You try to upload a file to OneDrive for Business using the web interface, but the upload fails or is blocked in one specific browser while it works fine in another. This problem typically occurs because your organization uses Conditional Access policies in Microsoft Entra ID that restrict access based on browser type, device compliance, or session state. This article explains why Conditional Access policies block web uploads in certain browsers and provides step-by-step fixes to resolve the issue.
Key Takeaways: Fixing OneDrive Web Upload Blocked by Conditional Access
- Microsoft Entra admin center > Conditional Access > Policies: Locate the policy that blocks the browser and adjust session controls or device filters.
- Browser sign-out and sign-in: Clearing cached tokens and reauthenticating often resolves stale session state that triggers policy blocks.
- Supported browser list: Use Microsoft Edge, Chrome with the Windows Accounts extension, or Firefox to avoid known browser compatibility gaps.
Why Conditional Access Policies Block Web Uploads in One Browser
Conditional Access policies evaluate every sign-in attempt based on signals such as user location, device compliance, application risk, and browser client type. When a policy targets a specific browser or requires a compliant device, uploads to OneDrive for Business via the web client can be blocked if the browser does not meet the policy requirements.
The root cause is often one of the following:
Browser-Based Session Controls
Conditional Access policies can enforce session controls like app protection policies or require a compliant device. These controls may not be supported by all browsers. For example, the Microsoft Entra Conditional Access policy that requires a compliant device works natively with Microsoft Edge but may require the Windows Accounts extension in Chrome. If the extension is missing or outdated, the browser is treated as non-compliant and uploads are blocked.
Incompatible Browser Client
Some browsers send user-agent strings that Conditional Access policies interpret as unsupported. For instance, older versions of Safari or third-party browsers like Opera or Brave may not pass the policy evaluation at all. The policy then denies the session, preventing file uploads.
Stale Authentication Tokens
When a Conditional Access policy is updated, existing browser sessions may hold expired or invalid tokens. If the browser does not refresh the token automatically, the policy evaluates the session as non-compliant and blocks uploads. This is common when the policy changes after the user has already signed in.
Steps to Fix OneDrive Web Upload Failing Due to Conditional Access
Method 1: Sign Out and Sign In Again in the Affected Browser
Clearing the session forces the browser to request a new token that complies with the current Conditional Access policies.
- Sign out of all Microsoft 365 services in the browser
Click your profile picture in the top-right corner of any Microsoft 365 app, then select Sign out. Do this for every open Microsoft 365 tab. - Clear browser cache and cookies
Open browser settings, navigate to Privacy and security, and choose Clear browsing data. Select Cookies and other site data and Cached images and files, then click Clear data. - Close and reopen the browser
Exit the browser completely, then launch it again. - Sign in to Microsoft 365 and test the upload
Go to portal.office.com, sign in with your work account, open OneDrive, and try uploading a file. If the upload succeeds, the problem was caused by stale tokens.
Method 2: Switch to a Supported Browser or Install Required Extensions
Microsoft Entra Conditional Access policies support specific browsers for full compliance. Use one of the following options.
- Use Microsoft Edge
Microsoft Edge has native support for Conditional Access device compliance checks. Open Edge, sign in to Microsoft 365, and attempt the upload. If it works, the original browser was unsupported. - Install the Windows Accounts extension in Google Chrome
Go to the Chrome Web Store and search for Windows Accounts. Install the extension published by Microsoft Corporation. After installation, sign out and sign in again in Chrome. This extension enables Chrome to pass device compliance checks. - Use Mozilla Firefox
Firefox supports Conditional Access policies without additional extensions. If you prefer Firefox, sign in and test the upload.
Method 3: Check and Adjust Conditional Access Policies in Microsoft Entra Admin Center
If you are an administrator, you can review the policies that block the browser and make adjustments.
- Sign in to the Microsoft Entra admin center
Go to entra.microsoft.com and sign in with your Global Administrator or Conditional Access Administrator account. - Navigate to Conditional Access policies
In the left navigation, expand Protection and select Conditional Access. Then click Policies. - Locate the policy that affects the browser
Look for a policy with All cloud apps or Office 365 in the target. Check the Conditions tab for Client apps or Device platforms that might exclude the browser you are using. - Modify the policy to include the browser
If the policy blocks a specific browser, add that browser to the allowed list under Conditions > Client apps. For device compliance, ensure the policy allows Browser as a client app type. Save the changes. - Test the upload again
Sign out and sign in again in the affected browser. Then try uploading a file to OneDrive.
If OneDrive Upload Still Fails After the Main Fix
OneDrive Web Upload Fails with Error 53000 or 53003
Error codes 53000 and 53003 indicate that the Conditional Access policy explicitly denied the sign-in. This typically happens when the policy requires multi-factor authentication or a compliant device and the browser cannot satisfy those requirements. Verify that the browser is added to the allowed client apps list. If the policy requires multi-factor authentication, complete the MFA prompt during sign-in. If the browser still fails, switch to Microsoft Edge or install the Windows Accounts extension in Chrome.
OneDrive Web Upload Fails in Incognito or Private Mode
Incognito or private browsing modes may block extensions that are required for device compliance. For example, the Windows Accounts extension in Chrome does not run in Incognito mode unless explicitly enabled. Open the extension settings in Chrome and allow Allow in incognito. Alternatively, use a normal browsing session for OneDrive uploads.
OneDrive Web Upload Fails After a Recent Conditional Access Policy Update
If your IT administrator changed a Conditional Access policy while you were signed in, your existing session may hold an invalid token. Sign out of all Microsoft 365 services, clear browser cookies, and sign in again. This forces the browser to obtain a new token that matches the updated policy.
Supported Browsers vs Third-Party Browsers for Conditional Access
| Item | Supported Browsers | Third-Party Browsers |
|---|---|---|
| Description | Browsers that natively support Conditional Access device compliance and session controls | Browsers that may not pass Conditional Access checks without extensions or configuration |
| Examples | Microsoft Edge, Google Chrome with Windows Accounts extension, Mozilla Firefox | Opera, Brave, Vivaldi, Safari (older versions), Internet Explorer 11 |
| Device compliance | Supported via native integration or extension | Not supported; policy may block sign-in |
| App protection policies | Supported in Edge and Chrome with extension | Not supported |
| Recommended action | Use these browsers for OneDrive web uploads | Switch to a supported browser or contact your IT admin |
You can now identify why a specific browser fails to upload files to OneDrive for Business and apply the correct fix. Start by signing out and clearing the browser cache. If the problem persists, switch to Microsoft Edge or install the Windows Accounts extension in Chrome. For administrators, review the Conditional Access policies in the Microsoft Entra admin center and ensure the browser is included in the allowed client apps list. As an advanced tip, use the What If tool in the Conditional Access policies blade to simulate a sign-in from the affected browser and see exactly which policy blocks the upload.