If you do not see any Conditional Access policies listed (we didn't), check the basic info and see if there is a different tenant ID. For our issue, we believe the other tenant has a conditional access policy causing our issue.
AADSTS53003: Access has been blocked by Conditional Access policies. The access policy does not allow token issuance.
i got this error when connecting in security defender, with global secure access connected, i setup the policy with the traffic ms365 but i can access everything except security.defender. Does defender have an issue with global secure access ?
Microsoft Security | Microsoft Entra | Microsoft Entra ID
2 answers
Sort by: Most helpful
-
-
Marilee Turscak-MSFT 37,206 Reputation points Microsoft Employee Moderator
2024-02-16T01:16:05.61+00:00 Thank you for your post! The error message indicates that the access policy does not allow token issuance. This can happen when a user or application tries to access a resource that is protected by a Conditional Access policy, but the policy conditions aren't met. To know for certain what is being blocked, you will need to gather more details.
Under Microsoft Entra ID > Sign-in logs , you can select the failed sign-in log and view the Conditional Access tab to get more details about why the Conditional Access conditions were not met and which policies applied.
Then if you select the policy details you should be able to see which conditions applied.
If you still do not see enough information to isolate the issue, please let me know.
Additional reading:
If the information was helpful to you, please Accept the answer. This will help us as well as others in the community who may be researching similar questions.