![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(240, 51%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERP%3C/text%3E%3C/svg%3E)
25,181 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(22.400000000000002, 28.999999999999996%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDM%3C/text%3E%3C/svg%3E)
Hi @Rene Pineda
Thank you for posting your query on Microsoft Q&A.
It looks like your newly created Azure AD connector sync account is being blocked by a Conditional Access policy in your tenant.
If you find the newly created user, the name will be prefixed with "Sync_" as described in this article -https://learn.microsoft.com/en-us/azure/active-directory/hybrid/connect/reference-connect-accounts-permissions#microsoft-entra-connector-account
Navigate to this users non-interactive sign-in logs, and check for the logins which fail with "AADSTS50079" - In here you can check which Conditional Access policies are blocking the sign-in, the policy is requiring the user to register for MFA which it cannot do as it is a service account.
Once you determine which policies are enforcing MFA for this account, you can exclude this user from the impacting policies and retry the installer.
Do let me know if you have any further questions, I would be happy to help!
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.