Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Register now to learn Fabric in free live sessions led by the best Microsoft experts. From Apr 16 to May 9, in English and Spanish.

Reply
piper
Frequent Visitor

Disabling multi factor authentication for power bi

‎05-12-2020 09:47 AM

Hi All,

 

I am new to power BI, and have purchased power bi pro account for some POC. However, a multi-factor authentication got enabled when I registered my cell/phone number with Azure/PowerBI.

 

However, now, I am not able to generate the access token for using power BI rest apis. We have written lot of code to automate few things w.r.t power bi, and I don't want all of that to go in vain.

 

I am getting following msg while generating token:

 

AADSTS50076: Due to a configuration change made by your administrator, or because you moved to a new location, you must use multi-factor authentication to access '00000009-0000-0000-c000-000000000000'

 

Can anyone please help how to disable MFA for user?

Labels:
Message 1 of 11
21,918 Views
1 ACCEPTED SOLUTION
v-deddai1-msft
Community Support
Community Support
In response to piper

‎05-12-2020 10:53 PM

Hi @piper ,

 

The request requires the user to do multi-factor authentication and then send this new token back to Web API 1 and complete the on-behalf-of flow. MFA was enabled by triggering a rule if some action (e.g. sudden location change) was treated as "risky activity". For an account there is a "moved to a new location" flag that can get set, automatically triggering the need for MFA, even if it was initially off.

 

Please check the conditional access locations in Azure AD and check if your AAD admin can clear the flag. Disable MFA for the account or configure conditional access to give access to "Global Admin" role.

 

Please find additional info in the following articles:

https://docs.microsoft.com/en-us/azure/active-directory/active-directory-conditional-access-location...

https://docs.microsoft.com/en-us/azure/active-directory/develop/conditional-access-dev-guide

https://docs.microsoft.com/en-us/office365/admin/security-and-compliance/set-up-multi-factor-authent...

 

If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

 

Best Regards,

Dedmon Dai

View solution in original post

Message 4 of 11
21,885 Views
0
10 REPLIES 10
iabrani
New Member

‎01-05-2022 06:43 AM

Found a solution.   Created a Service account with Power Bi portal admin and have this service account to be excluded from the nightly process that forces the MFA the next day.

 

Log in to the Power Bi Portal under this service account and recreate the subscription under this login.  This is working for my organization so far.

Message 11 of 11
15,084 Views
0
nickyvv
Community Champion
Community Champion

‎05-12-2020 09:53 AM
Hi @piper,

maybe you can use a Service Principal to use with automating things around the REST API?
https://docs.microsoft.com/en-us/power-bi/developer/embedded/embed-service-principal


Did I answer your question? Mark my post as a solution!

Blog: nickyvv.com | @NickyvV


Message 2 of 11
21,915 Views
0
piper
Frequent Visitor
In response to nickyvv

‎05-12-2020 11:00 AM

Thanks @nickyvv for your response.

 

Currently, for every new client, we are creating new workspace/group via REST apis. This is required to clone reports to entirely new workspace dedicated for a client.

There are few limitations for using service principal, which are provided on same link which you have shared, like following one:

 

"Embed for your organization applications can't use service principal."

 

I am not sure, but with this, I think I won't be able to generate embed token for reports.

 

I had tried service principal approach in past for powerbi rest api, before going for powerBi pro, and it hadn't work earlier.

I will try it again, and update back.

 

Meanwhile, do you think if there is any way to either disable MFA or get access token silently with MFA?

Message 3 of 11
21,901 Views
0
v-deddai1-msft
Community Support
Community Support
In response to piper

‎05-12-2020 10:53 PM

Hi @piper ,

 

The request requires the user to do multi-factor authentication and then send this new token back to Web API 1 and complete the on-behalf-of flow. MFA was enabled by triggering a rule if some action (e.g. sudden location change) was treated as "risky activity". For an account there is a "moved to a new location" flag that can get set, automatically triggering the need for MFA, even if it was initially off.

