Graph API token generation failed. Device is not in required device state: compliant.

Question

{
    "error": "interaction_required",
    "error_description": "AADSTS53000: Device is not in required device state: compliant. Conditional Access policy requires a compliant device, and the device is not compliant. The user must enroll their device with an approved MDM provider like Intune. Trace ID: cc28e207-debf-4c5e-9331-1031b8e90f00 Correlation ID: 1bfbd87c-3bb5-48a7-8247-f4853c50e7a7 Timestamp: 2024-11-24 11:59:20Z",
    "error_codes": [
        53000
    ],
    "timestamp": "2024-11-24 11:59:20Z",
    "trace_id": "cc28e207-debf-4c5e-9331-1031b8e90f00",
    "correlation_id": "1bfbd87c-3bb5-48a7-8247-f4853c50e7a7",
    "error_uri": "https://login.microsoftonline.com/error?code=53000",
    "suberror": "additional_action",
    "claims": "{\"access_token\":{\"capolids\":{\"essential\":true,\"values\":[\"98e946e5-5755-4bbf-84c6-cb9c62ab2cf0\",\"505991bc-f3e9-4664-9b57-946f78d8eb5b\",\"93f5dc4f-362f-4c0f-b55d-683242b9b251\",\"b020b9e8-2c62-4a78-a663-2c2dcd19b1e4\",\"59d88621-3b48-41e4-bce1-4cafe586dbfb\",\"f39dbe59-08a0-4a80-9a91-d0ba242aa4ba\"]}}}"
}

Answer 1

Hi @Patel, Binod ,

Thanks for reaching out.

The error message indicates that a Conditional Access policy in Azure Active Directory (AAD) requires devices accessing a specific resource to be compliant with your organization's Mobile Device Management (MDM) policies (e.g., Microsoft Intune). The device you're using does not meet these requirements, so access is blocked.

In this scenario you have to enroll your device and check compliance settings or ask the CA admin to relax the policy for you.

Reference - https://learn.microsoft.com/en-us/entra/identity/conditional-access/concept-conditional-access-grant#require-device-to-be-marked-as-compliant

Thanks,

Shweta

Please "Accept the answer" if above answer helped you.