Admin Account Being Blocked when trting to upgrade AD Sync

Question

Admin Account Being Blocked when trting to upgrade AD Sync

Raffaele Scotti 20

I'm trying to upgrade AD Connect Sync, but when I try to log in, my account is blocked.

Andy David - MVP 156K Reputation points MVP Moderator

2025-04-27T13:48:06.54+00:00

Blocked how? MFA requirement?
Raffaele Scotti 20 Reputation points

2025-04-27T14:27:19.76+00:00

Hello Andy,

Thank you for getting back to me. I'm not sure. My account is MFA enfoced. I'm able to log into email, 365 admin, and Azure portal with no problems, but when I try to upgrade Entra Connect i'm getting blocked. Please see attached.

Accepted answer

0 additional answers

Your answer

Andy David - MVP 156K Reputation points MVP Moderator

2025-04-27T13:48:06.54+00:00

Blocked how? MFA requirement?
Raffaele Scotti 20 Reputation points

2025-04-27T14:27:19.76+00:00

Hello Andy,

Thank you for getting back to me. I'm not sure. My account is MFA enfoced. I'm able to log into email, 365 admin, and Azure portal with no problems, but when I try to upgrade Entra Connect i'm getting blocked. Please see attached.

Answer 1

Akhilesh Vallamkonda 14,975 Microsoft External Staff Moderator

Hi @Raffaele Scotti

Based on the error message it indicates that the access policy does not allow token issuance. This can happen when a user or application tries to access a resource that is protected by a Conditional Access policy, but the policy conditions aren't met. To know for certain what is being blocked, you will need to gather more details.
Under Microsoft Entra ID -> Sign-in logs, you can select the failed sign-in log and view the Conditional Access tab to get more details about why the Conditional Access conditions were not met and which policies applied
ca1

Then if you select the policy details you should be able to see which conditional access policy is blocking for users sign in, once you find the policy name go to the conditional access policy and select the policy name and adjust policy accordingly to allow the user to sign in.

If you still do not see enough information to isolate the issue, please let me know.

Also follow the document to Troubleshooting sign-in problems with Conditional Access

Hope this helps. Do let us know if you any further queries by responding in the comments section.

If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.

Raffaele Scotti 20 Reputation points

2025-04-28T09:53:56.4866667+00:00

Hello Akhilesh, Thank you for your email. Please see the attached. I'm not really sure what I need to do next.

Thanks,

Raffaele
Akhilesh Vallamkonda 14,975 Reputation points Microsoft External Staff Moderator

2025-04-28T12:49:48.8366667+00:00

@Raffaele Scotti
for further troubleshooting I've initiated a private message for a closer investigation. please let me know by responding in the Private message section.
Akhilesh Vallamkonda 14,975 Reputation points Microsoft External Staff Moderator

2025-04-28T15:30:35.17+00:00

@Raffaele Scotti
As discussed, the reason you are blocking to sign in is because the Sign-in risk policy under Identity Protection.
By excluding the global admin from the Sign-in risk policy has resolved your issue.
Raffaele Scotti 20 Reputation points

2025-04-28T15:37:28.0166667+00:00

Hello Akhilesh,

Thank you so much for all your help. It was an absolute pleasure working with you. You provided excellent support and assistance, and you were incredibly patient with me throughout the process.

Microsoft is very fortunate to have you on their team.

Best regards, Raffaele

Share via

Admin Account Being Blocked when trting to upgrade AD Sync

0 additional answers

Your answer