How can we help you?

A condition of IAM access has been violated (Microsoft specific)

This event means that one or more conditional access policy rules were applied to block an attempt to sign into the M365 account.   Either a Customer Admin or an MSP Admin would have created the conditional access policy which was triggered to generate this alert.  

Any sign in attempts that are blocked by conditional access can be reviewed using the Azure AD Sign in Logs

https://aad.portal.azure.com/#blade/Microsoft_AAD_IAM/ConditionalAccessBlade/signInlogs

If you need to review existing conditional access policies for the tenant you can find them within Azure AD Security here:

https://aad.portal.azure.com/#blade/Microsoft_AAD_IAM/ConditionalAccessBlade/Policies

Blocking an account can take up to 24 hours to take effect. If you need to immediately prevent a user's sign-in access, follow the steps above and reset their password.