![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(96, 92%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJM%3C/text%3E%3C/svg%3E)
Azure Role-based access control
An Azure service that provides fine-grained access management for Azure resources, enabling you to grant users only the rights they need to perform their jobs.
@James Murphy I hope you are doing well,
You are a guest User in another tenant.
- The admin you're working with does not have the right Azure AD role to view or modify Conditional Access policies.
- They might be a Global Reader, User Administrator, or a role with no Conditional Access permissions.
- Error 53003 is triggered when:
- The policy blocks your device (e.g., because it’s Unregistered, as your log shows).
- The policy blocks non-compliant devices or untrusted locations.
- The policy requires MFA or hybrid join, and you don’t meet the requirement. In Azure AD, Conditional Access and Sign-in logs require specific roles:
Conditional Access policies → Need Security Administrator, Conditional Access Administrator, or Global Administrator.
Sign-in logs → Need Reports Reader, Security Reader, or Global Administrator.
If they don’t have one of these, the blades will be greyed out.
Please review and make sure the admin has required specific roles
😊 If my answer helped you resolve your issue, please consider marking it as the correct answer. This helps others in the community find solutions more easily. Thanks!