![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(288, 34%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EXS%3C/text%3E%3C/svg%3E)
Microsoft 365 and Office | Subscription, account, billing | For business | Other
Microsoft 365 features that help users manage their subscriptions, account settings, and billing information.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(25.6, 60%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPN%3C/text%3E%3C/svg%3E)
Please note that this forum is a public platform, so we’ve adjusted your question to hide your organization’s domain name. For future posts, kindly avoid sharing any personal or organizational details to help protect your data.
Hello @Xie, Sherman
Welcome to the Q&A Community!
Thank you for contacting us. I’ve reviewed the sign‑in details you provided, and I can confirm that Error Code 53003 occurs when your sign‑in is successful but is blocked by your organization’s Conditional Access policies. This typically means that the conditions required to access Microsoft Office weren’t met during the attempt.
In your case, the sign‑in logs indicate the device is reporting as Unregistered on macOS. When a device doesn’t meet the organization’s expected trust or compliance requirements, Conditional Access policies may block token issuance.
Here are the most common factors that lead to this specific block:
- Device State: Your device shows as Unregistered, which frequently triggers Conditional Access blocking for organizations enforcing device compliance or registration.
- Conditional Access restrictions: Policies may require:
- A registered or compliant device
- A specific IP location or network
- Updated apps or OS versions
- Supported browsers or authentication flows
Hence, I recommend the followings:
1. Contact Your IT/Entra ID Administrator
Your admin will need to review the sign‑in logs for your account in: Entra admin center > Entra ID > Monitoring & health > Sign-in logs.
This will show which specific policy blocked your attempt. If the block is based on device trust, they may need to update the policy or confirm whether your device meets requirements.
For more details, please refer to Conditional Access and Microsoft Entra activity logs - Microsoft Entra ID | Microsoft Learn
2. Register or Enroll Your macOS Device (If Required)
Since the system currently reports your device as unregistered, your organization may need you to:
- Enroll the device via Microsoft Intune Company Portal, or
- Register the device in Entra ID
This ensures the device satisfies trust or compliance conditions.
3. Ensure Office and macOS Are Fully Updated
Out‑of‑date applications or macOS versions can also trigger CA blocks. Updating Microsoft Office and macOS system software can help ensure compatibility with authentication requirements.
4. Check Your Network or Sign‑in Location
If your organization restricts access by region or IP range, signing in from a new or unsupported location may cause this error.
Let me know how it goes on your end or if you need further assistance.
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
