CloudBlue knowledgebase (KB) http://www.fishighalat.com/ CloudBlue knowledgebase (KB) en Copyright 2018 CloudBlue Wed, 10 Sep 2008 00:00:00 +0600 Wed, 10 Sep 2008 00:00:00 +0600 <![CDATA[Office 365: "Blocked by conditional access"]]> http://www.fishighalat.com/en/133813 Symptoms

In attempt to retrieve Office 365 GRAPH API token for synchronization or readCSPAccounts.py script the following error appears:

Error: AADSTS53003: Blocked by conditional access.

Cause

Conditional Access feature is enabled for the end customer account in Azure Active Directory. Request #APSA-21007 for documentation improvment was submitted to our Developers.

Resolution

  1. In order to resolve the issue, it is required to exclude users with Global Administrator role from the existing blocking rules:

    Conditional access in Azure Active Directory can be managed by the following way:

    Conditional Access - Policies > Policy1 > Users and Groups > Directory roles tick > Exclude or do not include "Global Administrator" role.
    

    Additional information regarding conditional access can be found by link .

    There is a feature request #APSA-20120 "Improve subscriptions management with revoked DAP" which is aimed to give customized access to customers with advanced security policies.

  2. In case of restriction policy for location is configured, it is required to generate token for the instance from the location where vendor's customers are placed. In other words, refresh token bound to location where it was generated.

Please use the aforementioned IDs to follow up status of the request with your Technical Account Manager

]]>
46806 LastUpdated: 2019-04-18 10:56:35 07 Mar 2019 04:51:26 GMT
网赌被黑不给出款怎么办