![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(265.6, 95%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESE%3C/text%3E%3C/svg%3E)
Microsoft Security | Microsoft Entra | Microsoft Entra ID
A cloud-based identity and access management service for securing user authentication and resource access
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Hello @Serkan ŞENTÜRK,
Thank you for reaching out to Microsoft Q&A.
We understand that when a user wants to renew their passcode, you receive an email. But when you try to log in, you are getting a permission issue with an error code AADSTS16000.
Whenever you sign in Azure portal using Microsoft Personal Account (Outlook, Hotmail...) you by default get connected to the Microsoft Services tenant (f8cdef31-a31e-4b4a-93e4-5f571e91255a).
You can also confirm this by navigating to Azure Active Directory > Overview blade and you can see f8cdef31-a31e-4b4a-93e4-5f571e91255a as Tenant ID.
In this default tenant, you do not have any directory associated with it which you can confirm by navigating to settings.
As this is a standard tenant without any directory associated, you cannot perform actions such as creating new users, groups, enterprise applications, and so on. To perform administrative actions, you must have administrative access to the tenant.
Solution: For this purpose, you need to create your own tenant rather than using the Microsoft Services (f8cdef31-a31e-4b4a-93e4-5f571e91255a) tenant.
To create a new tenant, open in-private/incognito browser window (just to avoid SSO), access https://azure.microsoft.com/en-us/free/ to create a free Azure account.
When you create a new tenant, you by default become the Global Administrator of the new tenant and have full access to all the options in that tenant.
If you still want to access Entra portal using your personal Microsoft account only, you can invite that user as a guest user as mentioned here : https://learn.microsoft.com/en-us/azure/active-directory/external-identities/add-users-administrator#add-guest-users-to-the-directory and assign the Global Administrator role to proceed further with the account.
Once you are added to an azure tenant and you accept the invite sent to you via email, you can use https://portal.azure.com/#create/Microsoft.AzureActiveDirectory URL to create your own tenant as well.
Hope this will help. Please "Accept the answer" if the information helped you. This will help us and others in the community as well.
Thanks & Regards
Janaki Kota