![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(150.4, 6%, 24%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESB%3C/text%3E%3C/svg%3E)
Microsoft Security | Microsoft Entra | Microsoft Entra ID
A cloud-based identity and access management service for securing user authentication and resource access
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(201.6, 99%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ER%3C/text%3E%3C/svg%3E)
Hello @Shanthi Basavanahalli Venkareddy
The error shows that although authentication is successful, a Conditional Access policy is preventing access. This frequently happens when the policy limits access on the basis of allowed client apps, network location, device compliance, application, client type, or sign-in risk.
Kindly have an Entra ID administrator check the user's sign-in logs under Monitoring & Health → Sign-in logs in the Microsoft Entra admin center, and look for the unsuccessful sign-in on the Conditional Access tab. The particular policy and grant control that is triggering the block will be found in the sign-in log.
Additionally, confirm:
- The device is compliant or hybrid/Azure AD joined (if required).
- The user is connecting from an allowed location/network.
- The application and client type are permitted by policy.
- Any required MFA or Terms of Use requirements have been completed.
The Conditional Access details in the sign-in log will pinpoint the exact restriction that must be addressed.
Let me know if any further queries - feel free to reach out!