![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(211.20000000000002, 14.000000000000002%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKK%3C/text%3E%3C/svg%3E)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(25.6, 60%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPN%3C/text%3E%3C/svg%3E)
Good day! Welcome to Q&A forum!
Please understand that our forum is a public platform, and we will modify your question to cover your organization domain name in the description. Please notice to hide these personal or organization information next time you post error or some information to protect personal data.
Thanks for the details and the error information. Error 50089 typically means the sign‑in session (“flow token”) expired or your MFA method couldn’t be validated during verification.
To better support you, may I know if you are having a User or Admin account? And did you recently change phone numbers? Your confirmation is crucial for the troubleshooting process.
In the meantime, please try these recommended steps in order:
- If you're signing in an app, try closing the app and reopening. You should also restart your device and reopen the app after. Kindly check if your app has been updated to the latest version.
- If you're signing in through a Browser, kindly start a fresh sign‑in in a private/incognito window, or a different browser, with VPN off and on a different network if possible. Then sign in again.
- On the verification screen, click “I can’t use my Microsoft Authenticator app right now / use a different method.”
- If SMS isn’t arriving, select Phone call if available.
- If using Authenticator, open the app, pull down to refresh, ensure notifications are enabled, or tap the account and use a one‑time code instead of push.
- If SMS isn’t arriving, select Phone call if available.
In case the suggestions above don't work, I would recommend you contact your account's Admin to reset your MFA settings through the Microsoft Entra Admin Center. They need to revoke MFA sessions and require re-register following the steps shown in this article: Manage authentication methods for Microsoft Entra multi-factor authentication - Microsoft Entra ID | Microsoft Learn
If you’re unsure who the Global Admin is within your organization, you can find guidance on locating them here: How do I find my Microsoft 365 admin? - Microsoft Support.
Additional Notes:
This is a temporary issue related to the token's expiration cycle and does not indicate that the account is permanently blocked. If the issue continues after following the recommended steps, administrators should review settings such as conditional access policies, token expiration configurations, and multi-factor authentication (MFA) setups for the affected user.
Please let me know if there are any updates or if you have further concerns. I am happy to help.
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.