## WS-Trust Enabled/disabled When WS Trust is disabled the user's sign-in doesn't log to Entra, and so the Conditional Access policy does not get applied. We have tested this with the following: [email protected] has WS Trust **Disabled** [email protected] has WS Trust **Enabled** Both users are in the Conditional Access Policy that controls for IP-based routing, and should give the following error message when attempting to send a message via the script Matt Williams made: In the event that the user is receiving this message, it means that we are able to reach Entra for the conditional policy blocking [email protected] testing via Script 1st Both Conditional Access Policies enforced **Error message 1** 2nd Added this account to Legacy Auth exception, Portal Test CAP enforced **Error message 1** 3rd Portal Test CAP enforced **Error message 1** 4th Added this account to Portal Test policy in OneLogin and ensured an authentication method was available, **Error Message 1** Added my IP to Exclude list for Condtional Access Policy, 11:39AM; waiting to confirm 11:52AM, ### Error Message 1 Conditional Access Policy blocking connection (cannot authenticate, did not meet criteria) `Failed to send test email: Exception calling "Send" with "1" argument(s): "The SMTP server requires a secure connection or the client was not authenticated. The server response was: 5.7.57 Client not authenticated to send mail. Error: 535 5.7.139 Authentication unsuccessful, the request did not meet the criteria to be authenticated successfully. Contact your administrator. [CH0PR04CA0018.namprd04.prod.outlook.com 2024-08-22T15:40:30.418Z 08DCC23607C8FBB3]"` ### Error Message 2 WS-Trust is disabled (federated STS service was unreachable) `Failed to send test email: Exception calling "Send" with "1" argument(s): "The SMTP server requires a secure connection or the client was not authenticated. The server response was: 5.7.57 Client not authenticated to send mail. Error: 535 5.7.139 Authentication unsuccessful, federated STS service was unreachable. [CH2PR17CA0009.namprd17.prod.outlook.com 2024-08-22T16:30:08.492Z 08DCC259A0554D33]"`