Cannot access azure resources from an (Ubuntu) GitHub codespace

[nick-thinks]

Describe the bug

I am trying to access some resources stored on Azure from a GitHub codespace (Ubuntu VM). I have verified that on my Mac, I can successfully:

1. install the latest version of Azure CLI
2. log in with my @microsoft email using a passkey. I verified that the tenant and subscription look fine.
3. run the command to download the resource from azure blob storage.

However, on a GitHub codespace, I can successfully run steps 1 and 2 but NOT 3. I receive an error:

AADSTS53003: Access has been blocked by Conditional Access policies. The access policy does not allow token issuance. Trace ID: 05d6f845-c842-4b3a-a37c-a34fb9d2a700 Correlation ID: 6c149bd7-5f64-4ba3-81a1-a6ebd2c326c4 Timestamp: 2025-06-24 12:10:08Z
Interactive authentication is needed. Please run:
az login --scope https://storage.azure.com/.default

I have tried to run the suggested command, but the webflow results in another error:

"You don't have access to this
Your sign-in was successful but does not meet the criteria to access this resource. For example, you might be signing in from a browser, app, location, or an authentication flow that is restricted by your admin."
Error Code: 53003
Request Id: c6ca71aa-19a8-407b-a1f5-198187739400
Correlation Id: be7e3b7f-2eee-4343-9c9d-a1205bd986a9
Timestamp: 2025-06-24T12:15:53.455Z
App name: Microsoft Azure CLI
App id: 04b07795-8ddb-461a-bbee-02f9e1bf7b46
IP address: 4.155.74.48
Device identifier: 4ac895f5-b863-47ef-b70b-8d095ff1c92c
Device platform: macOS
Device state: Compliant

Importantly, I also have several teammates which are able to successfully run steps 1, 2, and 3 above inside of a codespace. I do not know why my access specifically is being blocked.

This Azure forum help page suggests I should look at the sign-in logs on my azure portal to identify which conditional policy was not met for this login attempt. However, when I try to access this page in my Azure portal, I am blocked. I receive this error on a blank page:

"You don't have access
Copy the error details and send them to your administrator(s) to get access to this page.
Error details
Session ID
852f5762781644cf85b76ead9305256e
Resource group name
Subscription ID
Resource ID
Error code
401
Details
You don't have access to this data. Please contact your global administrator to get access."

Related command

az login
az storage blob download

Errors

AADSTS53003: Access has been blocked by Conditional Access policies. The access policy does not allow token issuance. Trace ID: 05d6f845-c842-4b3a-a37c-a34fb9d2a700 Correlation ID: 6c149bd7-5f64-4ba3-81a1-a6ebd2c326c4 Timestamp: 2025-06-24 12:10:08Z
Interactive authentication is needed. Please run:
az login --scope https://storage.azure.com/.default

