Hello @Peter Jävert,
I'm glad that you were able to resolve your issue and thank you for posting your solution so that others experiencing the same thing can easily reference this! Since the Microsoft Q&A community has a policy that "The question author cannot accept their own answer. They can only accept answers by others ", I'll repost your solution in case you'd like to "Accept " the answer.
Issue: Azure sign-in error 53003. "Access has been blocked by Conditional Access policies" and Conditional Access tab is empty.
Resolution: Resolved by @Peter Jävert
Below are the steps followed by @Peter Jävert
Solved the problem. Not sure why, but her Teams attempted to use MFA for her previous employer's Tenant. We cancelled the MFA authentication in Teams, selected the correct account, and she was able to log in.
Adding the additional info for helping the community members to investigate this further - I understand that the end user faced a problem while trying to access the Teams application on her mobile and was blocked by a conditional access policy with an error code: 53003. When you checked the Entra sign-in logs for that user, there were no conditional access policies applied, and no policies were listed in that tab either.
To identify the root cause, I request you to check the same sign-in log again. This time, please review the Basic Info tab and verify the following details: Resource tenant ID, Home tenant ID and Cross tenant access type.
- Resource Tenant ID: GUID of the tenant of the accessed resource.
- Home Tenant ID: GUID of the tenant to which the user is attached and used to validate their identity.
- Cross Tenant Access Type: B2B Collaboration or B2B Direct.
If the conditional access policy tab is empty in the sign-in log, this can happen if the Resource Tenant ID is different from the Home Tenant ID. This indicates that the user's authentication is occurring on the resource tenant. In this scenario, the resource tenant's conditional access policy will be applied, not the home tenant's conditional access policies. If this is the case, the end user's access might have been blocked due to the resource tenant's conditional access policy, which was not satisfied by the end user's sign-in attempt to the Teams application.
If you have any other questions or are still running into more issues, please let me know. Thank you again for your time and patience throughout this issue.
Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.
Thanks,
Raja Pothuraju.