web
You’re offline. This is a read only version of the page.
close
Skip to main content

Announcements

Welcome to the Power Platform Communities
News and Announcements icon
Community site session details

Community site session details

Session Id :
Power Platform Community / Forums / Power Automate / Power Flow latest chan...
Power Automate
Answered

Power Flow latest changes that u might not notice -AAD Token Issue

(1) ShareShare
ReportReport
Posted on by CK6218 35
Have you all noticed that your flows are encountering AAD token issues and failing when users run them? The only solution seems to be asking those users to re-login to their Microsoft accounts from their device’s web browser. I wonder why Microsoft doesn’t simply log out users who haven’t re-logged in within 90 days. Do you realize that this creates confusion for end users? It’s puzzling—Outlook on the end user’s device works fine, but the new flow rule requires them to re-login via the web browser. Quite a situation, isn’t it?
Categories:
Building flows
I have the same question (0)
  • Suggested answer
    Trait007 Profile Picture
    Trait007 303 on at
    Hi,

    This situation indeed highlights a recurring issue many users encounter with authentication in Microsoft services, particularly with Power Automate flows. The problem stems from AAD (Azure Active Directory) token expiration or invalidation, which can occur due to various factors like token refresh policies, device state, or service dependencies.

    Why This Happens

    1. Token Expiration:

      • AAD tokens typically expire after a default period (e.g., 1 hour for access tokens, 90 days for refresh tokens).
      • If a refresh token isn't used within its lifetime, the user must re-authenticate to generate a new token.

    2. Session State Discrepancy:

      • Devices like Outlook use persistent sessions that renew tokens in the background.
      • Power Automate flows, on the other hand, depend on the service account or user token, which may not refresh automatically unless explicitly handled.

    3. Conditional Access Policies:

      • Organizations often set up security or conditional access policies that might enforce periodic re-authentication or limit token lifetimes.

    4. Browser-Based Dependency:

      • Power Automate relies on the browser for authentication renewal. If the user isn't actively logged into a browser session, flows using their connection will fail.

    Challenges for End Users

    • Lack of Clarity: End users are often unaware that their tokens have expired, and flows fail silently without meaningful error messages.
    • Inconsistent Experiences: Outlook and other apps work seamlessly because of session persistence, leading users to assume the issue lies with Power Automate itself.
    • Manual Intervention: Asking users to re-login disrupts workflow automation and defeats the purpose of creating seamless automated experiences.

    Possible Solutions

    1. Improved Token Management:

      • Microsoft could implement an auto-refresh mechanism for tokens used in Power Automate.
      • Notify users when a token is about to expire or has expired, guiding them to re-login proactively.

    2. Extend Token Lifetime:

      • Organizations can consider adjusting AAD token lifetime policies to align better with flow usage.
      • Use PowerShell commands or Azure AD Conditional Access settings to configure this.

      Example:

      Set-AzureADPolicy -Id <PolicyID> -DisplayName "TokenLifetimePolicy" -Definition '{"TokenLifetimePolicy":{"MaxAgeSingleFactor":"365.00:00:00"}}'

    3. Centralized Notifications for Token Renewal:

      • Implement a flow or an app that checks for failing connections and notifies users to re-login before the flow fails.

    4. Service Account Usage:

      • Instead of user connections, consider using a service account with dedicated credentials for flows. This reduces dependency on individual user sessions.

    5. Educating End Users:

      • Provide clear instructions to users about how and when to re-login.
      • Use internal communication channels or documentation to explain the issue and resolution.

    For Microsoft: A Call to Action

    Microsoft should address this issue to reduce end-user friction:

    1. Proactive Expiry Notifications: Notify users of impending token expiry directly within Power Automate or Teams.
    2. Unified Token Handling: Align token refresh mechanisms across services like Outlook and Power Automate for consistent experiences.
    3. Enhanced Error Messages: Provide detailed error messages in flow run history, guiding users to resolve token-related issues quickly.

    What You Can Do Now

    • Monitor Flow Failures:

      • Regularly check flow run histories for AAD token-related issues.
      • Notify users promptly to re-authenticate when required.

    • Use a Dedicated Account:

      • For critical flows, switch to service account-based connections.

    • Feedback to Microsoft:

      • Use the Power Automate Ideas Forum to raise this issue and vote on existing suggestions for improved token handling.

    It’s indeed puzzling that such a user-unfriendly scenario persists in an otherwise seamless ecosystem. Hopefully, with enough feedback, Microsoft can address this gap soon!

    ----------------------------------------------------------------------------------
    If this Post helped you, please click "Does this answer your question" and give it a like to help others in the community find the answer too!

  • Verified answer
    David_MA Profile Picture
    David_MA 13,835 Super User 2026 Season 1 on at
    Yes, I've noticed the same issue with AAD tokens causing flows to fail. It seems the only workaround is to have users re-login to their Microsoft accounts via their web browser. This can indeed be confusing for end users, especially since other applications like Outlook continue to work without requiring a re-login.
     
    The reason behind this is that Power Automate relies on AAD tokens for authentication, and these tokens can expire after a period of inactivity. When the token expires, the flow fails because it can't authenticate the user. Unfortunately, Power Automate doesn't automatically log out users who haven't re-logged in within this period, which adds to the confusion.
     
    It's definitely a situation that could use some improvement from Microsoft to enhance the user experience and reduce the need for manual intervention. You should post your ideas to Power Automate Ideas · Community since this is how it has been designed to work and is not an issue the community can resolve.

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

News and Announcements

Welcome to the Power Platform Communities

Quick Links

Introducing the 2026 Season 1 community Super Users

Congratulations to our 2026 Super Users!

Kudos to our 2025 Community Spotlight Honorees

Congratulations to our 2025 community superstars!

Congratulations to the February Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > Power Automate

#1
David_MA Profile Picture

David_MA 62 Super User 2026 Season 1

#2
Haque Profile Picture

Haque 58

#3
Expiscornovus Profile Picture

Expiscornovus 39 Most Valuable Professional

Last 30 days Overall leaderboard

Featured topics

Share your ideas and struggles with building Power Automate flows!
Survey: Power Automate mobile app
How to Ask for Help with Your Power Automate Workflow
Flows are not visible for users who sign in with their personal accounts
Start and wait for an approval action
Restore a deleted flow
List of actions cheat sheet for Power Automate Desktop
Question for everyone : How are you using Create Text GPT in AI Builder?
Welcome to the Power Automate forum!

Product updates

Microsoft Power Platform Community release plans