TeamsFixer
de en
AADSTS53003 Severity: High

Access blocked by Conditional Access

A Conditional Access policy explicitly denies sign-in. Unlike 0xCAA20004, this rule states the exact block reason.

Last verified:

Affected systems

windows macos ios android web

Symptoms

  • AADSTS53003 after sign-in attempt
  • Message 'Access has been blocked by Conditional Access policies'
  • Often on personal or unknown devices

Possible causes

  • Location outside allowed regions
  • Device not compliant or not managed
  • App not allowed on mobile/desktop
  • Sign-in risk too high (risk-based access)

Solutions

1.Capture the correlation ID

  1. The error page shows a 'Correlation ID'.

  2. Note the ID and the timestamp of the attempt.

  3. Send both to IT so they can trace the block in the sign-in logs.

2.Try on a compliant device

  1. If you have a company laptop, try there.

  2. If that works, it is definitely a device rule.

3.Toggle VPN

  1. Some tenants explicitly require corporate VPN.

  2. Others block VPN subnets with unknown geo-IP.

  3. Try both and tell IT which one worked.

AADSTS53003 is deliberate - IT does not want to allow this access. Do not try to bypass the rule. Instead, explain to IT why you need access.

Related symptoms