Share via

Failed to acquire token

Neha Gautam (Accenture International Limited) 0 Reputation points Microsoft External Staff
2026-02-11T11:29:45.5933333+00:00

I am getting this error while consuming any azure service from the visual studio

MsalClaimsChallengeException: AADSTS53003: Access has been blocked by Conditional Access policies. The access policy does not allow token issuance. Trace ID: 143d49fc-ee8c-41fa-adaa-1d0091c02600 Correlation ID: c50fd126-<removed PII> Timestamp: 2026-02-11 10:58:53Z The returned error contains a claims challenge. For additional info on how to handle claims related to multifactor authentication, Conditional Access, and incremental consent, see https://aka.ms/msal-conditional-access-claims. If you are using the On-Behalf-Of flow, see https://aka.ms/msal-conditional-access-claims-obo for details.

Developer technologies | Visual Studio | Setup
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Adiba Khan 2,265 Reputation points Microsoft External Staff
    2026-02-12T07:01:24.6633333+00:00

    Thank you for sharing the detailed error information. This is not a Visual Studio defect but a policy enforcement from Microsoft Entra ID (Azure AD).

    Recommended Steps:

    1. Verify Conditional Access Requirements Please check with your Tenant Administrator to confirm:
      1. Whether MFA is required for the application.
      2. Whether compliant or hybrid Azure AD joined devices are required.
      3. Whether specific client app conditions (e.g., browser vs. modern authentication client) are enforced.
      4. Whether location based restrictions are applied. The trace ID and Correlation ID from your error can help the admin locate the exact policy blocking the request in Entra ID-> sign-in logs.
    2. Re-authenticate in Visual Studio Sometimes this occurs due to stale tokens.
      1. Sign out from Visual Studio File -> Account Settings -> sign out
      2. Close Visual Studio completely
      3. Reopen and sign in again
      4. Ensure MFA is completed if prompted
    3. Clear Local Token Cache (if issue persists) Close Visual Studio and delete the following folder: 
         %LOCALAPPDATA%\.IdentityService
      Then reopen Visual Studio and sign in again.
    4. Device Compliance Check If your organization enforces device compliance:
      1. Ensure the device is Azure AD joined or Hybrid joined (if required)
      2. Confirm the device is marked Compliant in Intune (if MDM is used)
      You can check this under: Settings -> Accounts -> Access work or school

    Most common root cause:

    In enterprise environments (especially Accenture-managed tenants), this is typically due to:

    • A newly enforced Conditional Access Policy
    • MFA enforcement for developer tools
    • Non-compliant or unmanaged device

    Please let us know if you require any further assistance we’re happy to help. If you found this information useful, kindly mark this as "Accept Answer".

  2. Q&A Assist
    2026-02-11T11:29:56.82+00:00
    AI generated content. This question contains an answer created with AI from Q&A Assist. Learn more

    The error you're encountering, MsalClaimsChallengeException: AADSTS53003, indicates that access to the Azure service has been blocked by Conditional Access policies. This typically occurs when the policies require certain conditions to be met before allowing token issuance, such as Multi-Factor Authentication (MFA) or device compliance.

    To resolve this issue, you can follow these steps:

    1. Interactive Token Acquisition: Since the error indicates a claims challenge, you should interactively acquire a token using MSAL. This will prompt the user to satisfy the required Conditional Access policy. You can use methods like acquireTokenPopup or acquireTokenRedirect depending on your application type.
    2. Check Conditional Access Policies: Review the Conditional Access policies configured in your Azure Active Directory. Ensure that the policies are set up correctly and that the user meets the necessary requirements (e.g., using a compliant device).
    3. Claims Handling: If you are using the On-Behalf-Of flow, ensure that you are passing the required claims in your token request to satisfy the policy.

    For more details on handling claims challenges related to Conditional Access, you can refer to the documentation provided by Microsoft.

    References:

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.