Policy: [APIONLY] All Apps - All Guests - Block App Access to Guests without AdminConsent.

Question

Policy: [APIONLY] All Apps - All Guests - Block App Access to Guests without AdminConsent.

Ivan Zhao 0 Microsoft External Staff

We received a 53003 error code when ******@jeffreym.com tried to log in to https://cmmoments.azurewebsites.net.

Conditional Access Policy details

Policy: [APIONLY] All Apps - All Guests - Block App Access to Guests without AdminConsent

Raja Pothuraju 29,330 Reputation points Microsoft External Staff Moderator

2025-08-11T20:07:22.5766667+00:00

Hello Ivan Zhao,

The error 53003 occurs when a login attempt is blocked by a Conditional Access policy. I recommend checking the Microsoft Entra sign-in logs to identify which tenant’s Conditional Access policy is blocking access to the resource.

When a user encounters a 53003 error while signing into an application, ask them to provide the Correlation ID shown under the error message after clicking "More Info." Then, go to your Entra sign-in logs, filter by the provided Correlation ID, and review the entry. If the log appears in your tenant, it means that a Conditional Access policy in your tenant is being applied to the sign-in and access is being blocked because the user does not meet the required conditions of the policy.

In this case, it appears that the Azure website the user is trying to access is hosted in the Microsoft tenant. As a result, the Microsoft tenant’s Conditional Access policy is being applied. This policy likely requires the sign-in to originate from a trusted location and trusted device to meet compliance requirements.

Please review the applied Conditional Access policy and adjust it accordingly.

I have sent a message over team's as well. Please check and let me know if you need any additional details on this.

1 answer

Your answer

Raja Pothuraju 29,330 Reputation points Microsoft External Staff Moderator

2025-08-11T20:07:22.5766667+00:00

Hello Ivan Zhao,

The error 53003 occurs when a login attempt is blocked by a Conditional Access policy. I recommend checking the Microsoft Entra sign-in logs to identify which tenant’s Conditional Access policy is blocking access to the resource.

When a user encounters a 53003 error while signing into an application, ask them to provide the Correlation ID shown under the error message after clicking "More Info." Then, go to your Entra sign-in logs, filter by the provided Correlation ID, and review the entry. If the log appears in your tenant, it means that a Conditional Access policy in your tenant is being applied to the sign-in and access is being blocked because the user does not meet the required conditions of the policy.

In this case, it appears that the Azure website the user is trying to access is hosted in the Microsoft tenant. As a result, the Microsoft tenant’s Conditional Access policy is being applied. This policy likely requires the sign-in to originate from a trusted location and trusted device to meet compliance requirements.

Please review the applied Conditional Access policy and adjust it accordingly.

I have sent a message over team's as well. Please check and let me know if you need any additional details on this.

Answer 1

Thanks for posting your question in the Microsoft Q&A forum.

Error 53003 means Azure Conditional Access blocked the user because they didn’t meet the policy rules—in this case, a policy blocking all guest users from app access unless an admin has given explicit consent. The login itself worked, but no access token was issued. To fix it, an Azure AD admin needs to grant the guest user admin consent or change the policy settings.

Please don't forget to close up the thread here by upvoting and accept it as an answer if it is helpful

Share via

Policy: [APIONLY] All Apps - All Guests - Block App Access to Guests without AdminConsent.

1 answer

Your answer