Issue script & Debug output

@nick-thinks ➜ /workspaces/blackbird (main) $ az storage blob download --file index_unified.tar.gz --name unified_swe_bench_index.tar.gz --container-name blackbird --account-name padawanblackbird --auth-mode login --debug
cli.knack.cli: Command arguments: ['storage', 'blob', 'download', '--file', 'index_unified.tar.gz', '--name', 'unified_swe_bench_index.tar.gz', '--container-name', 'blackbird', '--account-name', 'padawanblackbird', '--auth-mode', 'login', '--debug']
cli.knack.cli: __init__ debug log:
Enable color in terminal.
cli.knack.cli: Event: Cli.PreExecute []
cli.knack.cli: Event: CommandParser.OnGlobalArgumentsCreate [<function CLILogging.on_global_arguments at 0x7ec2a0b0b7e0>, <function OutputProducer.on_global_arguments at 0x7ec2a085a7a0>, <function CLIQuery.on_global_arguments at 0x7ec2a089fce0>]
cli.knack.cli: Event: CommandInvoker.OnPreCommandTableCreate []
cli.azure.cli.core: Modules found from index for 'storage': ['azure.cli.command_modules.storage']
cli.azure.cli.core: Loading command modules:
cli.azure.cli.core: Name                  Load Time    Groups  Commands
cli.azure.cli.core: storage                   0.153        60       275
cli.azure.cli.core: Total (1)                 0.153        60       275
cli.azure.cli.core: Loaded 60 groups, 275 commands.
cli.azure.cli.core: Found a match in the command table.
cli.azure.cli.core: Raw command  : storage blob download
cli.azure.cli.core: Command table: storage blob download
cli.knack.cli: Event: CommandInvoker.OnPreCommandTableTruncate [<function AzCliLogging.init_command_file_logging at 0x7ec29fc44360>]
cli.azure.cli.core.azlogging: metadata file logging enabled - writing logs to '/home/vscode/.azure/commands/2025-06-24.12-27-07.storage_blob_download.16774.log'.
az_command_data_logger: command args: storage blob download --file {} --name {} --container-name {} --account-name {} --auth-mode {} --debug
cli.knack.cli: Event: CommandInvoker.OnPreArgumentLoad [<function register_global_subscription_argument.<locals>.add_subscription_parameter at 0x7ec29fca0860>]
cli.azure.cli.core.profiles._shared: Traceback (most recent call last):
  File "/opt/az/lib/python3.12/site-packages/azure/cli/core/profiles/_shared.py", line 658, in _get_attr
    op = getattr(op, part)
         ^^^^^^^^^^^^^^^^^
AttributeError: module 'azure.mgmt.storage.v2024_01_01.models' has no attribute 'ActiveDirectoryPropertiesAccountType'

cli.azure.cli.core.profiles._shared: Traceback (most recent call last):
  File "/opt/az/lib/python3.12/site-packages/azure/cli/core/profiles/_shared.py", line 658, in _get_attr
    op = getattr(op, part)
         ^^^^^^^^^^^^^^^^^
AttributeError: module 'azure.mgmt.storage.v2024_01_01.models' has no attribute 'ListKeyExpand'

cli.azure.cli.core.profiles._shared: Traceback (most recent call last):
  File "/opt/az/lib/python3.12/site-packages/azure/cli/core/profiles/_shared.py", line 658, in _get_attr
    op = getattr(op, part)
         ^^^^^^^^^^^^^^^^^
AttributeError: module 'azure.mgmt.storage.v2024_01_01.models' has no attribute 'CorsRuleAllowedMethodsItem'

