Power Platform – Power Automate Flow errors after MFA enabled
.
Don’t compare your beginning to someone else’s middle.
— Jon Acuff
Hello Everyone,
Hope you all are doing well.
Today issue and solution – lesson learned
We have good number of articles on Power Platform, please have a look.
https://knowledge-junction.in/category/technology-articles/power-platform/
So without getting late, lets get started.
Background
- As one of the security consideration in our Tenant we have enabled Multi Factor Authentication (MFA).
- Few of our Power Automates are written using individual connection rather service account.
- As we have enabled MFA , our Power Automates which were using individual connection are stopped working.
So in this article we will discuss what errors exactly happened, solution and best practice
Issue / Error
Error from token exchange:
Runtime call was blocked because connection has error status: Enabled| Error, and office365users is in the block list.
Connection errors: [ParameterName: token, Error: Code: Unauthorized, Message: ‘Failed to refresh access token for service: office365usercertificate.
Correlation Id=f48dde82-f6d8-4ad6-946d-43a67f66300e, UTC TimeStamp=3/10/2023 3:46:19 PM, Error: Failed to acquire token from AAD: {“error”:”interaction_required”,”error_description”:”AADSTS50076:
Due to a configuration change made by your administrator, or because you moved to a new location, you must use multi-factor authentication to access ‘00000003-0000-0000-c000-000000000000′.\r\nTrace ID: 481cfa8f-a385-4a3b-aee5-b6347912d600\r\nCorrelation ID: 166f8394-ec52-48f4-88a8-e7e4284ce13e\r\nTimestamp: 2023-03-10 15:46:19Z”,”error_codes”:[50076],”timestamp”:”2023-03-10 15:46:19Z”,”trace_id”:”481cfa8f-a385-4a3b-aee5-b6347912d600″,”correlation_id”:”166f8394-ec52-48f4-88a8-e7e4284ce13e”,”error_uri”:”https://login.windows.net/error?code=50076″,”suberror”:”basic_action”,”claims”:”{\”access_token\”:{\”capolids\”:{\”essential\”:true,\”values\”:[\”5494b4bd-c2da-4819-9b4d-e2c391e5c5e8\”]}}}”}’]
Details
- Authentication error for connections which are using individual connections.
- We need to re-authenticate/fix the connections.
- We are not getting Office365Users details because of connection has error or Office365Users in block list.
- Due to unauthorized access tokens flow failed.
- Runtime call blocked because of the connection error.
Solution / Approach
Re-Sign with credentials – reauthenticate / fix the broken connections used or create new connections.
Best Practice
- Use service account for implementing Power Automates rather using individual account for connections.
.
Hope this article will help you to resolve the Power Automate Flow error.
You can also get my article updates on my social media handles.
LinkedIn – https://www.linkedin.com/in/khasim-shaik-8784a1232/
Twitter – https://twitter.com/KhasimShaik2009
Facebook – https://www.facebook.com/profile.php?id=100078255554660
Thank you for your support, will catch up with new article soon.
Keep learning and keep smiling 🙂
Thanks.
This solution doesn’t work if the power automate flows run within the PowerApps canvas apps as the connections are established within the logged in user context. Workaround would be to use a service account for connections as well as constructing additional workflows to handle emails indirectly.
Thank you for the update 🙂 Yes, also suggested the best practice in article for using the Service Account.