When using a dataflow from another tenant (Tenant B) in your report and semantic model hosted in Tenant A, the manual refresh and short-term scheduled refresh within 30 minutes work fine because the OAuth token remains valid during that period. However, after some time, the token expires, and the system is unable to reauthenticate across tenants automatically. This results in the scheduled refresh failing, often with errors indicating that it’s looking for the dataflow or workspace inside your native Tenant A instead of Tenant B.

This happens because OAuth credentials set via manual sign-in do not persist for long durations across tenants, and Power BI doesn’t handle token refresh properly in such cross-tenant scenarios.

To fix this, the best option is to use a service principal-based authentication. Create a service principal in Tenant B, assign the necessary permissions to access the dataflow, and then use it to configure the data source credentials in Tenant A. This method is more stable and suited for long-term, automated refreshes.

Alternatively, if a service principal is not feasible, consider replicating the required data from Tenant B to Tenant A using Fabric Pipelines or APIs, so the refresh happens entirely within one tenant, avoiding cross-tenant issues.

Hey @rack201,

Here's how I'd tackle this step by step:

Step 1: Re-authenticate the connection

• Go to your workspace settings in Tenant A
• Find the dataflow data source under "Data source credentials"
• Click "Edit credentials" and sign in again with your Tenant B account
• Test with a manual refresh to confirm it works

Step 2: Check token expiration settings

• In Tenant B's admin portal, look at the OAuth app settings
• See if there's a shorter token lifetime that's causing the issue
• If you're using a custom app registration, check its token lifetime configuration

Step 3: Set up service principal (recommended)

• Create a service principal in Tenant B's Azure AD
• Give it the necessary Power BI permissions (Workspace.ReadWrite.All minimum)
• Add it as a member/admin to the Tenant B workspace
• Update your dataflow connection to use this service principal instead of OAuth

Step 4: Verify cross-tenant policies

• Check if Tenant B has conditional access rules blocking external access after certain time periods
• Look for any guest user policies that might be timing out your access
• Make sure external sharing is enabled for the specific workspace

Step 5: Alternative approach if above fails

• Consider creating the dataflow in Tenant A instead and pulling data from Tenant B
• Or move your semantic model to Tenant B to keep everything in one tenant

The service principal route usually solves this permanently since it doesn't rely on user tokens that can expire.

Did it work? ✔ Give a Kudo • Mark as Solution – help others too!

Best regards,
Jainesh Poojara / Power BI Developer