cli.knack.cli: Event: CommandInvoker.OnPostArgumentLoad []
cli.knack.cli: Event: CommandInvoker.OnPostCommandTableCreate [<function register_ids_argument.<locals>.add_ids_arguments at 0x7ec29fca3060>, <function register_cache_arguments.<locals>.add_cache_arguments at 0x7ec29fca31a0>, <function register_upcoming_breaking_change_info.<locals>.update_breaking_change_info at 0x7ec29fca3240>]
cli.knack.cli: Event: CommandInvoker.OnCommandTableLoaded []
cli.knack.cli: Event: CommandInvoker.OnPreParseArgs []
cli.knack.cli: Event: CommandInvoker.OnPostParseArgs [<function OutputProducer.handle_output_argument at 0x7ec2a085a840>, <function CLIQuery.handle_query_parameter at 0x7ec2a089fd80>, <function register_ids_argument.<locals>.parse_ids_arguments at 0x7ec29fca3100>]
cli.azure.cli.core.auth.persistence: build_persistence: location='/home/vscode/.azure/msal_token_cache.json', encrypt=False
cli.azure.cli.core.auth.binary_cache: load: /home/vscode/.azure/msal_http_cache.bin
urllib3.util.retry: Converted retries value: 1 -> Retry(total=1, connect=None, read=None, redirect=None, status=None)
msal.authority: Initializing with Entra authority: https://login.microsoftonline.com/72f988bf-86f1-41af-91ab-2d7cd011db47
msal.authority: openid_config("https://login.microsoftonline.com/72f988bf-86f1-41af-91ab-2d7cd011db47/v2.0/.well-known/openid-configuration") = {'token_endpoint': 'https://login.microsoftonline.com/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/v2.0/token', 'token_endpoint_auth_methods_supported': ['client_secret_post', 'private_key_jwt', 'client_secret_basic'], 'jwks_uri': 'https://login.microsoftonline.com/72f988bf-86f1-41af-91ab-2d7cd011db47/discovery/v2.0/keys', 'response_modes_supported': ['query', 'fragment', 'form_post'], 'subject_types_supported': ['pairwise'], 'id_token_signing_alg_values_supported': ['RS256'], 'response_types_supported': ['code', 'id_token', 'code id_token', 'id_token token'], 'scopes_supported': ['openid', 'profile', 'email', 'offline_access'], 'issuer': 'https://login.microsoftonline.com/72f988bf-86f1-41af-91ab-2d7cd011db47/v2.0', 'request_uri_parameter_supported': False, 'userinfo_endpoint': 'https://graph.microsoft.com/oidc/userinfo', 'authorization_endpoint': 'https://login.microsoftonline.com/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/v2.0/authorize', 'device_authorization_endpoint': 'https://login.microsoftonline.com/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/v2.0/devicecode', 'http_logout_supported': True, 'frontchannel_logout_supported': True, 'end_session_endpoint': 'https://login.microsoftonline.com/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/v2.0/logout', 'claims_supported': ['sub', 'iss', 'cloud_instance_name', 'cloud_instance_host_name', 'cloud_graph_host_name', 'msgraph_host', 'aud', 'exp', 'iat', 'auth_time', 'acr', 'nonce', 'preferred_username', 'name', 'tid', 'ver', 'at_hash', 'c_hash', 'email'], 'kerberos_endpoint': 'https://login.microsoftonline.com/72f988bf-86f1-41af-91ab-2d7cd011db47/kerberos', 'tenant_region_scope': 'WW', 'cloud_instance_name': 'microsoftonline.com', 'cloud_graph_host_name': 'graph.windows.net', 'msgraph_host': 'graph.microsoft.com', 'rbac_url': 'https://pas.windows.net'}
msal.application: Broker enabled? None
cli.azure.cli.core.auth.credential_adaptor: CredentialAdaptor.get_token_info: scopes=('https://storage.azure.com/.default',), options={}
cli.azure.cli.core.auth.msal_credentials: UserCredential.acquire_token: scopes=['https://storage.azure.com/.default'], claims_challenge=None, kwargs={}
msal.application: Found 1 RTs matching {'environment': 'login.microsoftonline.com', 'home_account_id': '********.72f988bf-86f1-41af-91ab-2d7cd011db47', 'family_id': '1'}
msal.telemetry: Generate or reuse correlation_id: ca7c4f69-dacb-4a96-ad27-35c260a12a81
msal.application: Cache attempts an RT
cli.azure.cli.core.auth.binary_cache: save: /home/vscode/.azure/msal_http_cache.bin
cli.azure.cli.core.auth.binary_cache: save: /home/vscode/.azure/msal_http_cache.bin
urllib3.connectionpool: Starting new HTTPS connection (1): login.microsoftonline.com:443
urllib3.connectionpool: https://login.microsoftonline.com:443 "POST /72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/v2.0/token HTTP/1.1" 400 551
cli.azure.cli.core.auth.binary_cache: save: /home/vscode/.azure/msal_http_cache.bin
cli.azure.cli.core.auth.binary_cache: save: /home/vscode/.azure/msal_http_cache.bin
msal.application: Refresh failed. invalid_grant: AADSTS53003: Access has been blocked by Conditional Access policies. The access policy does not allow token issuance. Trace ID: 6c216063-8eb4-4488-9e8f-276aac288d00 Correlation ID: ca7c4f69-dacb-4a96-ad27-35c260a12a81 Timestamp: 2025-06-24 12:27:08Z
msal.application: Found 1 RTs matching {'environment': 'login.microsoftonline.com', 'home_account_id': '********.72f988bf-86f1-41af-91ab-2d7cd011db47', 'client_id': '04b07795-8ddb-461a-bbee-02f9e1bf7b46'}
msal.telemetry: Generate or reuse correlation_id: ca7c4f69-dacb-4a96-ad27-35c260a12a81
msal.application: Cache attempts an RT
msal.application: Refresh failed. invalid_grant: AADSTS53003: Access has been blocked by Conditional Access policies. The access policy does not allow token issuance. Trace ID: 6c216063-8eb4-4488-9e8f-276aac288d00 Correlation ID: ca7c4f69-dacb-4a96-ad27-35c260a12a81 Timestamp: 2025-06-24 12:27:08Z
cli.azure.cli.core.azclierror: Traceback (most recent call last):
  File "/opt/az/lib/python3.12/site-packages/knack/cli.py", line 233, in invoke
    cmd_result = self.invocation.execute(args)
                 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/az/lib/python3.12/site-packages/azure/cli/core/commands/__init__.py", line 666, in execute
    raise ex
  File "/opt/az/lib/python3.12/site-packages/azure/cli/core/commands/__init__.py", line 734, in _run_jobs_serially
    results.append(self._run_job(expanded_arg, cmd_copy))
                   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/az/lib/python3.12/site-packages/azure/cli/core/commands/__init__.py", line 726, in _run_job
