This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(35.2, 48%, 13%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKA%3C/text%3E%3C/svg%3E)
Hi all,
About a week ago, several of our tenant guests users are encountering the following error and are unable to access our tenant:
Sign-in error code: 530004
Failure reason: AcceptCompliantDevice setting isn't configured for this organization. The admin needs to configure this setting to allow external users access to protected resources.
We have discovered that the affected users have the following device info:
Compliant No
Managed No
But the weird thing is it affects guests users that have "identity issuer: mail" not just "ExternalAD" and "MicrosoftAccount".
How can mail guests have a managed device?
We cannot find any documented change that may be causing this - we would be grateful for any information on the topic.
We started experiencing the same issue this week.
It's non-Windows devices that we see being blocked from completing the MFA process. We've seen it on unmanaged Mac OS, iOS, and Android for guest user devices. A guest user can complete the process on an unmanaged Windows PC.
We can duplicate the problem with a personal Gmail account added to a Microsoft Team. The user is unable to perform MFA on a mobile device.
We have opened a premier support case with Microsoft. We suspect it's bug on their part.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(76.8, 27%, 17%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKK%3C/text%3E%3C/svg%3E)
Same here and noticing that it's only happening for guests using a macOS or iOS device for us. The folks having the issues have an ExternalAzureAD and MicrosoftAccount issuers.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(208, 56.00000000000001%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
I have also seen this happen today. MacOS user has the same error with same failure code. CA status is Success, so can't be related to CA. If you get an answer from support would be grateful if you could post
An update from our org today, too
We have a MS ticket open but has not gotten anywhere.
We are seeing success again for guest users. I can verify it works in our troubleshooting designs as well.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(19.2, 16%, 11%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAA%3C/text%3E%3C/svg%3E)
Sorry to hear that you are experiencing this issue. This is related to a backend issue, and it has been resolved. let the guest users attempt accessing resources once again.
Thank you for the feedback! :)
I have accepted this answer so the topic can close.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(179.20000000000002, 95%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EV%3C/text%3E%3C/svg%3E)
Are there any updates from others that had Microsoft tickets open?
I'm posting this in January 2023 and I'm seeing this same issue others have described:
I've tried completely uninstalling + reinstalling the Teams desktop app on macOS. It didn't help.
I wonder if this could be resolved by the tenant inviting the external users adjusting their cross tenant B2B inbound trust settings, see https://learn.microsoft.com/en-us/azure/active-directory/external-identities/cross-tenant-access-settings-b2b-collaboration#to-change-inbound-trust-settings-for-mfa-and-device-claims
I'm not able to test that as I'm not an admin in the other tenant, but in any case that would be more of a workaround than a fix. It seems like there is something wrong in the auth flow for external use on macOS for the scenario where the external org requires MFA for external users.
This looks like a conditional access related issue and so I've added the CA tag to this thread. Assuming this is something that just started happening, your best is to probably open a support case though. I know we've been expanding CA capabilities into B2C scenarios recently so this could be because of that -- not my deep area of expertise though. See https://learn.microsoft.com/en-us/azure/active-directory-b2c/conditional-access-user-flow?pivots=b2c-user-flow for details on this.
Hi Jason,
Thank you for responding!
We also suspected it to be CA related initially, and went through all of our policies one by one. None is configured in a way that should have this impact and furthermore, none of them were changed during the timeframe that the incident started.
We also looked for any new settings in CA that we had not configured before, but nothing was found.
Is it possible this is related to the new cross-tenant implementations being introduced?
Is it possible this is related to the new cross-tenant implementations being introduced?
That's the exact theory I noted above. If this is still an issue in your environment, as noted, you should open a support case.
An update from our end:
We have an open ticket with MS and still cycling through support levels, but have not gotten any solid feedback yet on the issue or the cause.
As of today - 7 days after the first incident - the problem just stopped and everything seems to be back to normal.
It seems that there was a blunder in the background, but kept quiet about it.
Anyhow, mistakes happen and that's ok in my book - some communication and transparency from MS would have been appreciated.
I'm curious if it was solved for others as well?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(214.4, 81%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMT%3C/text%3E%3C/svg%3E)
I found some reports of similar issues and the notes said there was a change that caused the issue, but they rolled back the change yesterday and it should be resolved. Thanks for being diligent about this and apologies for the inconvenience.