OneDrive no Access.... which CA blocks access

Copper Contributor

For a user, he gets OneDrive access denied message Rajtoor_1-1660746376921.png

 

and in AAD signin logs for OneDrive SyncEngine I see below

Rajtoor_0-1660746133519.png

 

But if I check on the Conditional Access tab, it does not show which CA blocked it. It does not even list any CA's there. While logs for other apps show which CA was applied or not

3 Replies

@Rajtoor 

 

You can try "What if" feature to find the CA policy that blocks access to resources.

The Conditional Access What If tool - Azure Active Directory - Microsoft Entra | Microsoft Docs

@mikhalif I checked with whatif and it points to policy which blocks legacy apps. But OneDrive SyncEngine is not legacy and under the client app it states as unknown.
Does the user get an MFA prompt when he tries to sign in with his credentials? It looks like OneDrive tries to authenticate with legacy authentication instead of Modern Authentication. You could also temporarily add the user to the exclusion and check the behavior.