Conditional Access error 53003, No device ID is being sent from Edge on sign in to confirm a compliant device

Aaron Wade 0 Reputation points
2024-02-28T09:49:49.7966667+00:00

I've recently been plagued with reports from some of my users that their sign-ins to Office 365 are successful but they can't be given access yet, Error 53003 which points to a failed conditional access check, looking at the sign-in logs I can see what the issue is straight away, when the users sign in through Edge it isn't always sending the Device ID to Entra, causing the conditional access policy to check for a compliant device to fail.

All of the devices are AzureAD Joined, The Issue itself can last from a day all the way up to a month, and the only work around I've been able to find for now is to install Google Chrome and the Windows Accounts Extensions for it.

Has anyone found a fix for this issue? We're unable to remove the conditional access policy that's stopping the sign-in and getting our entire workforce to switch to chrome isn't feasible but I've not been able to find any solution to make sure Edge will always deliver the Device ID to Entra.

Microsoft Edge
Microsoft Edge
A Microsoft cross-platform web browser that provides privacy, learning, and accessibility tools.
2,144 questions
Microsoft 365
Microsoft 365
Formerly Office 365, is a line of subscription services offered by Microsoft which adds to and includes the Microsoft Office product line.
3,835 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,563 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Domooney-MSFT 2,476 Reputation points Microsoft Employee
    2024-02-28T16:20:16.5466667+00:00

    Hi Aaron Wade,

    Thank you for posting your query on Microsoft Q&A!

    Normally we see this issue if a user is not logged into Edge with the same Entra ID user account they are trying to access the application with. Or if a user is using an incognito browser window.

    One other possible problem can be if the user does not have a PRT for some reason. We have details here on how a user obtains a PRT on an Entra ID joined device - https://learn.microsoft.com/en-us/entra/identity/devices/concept-primary-refresh-token#how-is-a-prt-issued

    We have some guidance here on troubleshooting PRT issues - https://learn.microsoft.com/en-us/entra/identity/devices/troubleshoot-primary-refresh-token#step-1-get-the-status-of-the-primary-refresh-token

    Do let me know if any of this helps, or if you have further issues I would be happy to help.

    Kind Regards, Donal