Error: AADSTS530034 / AADSTS530032 – Delegated administrator or user blocked due to risk
This error occurs when Microsoft flags the delegated admin account as a risky user, or when security defaults block access unexpectedly.
Cause: Risky user detection in your own partner tenant or default security settings in the customer tenant may block delegated access based on conditional access policies.
Resolution
Step 1 – Check for Risky User in Your Tenant
- Go to your own tenant’s Microsoft Entra ID (Azure AD)
- Navigate to Security → Risky users
- If your delegated admin account is listed:
- Select the account → click Dismiss user risk
- Note: changes can take up to 24 hours to propagate across Microsoft systems
Step 2 – Check for Security Defaults in the Customer Tenant
- Go to the customer’s Microsoft Entra ID portal
- Navigate to Properties → Manage security defaults
- Turn off security defaults if not intentionally used
For tighter control, replace security defaults with targeted Conditional Access Policies.
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article