Azure Enterprise Application: Sign-in error code 53000: Device is not in required device state: {state}. Conditional Access policy requires a compliant device, and the device is not compliant.

maiken chen 271

Correlation ID 534b5bf6-6bf6-42ad-b3cd-53fffad8fdd8 Authentication requirement Single-factor authentication Status Failure Sign-in error code 53000 Failure reason Device is not in required device state: {state}. Conditional Access policy requires a compliant device, and the device is not compliant. The user must enroll their device with an approved MDM provider like Intune. User maiken Username maiken@hellochenchenoutlook.onmicrosoft.com User ID 386532f4-518d-4286-b879-2b535c026515 Alternate sign-in name maiken@hellochenchenoutlook.onmicrosoft.com Application Zoom SSO Application ID 3d0202cd-5fbb-4c32-bbb7-4e922b52b49d Resource Windows Azure Active Directory Resource ID 00000002-0000-0000-c000-000000000000 Resource tenant ID a97b2d6c-b4a8-415a-88fd-7fe3c817440d Client app Browser Token issuer type Azure AD Token issuer name Latency 109ms User agent Mozilla/5.0 (Windows NT 10.0; Win64; x64; WebView/3.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.18362

maiken chen 271 Reputation points

2020-10-15T13:17:42.667+00:00
hi @soumi-MSFT , i notice that, in my 3 different device, there are 3 different result on the same Conditional Access.
By compare the 3 different Sign ins logs, they are only different with User agent. Please take a notice for this.

for windows outlook client New (Old Edge base engine, not chromium Edge engine) the failure message is:

**Sign-in error code
53000

Failure reason
Device is not in required device state: {state}. Conditional Access policy requires a compliant device, and the device is not compliant. The user must enroll their device with an approved MDM provider like Intune.

User agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64; WebView/3.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.18362**

the display error message is:

for windows outlook client Old (IE11 base engine, not the Edge Or chromium engine) the failure message is:(same error code, but the display error message is not the same)
**Sign-in error code
53000

Failure reason
Device is not in required device state: {state}. Conditional Access policy requires a compliant device, and the device is not compliant. The user must enroll their device with an approved MDM provider like Intune.

User agent
Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko**

display error message is:

for mac microsoft Edge browser(chromium base engine) the failure message is:(i think this is by design, not a problem)

**Sign-in error code
530003

Failure reason
Your device is required to be managed to access this resource.

User agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.75 Safari/537.36 Edg/86.0.622.38**

and the display error message is:
maiken chen 271 Reputation points

2020-10-15T13:18:47.42+00:00

hi @soumi-MSFT please notice here.
Felippe Borges 71 Reputation points

2022-03-29T13:45:01.867+00:00

how did you solve the problem?
Constantin Razvan Ungureanu 1 Reputation point

2022-06-22T11:33:09.507+00:00

I'm getting the same issue now and i'm wondering how you guys solved the problem?
Felippe Borges 71 Reputation points

2022-07-13T14:42:25.74+00:00

Hello Costaintin,

I solve my problem disabling old classic policies and creating new ones. You may have some classic policies conflicting with the new ones. Check all the conditional access that you have created.
Manam, Shankar 30 Reputation points

2023-04-07T10:14:39.8366667+00:00

Could not see the exact solution. can any one share the solution
Srikanth Saraswathi 0 Reputation points

2023-06-30T11:02:02.5266667+00:00

can we get the solution ?
Amit Bhalla (WPP Group USA LLC) 0 Reputation points Microsoft Vendor

2023-09-22T07:26:45.5933333+00:00

Hi @soumi-MSFT I am getting the same error 53000 on Azure VM, could you please help. thank you!
Ken Thomas 0 Reputation points

2024-02-12T15:38:03.2466667+00:00

any ideas why this sort of error would occur intermittently, when many excel files are being opened from a sharepoint site by a script?
Paweł Daniec 0 Reputation points

2024-03-15T13:02:29.72+00:00

hi @soumi-MSFT , could you share a fix to us? there is a lot of similar problem with compliance

Sign-in error code

53000

Failure reason

Device is not in required device state: {state}. Conditional Access policy requires a compliant device, and the device is not compliant. The user must enroll their device with an approved MDM provider like Intune.

Additional Details

Your administrator might have configured a conditional access policy that allows access to your organization's resources only from compliant devices. To be compliant, your device must be either joined to your on-premises Active Directory or joined to your Azure Active Directory. More details available at https://docs.microsoft.com/azure/active-directory/active-directory-conditional-access-device-remediation

Accepted answer

maiken chen 271 Reputation points

2020-10-16T10:21:41.003+00:00

have been fixed this problem by @soumi-MSFT and his great teams. thanks a lot.
Please sign in to rate this answer.

1 person found this answer helpful.
Matthew Harrington (Design Laboratory Inc) 31 Reputation points

2021-03-23T14:58:43.26+00:00

Providing insight on how it was fixed would have been helpful.

forward.observations.group 16 Reputation points

2021-09-13T22:01:02.347+00:00

No kidding. I'm running into this issue right now and some information would be great. The device was working fine just a few moments ago and now its not. Everything is fully up to date and the portal shows the device as fully compliant. All configuration and compliance profiles/policies are all successful or compliant. I don't know what's going on.

VSree 1 Reputation point

2021-12-15T12:41:50.977+00:00

I'm facing the same issue with my web application but after migrating to microsoft.graph api endpoint from aad graph api endpoint. please provide me the detailed explanation. thanks

hkwok532 1 Reputation point

2021-12-20T19:02:40.22+00:00

I've gotten this same error code (AADSTS53000) when trying to connect to an internal database via SSMS (for work), and I have not found any information other than this question & the meaning of the error code itself. Any additional information about resolving this issue would be very helpful. I am pretty sure my work computer is compliant (plus I am using a work VPN to access the database).

Weiqi Li 1 Reputation point Microsoft Employee

2022-05-05T20:39:38.313+00:00

I'm having the same issue when connecting our database using SSMS. Can I know how did you resolve this?

iconoclast88 61 Reputation points

2023-07-03T19:51:28.63+00:00

no resolution?

Andrés Enrique Cárdenas 10 Reputation points

2023-07-10T17:25:29.47+00:00

real helpful saying someone fixed it for you but not sharing the information in how with everyone else :/

Shejal Mewada 5 Reputation points

2023-07-27T09:08:09.6333333+00:00

what is the solution ? can someone share it please
Sign in to comment

Use comments to ask for clarification, additional information, or improvements to the question.

Share via

Azure Enterprise Application: Sign-in error code 53000: Device is not in required device state: {state}. Conditional Access policy requires a compliant device, and the device is not compliant.

0 additional answers

Your answer