Below Link :-
https://portal.azure.com/#view/Microsoft_AAD_IAM/RoleMenuBlade/~/RoleMembers/objectId/d29b2b05-8046-44ba-8758-1e26182fcf32/roleName/Directory%20Synchronization%20Accounts/roleTemplateId/d29b2b05-8046-44ba-8758-1e26182fcf32/customRole~/false/adminUnitObjectId//resourceScope/%2f
3. Add the ADC Proxy credential User by clicking on Add Assignments.
Note: ADC Proxy Credential User is the one you can find in the Archive Manager Configuration Console under Azure Active Directory Connector settings.
4. After Completing the steps, wait for 5-10 minutes to reflect changes. Then restart the ADC Service.