This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(294.40000000000003, 21%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMC%3C/text%3E%3C/svg%3E)
Trying to implement conditional access policy to only allow high risk targets, like executives, to access from a TrustedDevice, otherwise 'block' access. However, finding that when they are on a Entra Joined Windows Laptop device, they are getting Error Code: 53003, DeviceState shows as unregistered, the device is compliant and healthy in Intune. dsregcmd /status shows everything is good, AzureAdjoined AzurePrt yes etc.
Intention is if the users are coming from a Entra Hybrid joined, Entra Joined, Entra registered Device, or a Corporate owned cellphone device, they're allowed access to 'All Cloud apps'.
I'm using this filter to exclude devices from being blocked if they are coming from a trusted device and have access to all cloud apps with expression filter - (device.trustType -eq "AzureAD" -or device.trustType -eq "ServerAD" -or device.trustType -eq "Workplace" -or device.deviceOwnership -eq "Company" -or device.isCompliant -eq True)
“Trying to implement conditional access policy to only allow high risk targets, like executives, to access from a TrustedDevice, otherwise 'block' access” - What are the requirements for a trusted device here?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(188.79999999999998, 26%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EN%3C/text%3E%3C/svg%3E)
Just checking in to see if the below answer helped. If this answers your query, please don’t forget to click "Accept the answer" and "Up-Vote" for the same, which might be beneficial to other community members reading this thread.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(188.79999999999998, 35%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EZM%3C/text%3E%3C/svg%3E)
@Manish Chaudhary,Thanks for posting in Q&A.
For the Conditional access error 53003, it means BlockedByConditionalAccess. Please check the user Sign-in logs which locate in Intune admin center > Devices > Conditional access > Sign-in logs and see which setting is blocked.
Here is a link about how to troubleshoot Conditional Access Policy problem:
Troubleshooting sign-in problems with Conditional Access - Microsoft Entra | Microsoft Learn
I notice the device is compliant in Intune. Please also check which compliant status of the affected device In Azure AD.
Moreover, to achieve your goal, we can create a new filter for devices including Entra Hybrid joined, Entra Joined, Entra registered Device and corporate owned devices, then create a new Conditional Access policy to block all Cloud apps and add filters to exclude the above devices.
Please try above information, if there is any unclear, feel free to let me know.
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
@Manish Chaudhary, Hope things going well.
May I know the status from your side? If there is any update, feel free to contact us.
@Manish Chaudhary, Hope you have a nice day.
I am kindly following up to see if you have any remaining questions or concerns for this issue.