If you’re trying to use the Windows Defender Advanced Threat Protection through the API or through PowerBI and get an AADSTS50131 error, you’ll probably check your sign in logs to see if you’re being blocked by conditional access. If there’s nothing there, as I had the joy of discovering (tsk Microsoft, you really should log this) then check your classic policies and disable if present (old anyway):
I just want to thank you for saving me from what would otherwise have been hours of trying to track this down. I came across this when trying to enable the Microsoft Sentinel connector for Microsoft Defender XDR. For the sake of Google keywords for anyone else looking for this, the user-side error thrown is a portal modal with “Interaction required. The portal encountered an issue while attempting to retrieve access tokens.”, followed by the same AADSTS50131 code.
Hi – just discovered the same problem. Are you sure this policy can simply be deleted? It was obviously put there for a reason and was requiring “Known” devices (whatever that means). If it’s important then I’d prefer to replace it with an equivalent modern policy.
SO do not remove this Policy. It is used for Intergration between Intune and MDE. Blowing it away will cause more issue.
Instead exclude the user and remove the exclusion after.