Conditional access error 53003 - Compliant device

Question

Conditional access error 53003 - Compliant device

Per Lindblad 5

Conditional access error 53003 - when compliant.

Hi, we ha users that get error 53003 to azure artifacts when the device is compliant and the users can reach everything else (sharepoint, azure devops and eve artifacts from that site...) guarded by CA.

any ideas what this could be?

Rahul Jindal [MVP] 10,911 Reputation points MVP

2023-08-22T17:15:18.59+00:00

Do you have different CA policies enforcing controls related to device compliance? Maybe check Entra ID sign-in logs to gather more information.
Per Lindblad 5 Reputation points

2023-08-22T20:16:56.5833333+00:00

Well these device has exactly the same ca policy’s as hundreds other and they can perform the task. That’s the strange thing. I’m going to register this with Microsoft tomorrow. Thanks for the answer though.

1 answer

Your answer

Rahul Jindal [MVP] 10,911 Reputation points MVP

2023-08-22T17:15:18.59+00:00

Do you have different CA policies enforcing controls related to device compliance? Maybe check Entra ID sign-in logs to gather more information.
Per Lindblad 5 Reputation points

2023-08-22T20:16:56.5833333+00:00

Well these device has exactly the same ca policy’s as hundreds other and they can perform the task. That’s the strange thing. I’m going to register this with Microsoft tomorrow. Thanks for the answer though.

Answer 1

ZhoumingDuan-MSFT 17,165 Microsoft External Staff

@Per Lindblad, Thanks for posting in Q&A. From your description, we understand that you encounter Conditional access error 53003 when the device is compliant.

For the Conditional access error 53003, it means BlockedByConditionalAccess. Please check the user Sign-in logs which locate in Intune admin center > Devices > Conditional access > Sign-in logs and see which setting is blocked.

Here is a link about how to troubleshoot Conditional Access Policy problem:

Troubleshooting sign-in problems with Conditional Access - Microsoft Entra | Microsoft Learn

I notice the device is compliant in Intune. Please also check which compliant status of the affected device In Azure AD.

Hope above can be helpful!

If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Per Lindblad 5 Reputation points

2023-08-23T06:54:03.2166667+00:00

Thank you for your answer. The devices are compliant in intune and azure AD. Though i saw last night that they has two devices in azure ad, seems to be the same device twice and one isn't manage by any mdm and not compliant. Could this be the issue maybe?
ZhoumingDuan-MSFT 17,165 Reputation points Microsoft External Staff

2023-08-23T08:44:19.7366667+00:00

@Per Lindblad, Thank for your early reply. From you description, we understand that the devices are compliant in Intune and Azure AD and the same device appear twice in Azure AD and one is not managed by mdm and not compliant. The duplicate device record maybe the issue, You can delete the device record which not managed by mdm and not compliant to see if the result will be different.

Hope this can be helpful!
ZhoumingDuan-MSFT 17,165 Reputation points Microsoft External Staff

2023-08-25T06:53:45.02+00:00

@Per Lindblad, Hope everything is going well.

May I know if you have any update? Is there anything else I can help for this case?

Thank you for your understanding and patience!

Share via

Conditional access error 53003 - Compliant device

1 answer

Your answer