Context
To provide customers with the highest level of security, Microsoft has started to require multifactor authentication (MFA) for all Azure sign-in attempts.
We have identified the following issues consequences of using MFA with Azure CLI
1. ROPC Authentication
Login to Azure by passing directly in the command their password also known as the ROPC flow (Resource Owner Password Credential) is not supported with MFA.
The associated command is:
az login --username $username –password $password
If MFA is required for the user, the above command fails with the following error message:
AADSTS50076: Due to a configuration change made by your administrator, or because you moved to a new location, you must use multi-factor authentication to access ‘’. Trace ID Correlation ID: Timestamp:
Solution
You must switch to using an authentication flow compatible with Multifactor Authentication.
2. Cross-Tenant authentication
If the user has access to several tenants and one of them requires MFA, the login with Azure CLI may display a warning message similar to:
Authentication failed against tenant 00000000-0000-0000-0000-000000000000 'Tenant Name': AADSTSXXXXX: Due to a configuration change made by your administrator, or because you moved to a new location, you must use multi-factor authentication to access '00000000-0000-0000-0000-000000000000'. Trace ID: 00000000-0000-0000-0000-000000000000 Correlation ID: 00000000-0000-0000-0000-000000000000 Timestamp: 2025-03-02 01:01:10Z
During the login phase, Azure CLI tries to logon to the different tenant that the user can access. The MFA claims obtained with the first tenant found cannot be used for a different tenant, the warning message above is therefore displayed.
Workaround
While we are working towards a resolution of the issue, to avoid the warning message, we recommend that you specify the tenant you want to use with the following command.
az login --tenant 00000000-0000-0000-0000-000000000000
Learn more
How to prepare for the impact of multifactor authentication on Azure CLI: https://aka.ms/azcli-mfa
Additional information about ROPC flow: https://learn.microsoft.com/entra/identity-platform/v2-oauth-ropc
Context
To provide customers with the highest level of security, Microsoft has started to require multifactor authentication (MFA) for all Azure sign-in attempts.
We have identified the following issues consequences of using MFA with Azure CLI
1. ROPC Authentication
Login to Azure by passing directly in the command their password also known as the ROPC flow (Resource Owner Password Credential) is not supported with MFA.
The associated command is:
az login --username $username –password $passwordIf MFA is required for the user, the above command fails with the following error message:
Solution
You must switch to using an authentication flow compatible with Multifactor Authentication.
2. Cross-Tenant authentication
If the user has access to several tenants and one of them requires MFA, the login with Azure CLI may display a warning message similar to:
During the login phase, Azure CLI tries to logon to the different tenant that the user can access. The MFA claims obtained with the first tenant found cannot be used for a different tenant, the warning message above is therefore displayed.
Workaround
While we are working towards a resolution of the issue, to avoid the warning message, we recommend that you specify the tenant you want to use with the following command.
az login --tenant 00000000-0000-0000-0000-000000000000Learn more
How to prepare for the impact of multifactor authentication on Azure CLI: https://aka.ms/azcli-mfa
Additional information about ROPC flow: https://learn.microsoft.com/entra/identity-platform/v2-oauth-ropc