Fix Microsoft Sign-in Errors with Passkey or Windows Hello

Audience

This article is intended for Central Piedmont faculty, staff, and students receiving certain authentication-related error messages when signing in to Central Piedmont websites through the Microsoft Single Sign-On (SSO).

Task

This suggested workaround helps resolve sign-in issues when you encounter these error messages:

  • "AADSTS75011: Authentication method 'X509, MultiFactor, X509Device' by which the user authenticated with the service doesn't match requested authentication method 'Password, ProtectedTransport'"

  • "AADSTS75011: Authentication method 'MultiFactor, Fido' by which the user authenticated with the service doesn't match requested authentication method 'Password, ProtectedTransport'."

Prerequisites

The existence of one of the following errors when trying to use passwordless authentication methods such as Windows Hello, Passkey, or USB based security-key on a service that does not support this option:

Screenshot of error AADSTS75011: Authentication method 'X509, Multifactor, X509Device'...Error for X509 devices 

Error for AADSTS75011: Authentication method 'Multifactor, Fido' by which the user authenticated...Error for Fido devices

Instructions

  1. Open a new browser tab and go to myaccount.microsoft.com.

  2. Click your profile picture/icon in the top-right corner and select "Sign out."

  3. Uploaded Image (Thumbnail)

    You will be asked to pick an account you want to sign out of. Click your user account to complete the sign-out process. Do not close the page— wait to be redirected to the sign-in screen.

  4. Uploaded Image (Thumbnail)

    You will see a message confirming that the account is logged out, and then be redirected to the sign-in screen. 

  5. When prompted to pick an account to sign in, select "Use Another Account"

  6. Uploaded Image (Thumbnail)

    You should be prompted for your password, but you may encounter the following:

    • A pop-up stating "Making sure it's you" might appear if you’re using Windows Hello or a security key to log in. Click "Cancel" on this window.

    • Uploaded Image (Thumbnail)

      If you receive a message stating "We couldn't sign you in", click the link "Other ways to sign in".

    • Uploaded Image (Thumbnail)

      When asked to "Choose a way to sign in", select "Use my password".

    • Uploaded Image (Thumbnail)

      If you are not redirected to a password prompt or encounter a different message, please contact the ITS Service Desk for help.

  7. When prompted, enter your password and click "Sign in."

  8. Uploaded Image (Thumbnail)

    Complete the Multi-Factor Authentication (MFA) steps as prompted. Be sure to follow the on-screen prompts carefully.

  9. When asked "Stay signed in?", select "No" if you are using a public/shared device.

  10. You should now be able to sign in to the website or service you were originally trying to access without issue.

Outcome

After completing these steps, you will have a valid authentication token, which will allow you to access Central Piedmont websites and systems without issue.

Print Article

Related Articles (3)

Setting Up Microsoft MFA
Instructions for setting up Microsoft multi-factor authentication (MFA) for students and employees.