![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 80%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDG%3C/text%3E%3C/svg%3E)
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
24,275 questions
Thank you for your post and I apologize for the delayed response!
Error Message:
Access has been blocked by Conditional Access policies. The access policy does not allow token issuance.
Based off the error message that you're receiving - this indicates that the access policy does not allow token issuance. This can happen when a user or application tries to access a resource that is protected by a Conditional Access policy, but the policy conditions aren't met.
To troubleshoot or resolve this issue, you can:
- Review the error message that appears. For problems signing in when using a web browser, the error page itself has detailed information. This information alone may describe what the problem is and that may suggest a solution.
- Review your Azure AD sign-in logs to see which CA policy / policies were applied and why.
If you're still having issues even after reviewing your error details and sign-in logs, please let me know.
Additional Links:
- Troubleshooting sign-in problems with Conditional Access
- What to do if you're locked out of the Azure portal?
I hope this helps!
If you have any other questions, please let me know. Thank you for your time and patience throughout this issue.
If the information helped address your question, please Accept the answer. This will help us and also improve searchability for others in the community who might be researching similar information.