This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
i got this error when connecting in security defender, with global secure access connected, i setup the policy with the traffic ms365 but i can access everything except security.defender. Does defender have an issue with global secure access ?
A cloud-based identity and access management service for securing user authentication and resource access
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(230.39999999999998, 2%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERD%3C/text%3E%3C/svg%3E)
I have exactly the same issue as you have. I get this error on:
But not on entra.microsoft.com, intune.microsoft.com or portal.azure.com for example. When i set my GSA Conditional Access policy to anything other than enabled, i can access these pages again.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(281.6, 24%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPJ%3C/text%3E%3C/svg%3E)
I got same 53003 error but my Conditional Access details doesnt show our policies. Just says "Not applicable" under Policy Name. Sign in status is "Failure". Any idea?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(275.2, 6%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECS%3C/text%3E%3C/svg%3E)
If you do not see any Conditional Access policies listed (we didn't), check the basic info and see if there is a different tenant ID. For our issue, we believe the other tenant has a conditional access policy causing our issue.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(163.2, 35%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGA%3C/text%3E%3C/svg%3E)
In my case I had used "common" for the tenant id and got this error. Using the actual tenant id from Entra fixed it.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(214.4, 81%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMT%3C/text%3E%3C/svg%3E)
Thank you for your post! The error message indicates that the access policy does not allow token issuance. This can happen when a user or application tries to access a resource that is protected by a Conditional Access policy, but the policy conditions aren't met. To know for certain what is being blocked, you will need to gather more details.
Under Microsoft Entra ID > Sign-in logs , you can select the failed sign-in log and view the Conditional Access tab to get more details about why the Conditional Access conditions were not met and which policies applied.
Then if you select the policy details you should be able to see which conditions applied.
If you still do not see enough information to isolate the issue, please let me know.
Additional reading:
If the information was helpful to you, please Accept the answer. This will help us as well as others in the community who may be researching similar questions.
nothing wrong on my conditionnal access status
Still don't know why i'm not able to connect, sharepoint sign in good but security is th only one where we can't sign in with Global secure access
but the real issue is that the sign in is succeded
Thanks for sharing. It looks like your GSA non-compliance policy is getting applied. What do you have configured for that policy?
I am looking into your question about the GSA/Defender setup too. In the meantime if you would like to have your logs investigated via support case, you can reach out to me at AzCommunity@microsoft.com ("Attn: Marilee Turscak") and share your subscription ID and a link to this thread and I will open a one-time free support case.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(32, 88%, 13%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EOG%3C/text%3E%3C/svg%3E)
hello, I also have the error of: "OAuth error: AADSTS53003: Access has been blocked by Conditional Access policies. The access policy does not allow token issuance.
Trace ID: d60e2a6e-0194-4319-b130-28f31ae80100
Correlation ID: 31755468-cf91-4300-a1eb-1cd4e636f951
Timestamp: 2025-10-10 15:52:27Z
" When I look into the forwarded place by Gregory, I see "A sign-in can also be interrupted (e.g. blocked, multifactor authentication challenged) because of a user risk policy or sign-in risk policy. Currently, this tab only lists Conditional Access policies. "