    return cmd_copy.exception_handler(ex)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/az/lib/python3.12/site-packages/azure/cli/command_modules/storage/__init__.py", line 430, in new_handler
    first(ex)
  File "/opt/az/lib/python3.12/site-packages/azure/cli/command_modules/storage/__init__.py", line 430, in new_handler
    first(ex)
  File "/opt/az/lib/python3.12/site-packages/azure/cli/command_modules/storage/_exception_handler.py", line 17, in file_related_exception_handler
    raise ex
  File "/opt/az/lib/python3.12/site-packages/azure/cli/core/commands/__init__.py", line 703, in _run_job
    result = cmd_copy(params)
             ^^^^^^^^^^^^^^^^
  File "/opt/az/lib/python3.12/site-packages/azure/cli/core/commands/__init__.py", line 336, in __call__
    return self.handler(*args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/az/lib/python3.12/site-packages/azure/cli/core/commands/command_operation.py", line 120, in handler
    return op(**command_args)
           ^^^^^^^^^^^^^^^^^^
  File "/opt/az/lib/python3.12/site-packages/azure/cli/command_modules/storage/operations/blob.py", line 691, in download_blob
    download_stream = client.download_blob(offset=offset, length=length, **kwargs)
                      ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/az/lib/python3.12/site-packages/azure/core/tracing/decorator.py", line 94, in wrapper_use_tracer
    return func(*args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^
  File "/opt/az/lib/python3.12/site-packages/azure/multiapi/storagev2/blob/v2022_11_02/_blob_client.py", line 914, in download_blob
    return StorageStreamDownloader(**options)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/az/lib/python3.12/site-packages/azure/multiapi/storagev2/blob/v2022_11_02/_download.py", line 366, in __init__
    self._response = self._initial_request()
                     ^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/az/lib/python3.12/site-packages/azure/multiapi/storagev2/blob/v2022_11_02/_download.py", line 418, in _initial_request
    location_mode, response = self._clients.blob.download(
                              ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/az/lib/python3.12/site-packages/azure/core/tracing/decorator.py", line 94, in wrapper_use_tracer
    return func(*args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^
  File "/opt/az/lib/python3.12/site-packages/azure/multiapi/storagev2/blob/v2022_11_02/_generated/operations/_blob_operations.py", line 1592, in download
    pipeline_response = self._client._pipeline.run(  # type: ignore # pylint: disable=protected-access
                        ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/az/lib/python3.12/site-packages/azure/core/pipeline/_base.py", line 229, in run
    return first_node.send(pipeline_request)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/az/lib/python3.12/site-packages/azure/core/pipeline/_base.py", line 86, in send
    response = self.next.send(request)
               ^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/az/lib/python3.12/site-packages/azure/core/pipeline/_base.py", line 86, in send
    response = self.next.send(request)
               ^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/az/lib/python3.12/site-packages/azure/core/pipeline/_base.py", line 86, in send
    response = self.next.send(request)
               ^^^^^^^^^^^^^^^^^^^^^^^
  [Previous line repeated 2 more times]
  File "/opt/az/lib/python3.12/site-packages/azure/core/pipeline/policies/_redirect.py", line 197, in send
    response = self.next.send(request)
               ^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/az/lib/python3.12/site-packages/azure/core/pipeline/_base.py", line 86, in send
    response = self.next.send(request)
               ^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/az/lib/python3.12/site-packages/azure/multiapi/storagev2/blob/v2022_11_02/_shared/policies.py", line 520, in send
    response = self.next.send(request)
               ^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/az/lib/python3.12/site-packages/azure/core/pipeline/_base.py", line 86, in send
    response = self.next.send(request)
               ^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/az/lib/python3.12/site-packages/azure/core/pipeline/_base.py", line 86, in send
    response = self.next.send(request)
               ^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/az/lib/python3.12/site-packages/azure/core/pipeline/policies/_authentication.py", line 145, in send
    self.on_request(request)
  File "/opt/az/lib/python3.12/site-packages/azure/core/pipeline/policies/_authentication.py", line 120, in on_request
    self._request_token(*self._scopes)
  File "/opt/az/lib/python3.12/site-packages/azure/core/pipeline/policies/_authentication.py", line 94, in _request_token
    self._token = cast(SupportsTokenInfo, self._credential).get_token_info(*scopes, options=options)
                  ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/az/lib/python3.12/site-packages/azure/cli/core/auth/credential_adaptor.py", line 43, in get_token_info
    msal_result = self._credential.acquire_token(list(scopes), **msal_kwargs)
                  ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/az/lib/python3.12/site-packages/azure/cli/core/auth/msal_credentials.py", line 62, in acquire_token
    check_result(result, scopes=scopes, claims_challenge=claims_challenge)
  File "/opt/az/lib/python3.12/site-packages/azure/cli/core/auth/util.py", line 128, in check_result
    aad_error_handler(result, **kwargs)
  File "/opt/az/lib/python3.12/site-packages/azure/cli/core/auth/util.py", line 53, in aad_error_handler
    raise AuthenticationError(error_description, msal_error=error, recommendation=recommendation)
azure.cli.core.azclierror.AuthenticationError: AADSTS53003: Access has been blocked by Conditional Access policies. The access policy does not allow token issuance. Trace ID: 6c216063-8eb4-4488-9e8f-276aac288d00 Correlation ID: ca7c4f69-dacb-4a96-ad27-35c260a12a81 Timestamp: 2025-06-24 12:27:08Z

