I took a guess and added the user used in the script as excluded from our CA policy that blocks access from external IP addresses.
That made the automation script able to connect.
Azure Automation - Connect-AzureAD blocked by Conditional Access
Hello,
My powershell script in our Azure Automation account breaks at the very first line;
Connect-AzureAd : One or more errors occurred.: AADSTS53003: Access has been blocked by Conditional Access policies.
The access policy does not allow token issuance.
I'm successfully running scripts here that connect to Sharepoint, but connecting to Exchange and AAD fails with the error above.
I investigated the sign-in logs and found nothing of this. Code used to connect is:
$Credentials = Get-AutomationPSCredential -Name 'AzureAutomationUser'
Connect-AzureAd -Credential $Credentials
What to tweak in conditional access to make this work?
-
GonWild 426 Reputation points
2020-09-15T13:38:24.913+00:00
1 additional answer
Sort by: Most helpful
-
Jon Alfred Smith 541 Reputation points
2020-08-27T19:48:08.62+00:00 Never seen that error. Perhaps the error is due to older PowerShell modules that don't support MFA. For instance do you use Exchange Online PowerShell V2?
https://video2.skills-academy.com/en-us/powershell/exchange/exchange-online-powershell-v2?view=exchange-psIf that works, the sam might apply to your module AzureAD
https://www.varonis.com/blog/connect-to-office-365-powershell/