Here are some things I would recommend checking:
- Prevent Cross-Site Tracking is disabled.
- Block All Cookies is disabled.
- Authenticator for iOS is installed (if using iOS)
- Modern authentication is enabled on the tenant.
- Confirm whether the same issue occurs on non-iOS devices
The error itself means that the conditional Access Policy in your tenant is preventing access to the application to retrieve access tokens from Azure. If you check the sign-in events, look for an event with Status = Failure, select the event, and select the Conditional Access tab, you can investigate which policy caused the block. If your application is breaking a rule you can modify the application to make it compliant. Otherwise you can exclude the service principal from the conditional access policy.
If the device information is not being passed, the CA will block the device as non-compliant.
If you can check both the failed and successful sign-in logs you can confirm the more granular reasons for the failure (i.e. device platform not recognized by Azure and showing as Unknown, or the user condition not matching). You need to make sure that the useragent follows the correct format. User-Agent - HTTP | MDN (mozilla.org)
If none of these steps help I would recommend sharing your sign-in log details and creating a support case to further investigate your issue.
If the information helped you, please Accept the answer. This will help us as well as others in the community who may be researching similar information.