Hey everyone! I have a user set up with multi-factor authentication (MFA), including push notifications, but they're still being blocked from accessing a specific resource. Any thoughts on what might be going wrong?
3 Answers
Definitely check the sign-in logs. Identify which Conditional Access policies are being triggered or blocking access. It would help if you could provide a JSON snippet or screenshots of the policy for further insight. It seems like a configuration issue might be at play, but we need to pinpoint where exactly!
You might be running into an interruption due to a Conditional Access Policy, which forces device authentication. The sign-in error 50097 usually indicates that this is not a typical failure but shows that device authentication is being triggered. The user does have MFA set up, so confirming the details of the Conditional Access policy in the log could clarify what's going on.
Your user might be facing an issue where their MFA setup doesn't meet the requirements set by the Conditional Access policy for that resource. It could be worth checking the Azure AD sign-in logs to see why access is denied. Make sure that the registered authentication methods align with the policy needs, and that their device is compliant and accessed from a trusted location. Also, look out for potential device issues or expired tokens that might require the user to sign in again.
Related Questions
Cloudflare Origin SSL Certificate Setup Guide
How To Effectively Monetize A Site With Ads