 

Please check the conditional access locations in Azure AD and check if your AAD admin can clear the flag. Disable MFA for the account or configure conditional access to give access to "Global Admin" role.

 

Please find additional info in the following articles:

https://docs.microsoft.com/en-us/azure/active-directory/active-directory-conditional-access-location...

https://docs.microsoft.com/en-us/azure/active-directory/develop/conditional-access-dev-guide

https://docs.microsoft.com/en-us/office365/admin/security-and-compliance/set-up-multi-factor-authent...

 

If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

 

Best Regards,

Dedmon Dai

Message 4 of 11
21,886 Views
0
piper
Frequent Visitor
In response to v-deddai1-msft

‎05-13-2020 01:54 AM

Thanks @v-deddai1-msft .

 

I have followed steps outlined here :https://docs.microsoft.com/en-us/microsoft-365/admin/security-and-compliance/set-up-multi-factor-aut...

 

And, have disabled default security measures. I understand this is bit risky as per security, but it has unblocked me for now.

I was able to get access token for powerbi rest api.

 

Once POC completes, I will go through shared links in detail, to setup conditional access.

Message 5 of 11
21,878 Views
0
KarlOnEarth
Frequent Visitor
In response to piper

‎08-02-2020 04:18 PM

G'day @piper ,

Did you ever 

@piper wrote:

... go through shared links in detail, to setup conditional access.

I am facing the issue of MFA, I turned on MFA for the accont that I use to refresh data and now my refreshes are failing. From the documentation @v-deddai1-msft quoted here: 

https://docs.microsoft.com/en-us/azure/active-directory/active-directory-conditional-access-location...

it appears one will need to specify a range of IP addresses for the Power BI service servers. Is that what you did?

Message 7 of 11
21,569 Views
0
KarlOnEarth
Frequent Visitor
In response to KarlOnEarth

‎08-02-2020 05:50 PM

Actually I think I have solved it for my installation. It may have been that I just had to re-send my SharePoint credentials in the Power BI admin console. I had been into the AD conditional policy and specifically Excluded the Power BI Service but it was still failing. After a while I noticed a message in the Power BI Datasets area that some credentials needed to be updated; the ones for SharePoint data source. I re-entered those and it sprang back into life for me, I am now doing scheduled refreshes again with MFA turned on.

Message 8 of 11
21,560 Views
jessica-ko
Advocate I
Advocate I
In response to KarlOnEarth

‎04-12-2023 01:43 AM

@KarlOnEarth I did the same thing as you, but noticed it still fails once Im logged out/inactive of my profile. I always need to add my credentials everytime. Are you experiencing this also? 

 

 

Message 9 of 11
6,656 Views
0
KarlOnEarth
Frequent Visitor
In response to jessica-ko

‎04-12-2023 03:38 PM

@jessica-ko no it is all working fine for me now that I re-authenticated. Sorry I'm not able to give any further guidance.

Message 10 of 11
6,606 Views
0
v-deddai1-msft
Community Support
Community Support
In response to piper

‎05-13-2020 02:30 AM

Hi @piper ,

 

If my post helps, then please consider Accept it as the solution to help the other members find it more quickly.

 

Best Regards,

Dedmon Dai

Message 6 of 11
21,871 Views

Helpful resources

Announcements
Microsoft Fabric Learn Together

Microsoft Fabric Learn Together

Covering the world! 9:00-10:30 AM Sydney, 4:00-5:30 PM CET (Paris/Berlin), 7:00-8:30 PM Mexico City

PBI_APRIL_CAROUSEL1

Power BI Monthly Update - April 2024

Check out the April 2024 Power BI update to learn about new features.

April Fabric Community Update

Fabric Community Update - April 2024

Find out what's new and trending in the Fabric Community.

View All
Top Solution Authors
View All
Top Kudoed Authors
View All