Troubleshooting Conditional Access Policy enforcement on Microsoft 365 Connection Account

Summary: This article contains step-by-step instructions on troubleshooting Conditional Access Policy (CAP) enforcement on the Microsoft 365 connection account.

Applies to: Cayosoft Administrator 10.x or later

Check if CAPs affect the Microsoft 365 connection account

1. Sign in to the Microsoft Entra admin center as a user with a Global Administrator role assigned.

2. Browse for Identity > Users > All users.

3. Search for the Microsoft 365 connection account used in Cayosoft Administrator.

4. Open its properties and click Sign-in logs.

5. Consider the date and time and the status of the sign-in event (the status should be Failure) select the sign-in event and click on it to open Activity Details.

6. In the Activity Details, click the Conditional Access tab.

7. You will get the list of CAPs and see if they affect the selected account: if they were applied or not applied.

Check if the Microsoft 365 connection account is included in Risky activities

1. Sign in to the Microsoft Entra admin center as a user with a Global Administrator role assigned.

2. Browse for Protection > Risky activities.

3. Check if the account is included in the Risky users or Risky sign-ins.

4. If the account is in the Risky users list you can click Dismiss user(s) risk.

How to download sign-in logs

1. Sign in to the Microsoft Entra admin center as a user with a Global Administrator role assigned.

2. Browse for Identity > Users > All users.

3. Search for the Microsoft 365 connection account used in Cayosoft Administrator.

4. Open its properties and click Sign-in logs.

5. Click the Download tab and select Download JSON.

6. Perform download for each type of sign-in log.