web
You’re offline. This is a read only version of the page.
close
Skip to main content

Notifications

Announcements

No record found.

News and Announcements icon
Community site session details

Community site session details

Session Id :
Dynamics 365 Community / Forums / Finance | Project Operations, Human Resources, ... / ALM - Any walkaround t...
Finance | Project Operations, Human Resources, ...
Answered

ALM - Any walkaround to use Dynamics Lifecycle Services (LCS) Asset Upload with MFA ?

(0) ShareShare
ReportReport
Posted on by Janis LSX 10

Hello, 

i would like to know if there are any walkaround to use asset upload and deployment task from Azure Pipeline with an account where MFA is activate ? 

[error]AADSTS50076: Due to a configuration change made by your administrator, or because you moved to a new location, you must use multi-factor authentication to access

any help would be appreciate,

thanks

I have the same question (0)
  • Verified answer
    Joris dG Profile Picture
    Joris dG 17,775 on at

    Well, I would say luckily there is no way to get around MFA, since that would defeat the purpose of MFA.

    For LCS, we are waiting for a new authorization feature that is intended for this purpose: service-to-service authentication. In this case, Azure DevOps talking to LCS (without a user involved). There is unfortunately no confirmation on when LCS will introduce this feature.

    There is only one option today, and that is to have a dedicated account (which is a good idea anyway) for this integration, but that account will have to have MFA turned off.

  • Janis LSX Profile Picture
    Janis LSX 10 on at

    Hi Joris,

    Thanks for your answer.

    You're definitely right about the MFA, I just thought there might be another technical solution such as service-to-service authentication already in place that I would have missed.

    My customers don t want to use any account with MFA turn off.

    So we will wait for LCS Service-to-service update.

  • Suggested answer
    Sasha Dudarenko Profile Picture
    Sasha Dudarenko 50 on at

    Please vote for this MS idea: experience.dynamics.com/.../

    It will change authentication approach, so the service account will not be required to authenticate from DevOps to LCS.

  • Suggested answer
    Joris dG Profile Picture
    Joris dG 17,775 on at

    Changing to web app doesn't work. It would require an interactive logon. We can interactively logon in the AZDO setup screen - however that token expires in less than 30 days, and somewhat randomly. So you'd literally have to update your AZDO setup at least once per month. We explored that option but the AAD token expiration makes this a no-starter. Service-to-service auth is the only way, and that requires LCS to introduce the feature.

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

Responsible AI policies

As AI tools become more common, we’re introducing a Responsible AI Use…

Neeraj Kumar – Community Spotlight

We are honored to recognize Neeraj Kumar as our Community Spotlight honoree for…

Congratulations to the November Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > Finance | Project Operations, Human Resources, AX, GP, SL

#1
Martin Dráb Profile Picture

Martin Dráb 660 Most Valuable Professional

#2
André Arnaud de Calavon Profile Picture

André Arnaud de Cal... 512 Super User 2025 Season 2

#3
Sohaib Cheema Profile Picture

Sohaib Cheema 291 User Group Leader

Last 30 days Overall leaderboard

Featured topics

End-of-life Announcement for Microsoft Dynamics GP

Product updates

Dynamics 365 release plans