Forum Discussion

MarLog's avatar
MarLog
Copper Contributor
Dec 11, 2024

Issue with SharePoint and Teams access

Hello everyone, 

I have the following question.

My device is being currently involved in two different tenants (my main work and customer environment).

When I try to login in azure portal, or devOps, I have no issue with the access. 

When I try to open customer's SharePoint page, or use Teams with the account registered in customer environment, I experience an issue with authentication.

Firstly, I get a window where it is stated " Tenant Name requires you to secure this device before you can access email, files and data. If you go to other apps or sites, they may recognize that you are signed in. You can enroll your device with...". When I continue, I got another error with error code: 530003. Device Platform is: macOS. Device state: unregistered.

 

Thanks in advance for your assistance!

  • Hello MarLog

     

    The sign-in error code 53003 means that Conditional Access policies set by the organization managing the resource (likely your organization) are blocking the external user from accessing the workspace. These policies can apply to external users if configured that way. A common misunderstanding is that Conditional Access policies only impact internal users, but they can also enforce requirements on external users accessing resources.

    Here’s how to address this issue:

    1. Review Conditional Access Policies:
      Check your organization's Conditional Access policies in Azure Active Directory (or similar service) to identify if any restrictions are causing the issue. Common criteria include:
      • Location: Access may be limited to certain IP ranges or geographic regions.
      • Device compliance: Policies might require devices to be domain-joined or meet specific security standards.
      • Approved apps: Access could be restricted to specific browsers or applications.
    2. Adjust Policies If Necessary:
      If a policy is identified as the cause, consider:
      • Adding an exception for the external user or their organization.
      • Temporarily relaxing restrictions to allow access.
    3. Coordinate with the External User’s IT Team:
      If the issue is on their side, collaborate with the external user’s IT department to ensure their setup meets your Conditional Access requirements.
    4. I recommend checking the Microsoft Entra Sign-in logs to determine which tenant’s Conditional Access policy is blocking access to the resources.

    If you find this helpful, please "Accept Answer" and consider upvoting. Feel free to leave additional questions by clicking "Comment."

  • WelkasWorld's avatar
    WelkasWorld
    Brass Contributor

    Hi,

    This error indicates that you are blocked by conditional access policy/ policies that may require Entra joined/ compliant device in customer's environment. If you ask them to check your sign-in logs in Entra ID and have a look at the 'Conditional Access' tab within your sign-in log, they should be able to see which policy/ policies is/ are blocking you and should be able to put exclusions in place to accommodate the necessary level of access.

    Hope this helps. 

  • Ankido's avatar
    Ankido
    Iron Contributor

    Hello MarLog

     

    The sign-in error code 53003 means that Conditional Access policies set by the organization managing the resource (likely your organization) are blocking the external user from accessing the workspace. These policies can apply to external users if configured that way. A common misunderstanding is that Conditional Access policies only impact internal users, but they can also enforce requirements on external users accessing resources.

    Here’s how to address this issue:

    1. Review Conditional Access Policies:
      Check your organization's Conditional Access policies in Azure Active Directory (or similar service) to identify if any restrictions are causing the issue. Common criteria include:
      • Location: Access may be limited to certain IP ranges or geographic regions.
      • Device compliance: Policies might require devices to be domain-joined or meet specific security standards.
      • Approved apps: Access could be restricted to specific browsers or applications.
    2. Adjust Policies If Necessary:
      If a policy is identified as the cause, consider:
      • Adding an exception for the external user or their organization.
      • Temporarily relaxing restrictions to allow access.
    3. Coordinate with the External User’s IT Team:
      If the issue is on their side, collaborate with the external user’s IT department to ensure their setup meets your Conditional Access requirements.
    4. I recommend checking the Microsoft Entra Sign-in logs to determine which tenant’s Conditional Access policy is blocking access to the resources.

    If you find this helpful, please "Accept Answer" and consider upvoting. Feel free to leave additional questions by clicking "Comment."

Resources