Summary
You get an error when trying to enable Direct Routing and creating an App Password. This article describes how to Disable MFA / 2FA if you do not see option to disable it by disabling Security Defaults first so that the option to disable MFA / 2FA is visible.
Applies To
This article applies to MachPanel.
Error Message
2FA must be turned off for admin to be used.
To be able to Disable 2FA, you must disable Security Defaults first.
When try to arrange routing for teams directly. See error below.
Error processing command: System.Management.Automation.RemoteException: Showing a modal dialog box or form when the application is not running in UserInteractive mode is not a valid operation. Specify the ServiceNotification or DefaultDesktopOnly style to display a notification from a service application. System.Management.Automation.RemoteException: One or more errors occurred.: AADSTS50076: Due to a configuration change made by your administrator, or because you moved to a new location, you must use multi-factor authentication to access '00000002-0000-0000-c000-000000000000'. Trace ID: 7a9b8db4-138e-49cf-beb3-d1fa79a77b00 Correlation ID: 0eaba9ff-d191-4ebd-84bf-82c3b4f5d355 Timestamp: 2020-04-15 10:47:20Z System.Management.Automation.RemoteException: One or more errors occurred. System.Management.Automation.RemoteException: AADSTS50076: Due to a configuration change made by your administrator, or because you moved to a new location, you must use multi-factor authentication to access '00000002-0000-0000-c000-000000000000'. Trace ID: 7a9b8db4-138e-49cf-beb3-d1fa79a77b00 Correlation ID: 0eaba9ff-d191-4ebd-84bf-82c3b4f5d355 Timestamp: 2020-04-15 10:47:20Z System.Management.Automation.RemoteException: Response status code does not indicate success: 400 (BadRequest). System.Management.Automation.RemoteException: {"error":"interaction_required","error_description":"AADSTS50076: Due to a configuration change made by your administrator, or because you moved to a new location, you must use multi-factor authentication to access '00000002-0000-0000-c000-000000000000'.\r\nTrace ID: 7a9b8db4-138e-49cf-beb3-d1fa79a77b00\r\nCorrelation ID: 0eaba9ff-d191-4ebd-84bf-82c3b4f5d355\r\nTimestamp: 2020-04-15 10:47:20Z","error_codes":[50076],"timestamp":"2020-04-15 10:47:20Z","trace_id":"7a9b8db4-138e-49cf-beb3-d1fa79a77b00","correlation_id":"0eaba9ff-d191-4ebd-84bf-82c3b4f5d355","error_uri":"https://login.microsoftonline.com/error?code=50076","suberror":"basic_action"}: Unknown error System.Management.Automation.RemoteException: One or more errors occurred.: AADSTS50076: Due to a configuration change made by your administrator, or because you moved to a new location, you must use multi-factor authentication to access '00000002-0000-0000-c000-000000000000'. Trace ID: 7a9b8db4-138e-49cf-beb3-d1fa79a77b00 Correlation ID: 0eaba9ff-d191-4ebd-84bf-82c3b4f5d355 Timestamp: 2020-04-15 10:47:20Z CMDExec: Get-MsolDomain
Resolution
2FA must be turned off for admin to be used. To be able to Disable 2FA, you must disable Security Defaults first.
Disable Security Defaults:
Following steps can be used to disable Security Defaults.
- Sign in to the Azure portal as a security administrator, Conditional Access administrator, or global administrator.
- Browse to Azure Active Directory > Properties.
- Select Manage security defaults.
- Set the Enable security defaults toggle to No.
- Select Save.
See below KB article in which this topic is covered in detail:
https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/concept-fundamentals-security-defaults
The key points are:
- If this option of Security Defaults is enabled, then MFA status enabled or disabled will act as Enabled.
- If this option of Security Defaults is Disabled, then MFA status enabled will act as Enabled, and MFA status disabled will act as disabled.