Azure Automation - Connect-AzureAD blocked by Conditional Access

GonWild 426 Reputation points
2020-08-27T07:01:56.783+00:00

Hello,
My powershell script in our Azure Automation account breaks at the very first line;

Connect-AzureAd : One or more errors occurred.: AADSTS53003: Access has been blocked by Conditional Access policies.
The access policy does not allow token issuance.

I'm successfully running scripts here that connect to Sharepoint, but connecting to Exchange and AAD fails with the error above.
I investigated the sign-in logs and found nothing of this. Code used to connect is:

$Credentials = Get-AutomationPSCredential -Name 'AzureAutomationUser'
Connect-AzureAd -Credential $Credentials

What to tweak in conditional access to make this work?

Azure Automation
Azure Automation
An Azure service that is used to automate, configure, and install updates across hybrid environments.
1,177 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,374 questions
Accepted answer
  1. GonWild 426 Reputation points
    2020-09-15T13:38:24.913+00:00

    I took a guess and added the user used in the script as excluded from our CA policy that blocks access from external IP addresses.
    That made the automation script able to connect.

    0 comments

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Jon Alfred Smith 541 Reputation points
    2020-08-27T19:48:08.62+00:00

    Never seen that error. Perhaps the error is due to older PowerShell modules that don't support MFA. For instance do you use Exchange Online PowerShell V2?
    https://video2.skills-academy.com/en-us/powershell/exchange/exchange-online-powershell-v2?view=exchange-ps

    If that works, the sam might apply to your module AzureAD
    https://www.varonis.com/blog/connect-to-office-365-powershell/