Azure Active Directory is the identity platform to many of today’s organizational applications and services. When you can’t sign in, then this poses a big challenge to achieve productivity, either as an administrator or an end-user.
This blogpost provides the instructions to solve the situation, when you receive error AADSTS50052, when signing into Azure AD and Azure AD-integrated applications and services.
You are a security-focused professional, working for/with an organization that requires strong passwords.
Your organization allows you to sign into Azure AD and/or Azure AD-integrated applications and services using either a cloud-only account or an account that has its password synchronized from an on-premises environment.
When you sign in to Azure Active Directory and/or an Azure AD-integrated application and/or service, you can’t sign in.
Instead, login.microsoft.com provides an error message:
You can’t sign in.
The error occurs, because you are trying to sign in with an account that has a password of over 256 characters.
This limit on passwords is in effect in Azure AD since March 13th, 2020, at 10AM PST (18:00 UTC).
To successfully sign-in, the password needs to be changed.
For a cloud-only Azure account, you can reset the password for the account using the Azure AD self-service password reset (SSPR) functionality. Visit https://aka.ms/sspr to do so.
When the Azure AD self-service password reset (SSPR) functionality is not offered by the organization, an administrator needs to reset the password. If all accounts within the Azure AD tenant are configured with passwords over 256 characters, either:
- Sign in with the initial Azure AD administrator account, as this account is configured with the Azure AD self-service password reset (SSPR) functionality, by default.
- Sign in with an Azure AD administrator account that is equipped with a FIDO 2 security key.
For a synchronized account, sign into the on-premises identity platform and reset the password or have the password reset in the on-premises identity platform to a password that is configured with 256 characters or less.