Low severityauthentication
Power BI Error:
AADSTS53010
What does this error mean?
User cannot register or update MFA methods because Conditional Access requires registration from a trusted location or compliant device.
Common causes
- 1A Conditional Access policy targeting the 'Register security information' user action requires a trusted/named location, and the user is signing in from outside it
- 2The policy requires a compliant or Hybrid Azure AD/Entra joined device, and the current device is unmanaged or non-compliant
- 3The user has no existing MFA method registered and is being forced through proof-up while not meeting the location/device grant controls
- 4Authentication Context (ACR) requirements on the security-info registration flow are not satisfied by the current session
- 5The user is attempting MFA registration via a third-party identity broker or VPN that masks the trusted IP range
How to fix it
- 1Connect from a trusted location: move to the corporate network, an approved VPN exit IP, or an office Wi-Fi listed under Entra ID > Security > Named locations, then retry security info registration at aka.ms/mysecurityinfo
- 2Use a compliant or Hybrid-joined device: sign in from a corporate-managed laptop that meets Intune compliance, instead of a personal/BYOD device
- 3Ask an administrator to issue a Temporary Access Pass (Entra admin center > Users > Authentication methods > Temporary Access Pass) so you can complete MFA registration without satisfying the location/device control
- 4Have the Conditional Access admin review the policy under Entra ID > Protection > Conditional Access targeting the 'Register security information' user action — temporarily exclude the user, or relax the grant control if business policy allows
- 5If migrating from per-user MFA to Conditional Access, verify the user is in scope of the converged registration policy and not blocked by a stale legacy MFA registration policy