cli.azure.cli.core.azclierror: AADSTS53003: Access has been blocked by Conditional Access policies. The access policy does not allow token issuance. Trace ID: 6c216063-8eb4-4488-9e8f-276aac288d00 Correlation ID: ca7c4f69-dacb-4a96-ad27-35c260a12a81 Timestamp: 2025-06-24 12:27:08Z
az_command_data_logger: AADSTS53003: Access has been blocked by Conditional Access policies. The access policy does not allow token issuance. Trace ID: 6c216063-8eb4-4488-9e8f-276aac288d00 Correlation ID: ca7c4f69-dacb-4a96-ad27-35c260a12a81 Timestamp: 2025-06-24 12:27:08Z
Interactive authentication is needed. Please run:
az login --scope https://storage.azure.com/.default
cli.knack.cli: Event: Cli.PostExecute [<function AzCliLogging.deinit_cmd_metadata_logging at 0x7ec29fc445e0>]
az_command_data_logger: exit code: 1
cli.__main__: Command ran in 1.210 seconds (init: 0.119, invoke: 1.091)
telemetry.main: Begin splitting cli events and extra events, total events: 1
telemetry.client: Accumulated 0 events. Flush the clients.
telemetry.main: Finish splitting cli events and extra events, cli events: 1
telemetry.save: Save telemetry record of length 4228 in cache file under /home/vscode/.azure/telemetry/20250624122708855
telemetry.main: Begin creating telemetry upload process.
telemetry.process: Creating upload process: "/opt/az/bin/python3 /opt/az/lib/python3.12/site-packages/azure/cli/telemetry/__init__.py /home/vscode/.azure /home/vscode/.azure/telemetry/20250624122708855"
telemetry.process: Return from creating process 16815
telemetry.main: Finish creating telemetry upload process.

