Conditional access policies can block partner accounts and apps from accessing the customer tenant. If you have a restrictive conditional access policy on a customer tenant, you need to ensure you have excluded the service providers or the service principal.
You can read about Microsofts recommendations for CA policies and GDAP here: GDAP frequently asked questions - Partner Center | Microsoft Learn
Recommendations
Your Partner Tenant
- Have a conditional access policy that applies to the service account you are using for Sync 365.
- Enforce multi factor authentication
- DO NOT have any trusted locations (The Microsoft Partner Center will block connections where MFA has not been used)
Customer Tenants
Exclude service provider users from ALL conditional access policies
- Log into conditional access policies in the customer tenant
- For each policy add an exclusion to "Users and Groups"
- Select: Guest or external users > Service provider users > Enter your partner tenant ID.
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article