Conditional Access policy is blocking a user from signing in
A security policy (Conditional Access) is blocking the sign-in because something doesn't match what the policy requires. It is your device, location, or sign-in method. Have the user try signing in from a different device first, or using a different network, to see if that works. If it does, the policy has a rule that's being triggered.
Conditional Access is a security system that checks whether a sign-in is allowed based on rules. It looks at things like what device is being used, where the person is signing in from, and whether your device has the right security settings. If something doesn't match the rules, the sign-in gets blocked to protect company data. Sometimes the policy is too strict, or the user's device isn't compliant with the requirements.
Fix-IT-Bot will walk you through each step — just tap, no typing needed.
Skip — I just want a technicianCommon mistakes to avoid
- Assuming the policy is broken and asking IT to turn it off completely. The policy exists for security. Better to create a safe exception for that user.
- Not noting down the exact error message. IT needs it to know which specific policy rule is triggering
- Trying to sign in over and over from the same blocked device without fixing the underlying issue
Signs you need professional help
- The user has enrolled their device, updated Windows/macOS, and set up MFA, but they're still blocked The error message specifically mentions location or an exception is needed Multiple users in the office are getting blocked by the same policy
Book a technician
We can fix most issues remotely in 15 minutes. Weekend appointments — book your slot and we handle the rest.
Was this guide helpful?
Can't fix it yourself?
Most issues are resolved remotely in 15 minutes. Weekend appointments only — no parts, no in-home visit needed.