![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(60.8, 44%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EXB%3C/text%3E%3C/svg%3E)
Microsoft Security | Microsoft Entra | Microsoft Entra ID
A cloud-based identity and access management service for securing user authentication and resource access
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(233.6, 85%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EVS%3C/text%3E%3C/svg%3E)
Error 53010 with the message “Cannot configure multi-factor authentication methods because the organization requires this information to be set from specific locations or devices” is generated by Conditional Access, not by the user’s MFA registration policy itself.
The sign‑in logs show that the Conditional Access policy requiring MFA (“MSaaS – Require multi-factor authentication for all users”) is being evaluated and fails at the second factor step. When a Conditional Access policy blocks registration, the user does not see the usual “More information required” prompt; instead, the sign‑in is blocked with the error shown.
To identify the exact cause and policy:
- Open Sign-in logs for the affected user.
- Select the failed sign‑in and go to the Authentication Details tab to see which requirement (authentication strength/MFA) was enforced.
- Go to the Conditional Access tab and select each policy listed to review the Grant controls and any Conditions (locations, device state, authentication flows, etc.). This view shows why the policy evaluated to failure.
If there truly is no location restriction configured in any Conditional Access policy, check for:
- An authentication flows policy or other Conditional Access policy that targets specific device states or locations and is being applied to the same sign‑in. Use the Conditional Access tab and, if needed, the What If tool to simulate the sign‑in and see which policy is blocking it.
- Any policy that protects security info registration (user action for security info registration or MFA registration) and has conditions that are not met from the user’s current device or network.
Adjust or exclude the blocking Conditional Access policy (for example, by allowing the user’s location/device or by excluding the user temporarily) so that the MFA registration prompt can complete successfully.
References: