This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(150.4, 33%, 24%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBZ%3C/text%3E%3C/svg%3E)
Hi, I have published Win32 App to my user. App is visible in web company portal (on machine deployed with Autopilot - Hybrid Azure AD joined) but after selecting install status is pending sync all the time. What I saw was that manual sync was failing with error:
"Error: 0xCAA2000C The request requires user interaction. Description: AADSTS50076: Due to a configuration change made by your administrator, or because you moved to a new location, you must use multi-factor authentication to access........
I noticed when logging into web company portal I am not prompted to enter password, just verification code sent to my phone as MFA.
What can I do on affected machine to be able to install Win32 App? Thx in advance.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(163.2, 33%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECW%3C/text%3E%3C/svg%3E)
We have met this error code when multi-factor authentication (MFA) is Enforced. It prevents the Configuration Manager client agent from enrolling the device by using the logged-in user credentials.
Please try one of the following methods to see if it persists:
• Set MFA to Enabled but not Enforced. For more information, see Set up multi-factor authentication.
• Temporarily disable MFA during enrollment in Trusted IPs.
Please also note that there is a difference between having MFA Enabled and Enforced. For more information about the difference, see Azure AD Multi-Factor Authentication user states. This scenario works by having MFA Enabled but not having MFA Enforced.
If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.