Aadsts90072 Error: How to Fix This User Account Issue
Exclude guest and external users when you face this error
4 min. read
Updated on
Read our disclosure page to find out how can you help Windows Report sustain the editorial team. Read more
Key notes
- You can run into the AADSTS90072 error when you attempt to log in to an account that is not in the tenant.
- The error can occur due to a mismatch between Active Directory and Azure AD's ImmutableID attribute.
- Excluding the Microsoft Azure cloud app from Require MFA for guests' policies can help with the issue.
Many users have reported they encounter an error AADSTS90072 during an account login. The issues occurs when you try using an account that is not in the directory, prompting an error error.
Alternatively, you can read through our article about how to fix the 0x801c03f3 Hybrid Azure AD Error on your PC.
Before we fix the issue, let’s take a look at underlying causes for it.
What causes the Aadsts90072 error?
The following are potential causes for the AADSTS90072 error:
- Account doesnโt exist in the tenant – if the external account that the user is trying to sign in with doesnโt exist on the tenant that they signed into, it can prompt the error. Also, it is because the user canโt satisfy the MFA (Multi-factor authentication) requirements for the tenant, making it unauthorized.
- There is a mismatch in the ImmutableID attribute – The error can also occur if there is a mismatch in the ImmutableID (sourceAnchor) attribute between Active Directory and Azure AD regardless of the users being synced.
These factors can vary on different computers depending on the condition. However, weโll take you through detailed steps for fixing the issue.
How can I fix the Aadsts90072 error?
Before proceeding with any advanced troubleshooting steps, try the following preliminary checks:
- Restart your PC – Restarting the computer will fix temporary issues affecting its performance and refresh its activities.
- Fix network issues – Power cycling your router/modem or fixing network congestion on your computer can help you connect faster to the internet.
- Use the Firefox browser and clear cookies for cookies – Clearing cookies for login.microsoft.com and teams.microsoft.com on Firefox should prevent the error from popping up again.
If you canโt resolve the error, go ahead with the solutions below:
1. Exclude Azure Information Protection from Require MFA for guests’ policies
- Go to Azure Dashboard and click on the Conditional Access option.
- Navigate to the Assignments tab, and select Users and groups under it.
- On the left pane, go to the Include tab and check the box for All guest and external users.
- Go to the Assignments tab on the right pane and select the Cloud apps or actions section.
- Navigate to the Excluded cloud apps section and select Microsoft Azure Information Protection as an exclusion.
- Try to log in to your account and check if the error AADSTS90072 persists.
The above steps allow the Microsoft Azure Information Protection cloud app to run without adhering to the Require MFA for guests policies.
2. Exclude guest and external users
- Create a new conditional access policy.
- Go to the Assignments tab on the left pane, and click on the Users and groups option.
- Select the Exclude tab on the right side of the screen, then check the box for All guest and external users.
- Under the Assignments tab, click on the Cloud apps or actions section on the left pane.
- On the right pane, go to the Include section and check the box for the Microsoft Azure Information Protection cloud app.
- Navigate to the Access controls tab on the left pane, and select Grant.
- Tick the radio button for Grant access and check the box for Require multi-factor authentication.
The above steps will exclude guests and external users from the RMA (Request multi-factor authentication) and grant access through Access Policy.
3. Disconnect the Organizational account
- Left-lick the Start button and click on Settings.
- Select the Accounts tab and click on Access work or school.
- Further, locate the organization account added and click on the Disconnect button.
- Confirm your selection by clicking Yes on the prompt.
- Click Disconnect again when another prompt asks you to disconnect from the organization account.
- Now, restart the Teams app and check if the error persists.
Alternatively, you can try to access the Teams web version to confirm if the issue is resolved.
In conclusion, our readers can check our guide about the Azure Functions Runtime unreachable error and ways to fix it on their PCs.
If you have further questions or suggestions concerning this guide, kindly drop them in the comments section below.
User forum
0 messages