Expected behavior

Successful download of the files

Environment Summary

@nick-thinks ➜ /workspaces/blackbird (main) $ az --version
azure-cli                         2.72.0 *

core                              2.72.0 *
telemetry                          1.1.0

Dependencies:
msal                              1.32.3
azure-mgmt-resource               23.1.1

Python location '/opt/az/bin/python3'
Config directory '/home/vscode/.azure'
Extensions directory '/home/vscode/.azure/cliextensions'

Python (Linux) 3.12.8 (main, Apr 28 2025, 09:24:09) [GCC 9.4.0]

Legal docs and information: aka.ms/AzureCliLegal


You have 2 update(s) available. Consider updating your CLI installation with 'az upgrade'
@nick-thinks ➜ /workspaces/blackbird (main) $ az upgrade
This command is in preview and under development. Reference and support levels: https://aka.ms/CLI_refstatus
Your current Azure CLI version is 2.72.0. Latest version available is 2.74.0.
Please check the release notes first: https://learn.microsoft.com/cli/azure/release-notes-azure-cli
Do you want to continue? (Y/n): Y
Hit:1 https://packages.microsoft.com/repos/azure-cli focal InRelease
Hit:2 https://dl.yarnpkg.com/debian stable InRelease
Hit:3 https://apt.releases.hashicorp.com focal InRelease                          
Get:4 https://packages.microsoft.com/repos/microsoft-ubuntu-focal-prod focal InRelease [3,632 B]
Hit:5 http://archive.ubuntu.com/ubuntu focal InRelease                                                                                    
Hit:6 http://security.ubuntu.com/ubuntu focal-security InRelease
Get:7 http://archive.ubuntu.com/ubuntu focal-updates InRelease [128 kB]
Hit:8 http://archive.ubuntu.com/ubuntu focal-backports InRelease
Fetched 131 kB in 1s (159 kB/s)
Reading package lists... Done
Reading package lists... Done
Building dependency tree       
Reading state information... Done
azure-cli is already the newest version (2.72.0-1~focal).
0 upgraded, 0 newly installed, 0 to remove and 29 not upgraded.
CLI upgrade failed or aborted.
@nick-thinks ➜ /workspaces/blackbird (main) $ 

Additional context

No response

[azure-client-tools-bot-prd]

Hi @nick-thinks,

2.72.0 is not the latest Azure CLI(2.74.0).

If you haven't already attempted to do so, please upgrade to the latest Azure CLI version by following https://learn.microsoft.com/en-us/cli/azure/update-azure-cli.

[yonzhan]

Thank you for opening this issue, we will look into it.

[github-actions]

Here are some similar issues that might help you. Please check if they can solve your problem.

• keyvault secret show fail with "Access has been blocked by Conditional Access policies" on ubuntu WSL #31700

Powered by issue-sentinel