An update from our org today, too
We have a MS ticket open but has not gotten anywhere.
We are seeing success again for guest users. I can verify it works in our troubleshooting designs as well.
This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Hi all,
About a week ago, several of our tenant guests users are encountering the following error and are unable to access our tenant:
Sign-in error code: 530004
Failure reason: AcceptCompliantDevice setting isn't configured for this organization. The admin needs to configure this setting to allow external users access to protected resources.
We have discovered that the affected users have the following device info:
Compliant No
Managed No
But the weird thing is it affects guests users that have "identity issuer: mail" not just "ExternalAD" and "MicrosoftAccount".
How can mail guests have a managed device?
We cannot find any documented change that may be causing this - we would be grateful for any information on the topic.
An update from our org today, too
We have a MS ticket open but has not gotten anywhere.
We are seeing success again for guest users. I can verify it works in our troubleshooting designs as well.
Are there any updates from others that had Microsoft tickets open?
I'm posting this in January 2023 and I'm seeing this same issue others have described:
I've tried completely uninstalling + reinstalling the Teams desktop app on macOS. It didn't help.
I wonder if this could be resolved by the tenant inviting the external users adjusting their cross tenant B2B inbound trust settings, see https://learn.microsoft.com/en-us/azure/active-directory/external-identities/cross-tenant-access-settings-b2b-collaboration#to-change-inbound-trust-settings-for-mfa-and-device-claims
I'm not able to test that as I'm not an admin in the other tenant, but in any case that would be more of a workaround than a fix. It seems like there is something wrong in the auth flow for external use on macOS for the scenario where the external org requires MFA for external users.
This looks like a conditional access related issue and so I've added the CA tag to this thread. Assuming this is something that just started happening, your best is to probably open a support case though. I know we've been expanding CA capabilities into B2C scenarios recently so this could be because of that -- not my deep area of expertise though. See https://learn.microsoft.com/en-us/azure/active-directory-b2c/conditional-access-user-flow?pivots=b2c-user-flow for details on this.
An update from our end:
We have an open ticket with MS and still cycling through support levels, but have not gotten any solid feedback yet on the issue or the cause.
As of today - 7 days after the first incident - the problem just stopped and everything seems to be back to normal.
It seems that there was a blunder in the background, but kept quiet about it.
Anyhow, mistakes happen and that's ok in my book - some communication and transparency from MS would have been appreciated.
I'm curious if it was solved for others as well?