When you try to sign in to Copilot in Microsoft 365, you may see the error message: AADSTS90014 Required Field Missing. This error means the authentication token sent to Microsoft Entra ID does not contain a required field, such as the audience, scope, or client ID. The root cause is often a misconfigured application registration, a stale token cache, or a recent update to the Microsoft 365 service that changed the token requirements. This article explains why the error occurs and provides step-by-step diagnostic steps to resolve it.
Key Takeaways: Diagnosing and Fixing AADSTS90014 in Copilot
- Clear browser cache and cookies: Stale tokens stored by the browser can omit required fields; clearing them forces a fresh authentication request.
- Check Microsoft Entra ID app registration: Ensure the redirect URI, client ID, and supported account types match the Copilot service requirements.
- Use Incognito or InPrivate mode: Isolates the session from cached extensions or stored credentials that may interfere with token generation.
Why Copilot Returns the AADSTS90014 Error
The AADSTS90014 error is an authentication failure from Microsoft Entra ID. The token request sent by Copilot or the Microsoft 365 service is missing a required claim or field. This can happen for several reasons:
Stale Token Cache
The browser or the Microsoft 365 app stores authentication tokens locally. If the token was issued before a service update changed the required fields, it will be rejected. Copilot cannot generate a new token until the old one is removed.
Misconfigured Application Registration
If your organization uses a custom app registration in Microsoft Entra ID for Copilot, the redirect URI, client ID, or supported account types may not match the current Copilot service settings. The missing field is often the audience claim, which tells Entra ID which service the token is for.
Browser Extension Interference
Extensions that modify HTTP headers or block scripts can strip required fields from the authentication request. Ad blockers, privacy tools, and even some password managers have been known to cause this error.
Diagnostic Steps to Resolve AADSTS90014
Follow these steps in order. Test Copilot after each step to see if the error is gone. Do not skip steps unless the error is resolved.
- Clear browser cache and cookies for the last hour
Open your browser settings. Clear cached images, files, and cookies for the past hour. This removes stale tokens without deleting long-term login data. In Edge, go to Settings > Privacy, search, and services > Clear browsing data > Choose what to clear > select Cached images and files and Cookies and other site data > set time range to Last hour > click Clear now. - Sign out of all Microsoft 365 sessions and sign back in
Go to account.microsoft.com. Sign out of all active sessions. Then sign in again with your work or school account. This forces a fresh token request. - Use Incognito or InPrivate mode
Open a new InPrivate window in Edge or Incognito window in Chrome. Navigate to copilot.microsoft.com and sign in. If the error does not appear, the issue is related to browser extensions or cached data in your normal profile. - Disable browser extensions temporarily
In Edge, go to edge://extensions. Disable all extensions. Restart the browser and test Copilot. If the error is gone, enable extensions one by one to find the culprit. - Check Microsoft Entra ID app registration for Copilot
Go to the Microsoft Entra admin center (entra.microsoft.com). Navigate to Applications > App registrations. Find the app registration for Copilot. Verify that the redirect URI matcheshttps://copilot.microsoft.comorhttps://www.microsoft365.comdepending on your tenant configuration. Ensure the supported account types are set to Accounts in this organizational directory only unless you use guest accounts. - Repair or reinstall the Microsoft 365 desktop app
If you use Copilot in the Microsoft 365 desktop app, close the app. Go to Control Panel > Programs > Programs and Features. Right-click Microsoft 365 and select Change. Choose Quick Repair. If the error persists, run the full Online Repair from the same menu. - Run the Microsoft Support and Recovery Assistant
Download and run the Microsoft Support and Recovery Assistant tool. Select Microsoft 365 > Sign-in. The tool will check for token issues and misconfigured settings automatically.
Related Failure Patterns and Their Fixes
The AADSTS90014 error shares symptoms with other authentication failures. Here are two related issues and how to fix them.
Copilot Shows AADSTS50058: Silent Authentication Failed
This error occurs when the token request cannot be completed silently. The fix is the same as steps 1 and 2 above. If the error persists, check that your tenant allows third-party cookies. In Edge, go to Settings > Cookies and site permissions > Manage and delete cookies and site data > Allow sites to save and read cookie data. Enable this setting.
Copilot Returns AADSTS700016: Application Not Found
This error means the client ID in the token request does not match any registered application. This can happen if the Copilot service was recently updated and the client ID changed. Clear the browser cache and sign out of all sessions as described above. If the error continues, contact your Microsoft 365 administrator to verify the app registration in Entra ID.
Copilot Authentication Methods: Web vs Desktop App
| Item | Web Browser | Microsoft 365 Desktop App |
|---|---|---|
| Token storage | Browser cache and cookies | Windows Credential Manager |
| Extension interference | Yes, extensions can block or modify requests | No browser extensions |
| Primary fix | Clear browser cache and cookies | Repair Microsoft 365 installation |
| Secondary fix | Disable extensions or use InPrivate | Clear credential manager tokens |
| Error AADSTS90014 frequency | More common | Less common |
After clearing the cache in the web browser, test Copilot again. If the error appears only in the desktop app, run the Quick Repair from the Programs and Features menu. The desktop app stores tokens in Windows Credential Manager, which is not cleared by browser cache steps.
If the Error Persists After All Steps
If you have followed all steps and Copilot still shows AADSTS90014, the issue may be on the Microsoft Entra ID service side. Check the Microsoft 365 service health dashboard at admin.microsoft.com > Health > Service health. Look for any advisories related to Microsoft Entra ID or the Copilot service. If no service issue exists, create a support ticket with Microsoft. Include the full error message and the steps you have already taken. The support team can check the tenant-specific token policies and app registrations.
You can now diagnose and resolve the AADSTS90014 error in Copilot. Start with clearing the browser cache and cookies for the last hour. If that does not work, use InPrivate mode to isolate extension issues. The Microsoft Support and Recovery Assistant can automate the checks for token and registration problems. For persistent cases, verify the app registration in the Microsoft Entra admin center and check the service health dashboard.