Access to the web-resource <xyz> is conditioned on group membership.

Group membership authorization is done via Auth-connector.

When User A is accessing web-resource <xyz> from a Windows computer a policy denied message is received.

When User B is accessing web-resource <xyz> from a Windows computer the resource is loaded as expected.

User A and User B are both members of the group that is conditioning access to web-resource <xyz>.

Auth-connector and WSS Agent.

Windows 10 setup as Microsoft Managed Desktop.

After setting the Auth-connector log-levels to debug the following message was see for the user authorization requests:

2022/04/11 08:36:14.407 [4308] [8548:4308] Failed S4U s4uLogin for user: 'DOMAIN\USER'; status=1793:0x701:The user's account has expired.

The end user checked with the customer helpdesk and found out that their Windows user account (which they used to login onto their Windows computer) had effectively expired.

After the account was re-enabled the authorization issue was resolved.