Thank you for your post and I'll do my best to help point you in the right direction!
To see more details on why the user you created within another tenant, is being blocked by your CA policy, you should be able to look into the Risky users report within Identity Protection. This report provides information about each risk detection, including the type of detection, the sign-in attempt location, and other risks. For more info. After reviewing your user's Risk report, you can reference the Risk types and detection documentation to learn more any specific detection that was found.
If the Risky users report doesn't contain the information you're looking for in regard to the actual blocked sign-in, you can also review your sign-in logs. For more info - Troubleshooting sign-in problems with Conditional Access.
To find out which Conditional Access policy / policies applied and why:
- Navigate to
Microsoft Entra ID > Sign-in logs.
-
Search and Filter
for the appropriate login -
Select the ellipsis on the right side of the policy in a sign-in event.
This'll bring up the policy details, which will give admins additional information about why a policy was successfully or not.
- For more info - Policy not working as intended
Additional Links:
- How to investigate risky users?
- Frequently asked questions Identity Protection in Microsoft Entra ID
- Risk types and detection
- Policy not working as intended
I hope this helps!
If you have any other questions, please let me know. Thank you for your time and patience throughout this issue.
If the information helped address your question, please Accept the answer. This will help us and also improve searchability for others in the community who might be researching similar information.