![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(176, 86%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMM%3C/text%3E%3C/svg%3E)
Azure Policy
An Azure service that is used to implement corporate governance and standards at scale for Azure resources.
913 questions
Hi Mudasir Mirza,
Thanks for reaching out to Microsoft Q&A.
Check the below points and let us know for any questions.
Hi Mudasir Mirza,
Thanks for reaching out to Microsoft Q&A.
Check the below points and let us know for any questions.
- Reset Password Policy:
- Ensure that the Azure AD tenant where the "Cloud Owner" account resides has a password reset policy configured. This policy is typically set up in the Azure AD Admin Center.
- Navigate to Azure AD > Password reset and check if the password reset policy is configured for your tenant. If not, you will need to configure it by enabling self-service password reset for the users.
- Directory Setup:
- It sounds like there might be a multi-directory setup where dirA is the primary directory, and dirB is used for specific access purposes. This can complicate user management.
- When users are added to dirB from dirA and appear as external users, it suggests that dirB treats them as guests. Guest users have limited capabilities compared to member users.
- Owner Role and External User Status:
- The account showing as "Owner" but also as an "External User" indicates that this account is likely a guest user with elevated permissions in dirB. However, guest users might still have some limitations.
- Consider converting the guest user to a member user in dirB if you need full access and functionality.
- Steps to Resolve Issues: Check Password Reset Policy:
- Verify that the password reset policy is enabled and properly configured.
- If necessary, follow the Microsoft documentation to set up the self-service password reset: Azure AD self-service password reset. Directory User Management:
- Review the configuration of your directories to understand why users are being added as external users in dirB.
- Check the settings in Azure AD > External identities to see if there are any specific configurations causing this behavior.
- Convert External User to Member User: if needed, convert the external user to a member user in dirB:
- Go to Azure AD > Users.
- Select the external user and click on Edit.
- Change the user type from Guest to Member. Collaboration and Access Management:
- Consider using Azure AD B2B collaboration features to manage external users and their access more effectively: Azure AD B2B documentation.
If nothing works, and if you have tight timeline, i would suggest you raise a support ticket with microsoft for quick help.
https://azure.microsoft.com/en-us/support/create-ticket/
Please 'Upvote'(Thumbs-up) and 'Accept' as an answer if the reply was helpful. This will benefit other community members who face the same issue.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(304, 90%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)