Forum Discussion
Code - 50173
Hi, I see a number of Risky Sign-ins with the code 50173 - Fresh auth token is needed. Have the user re-sign using fresh credentials. And the status is "Failure". But I noticed the IP address c...
Hi cllee,
Not sure why it shows from different country, but this message refers to token expiration and needs to be refreshed. There are some ways to extend the token lifetime like Conditional Access.
Are you checking the logs from MCAS? If not, I would check from that side as the logs more organized.
https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-configurable-token-lifetimes
Not sure why it shows from different country, but this message refers to token expiration and needs to be refreshed. There are some ways to extend the token lifetime like Conditional Access.
Are you checking the logs from MCAS? If not, I would check from that side as the logs more organized.
https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-configurable-token-lifetimes
Is there a possibility where someone else has also setup the access to the user account from another country?
Thanks.
- Do you have MFA in place?If yes, It could be false alarm.
Again I would check Microsoft Cloud App Security for more details about the incident.
Moe