Azure AD Identity issuer MicrosoftAccount

Question

Azure AD Identity issuer MicrosoftAccount

bzsolt 21

In our tenant my user has multiple identity issuers. Other users have just one. In case of my user there is an issuer that is the same what other users have and there is an issuer named MicrosoftAccount. In case of the MicrosoftAccount issuer the Sign-in type is federated.

What does this mean? Why it is added to my account? What advantages it has and can I add it for other users too?

Accepted answer

1 additional answer

Your answer

Answer 1

Vasil Michev 119.8K MVP Volunteer Moderator

That is likely because you have added your MicrosoftID (outlook.com account) to your tenant's directory. MicrosoftAccount is the identity provider linked to such accounts, and federated basically means, that an external identity provider (external to Azure AD in this case, not external to Microsoft) is responsible for authenticating this user. Here's for example how it looks for one such user in my tenant:

Refer to the following article for more details: https://learn.microsoft.com/en-us/azure/active-directory/external-identities/user-properties

bzsolt 21 Reputation points

2022-01-13T11:26:24.413+00:00
Thank you for your answer. This makes sense. What I know for sure, the Microsoft Account doesn't exist now (not sure who deleted it).

The account is homed in an external directory based on your answer and the article you shared. Is there a way to convert the MicrosoftID to an org user, or home the user in the org directory?

I created the tenant with this email, does this mean that this user is the owner of the tenant?
Vasil Michev 119.8K Reputation points MVP Volunteer Moderator

2022-01-13T13:07:44.537+00:00

There's no "owner" per se for Azure AD tenants, at most the account was a Global admin, but you can simply appoint another Global admin and delete the original one. As for "converting", you can convert between a "member" or a "guest" user, but you cannot change the federation type and such. For that, you need to remove/re-add the user.
bzsolt 21 Reputation points

2022-01-13T13:19:23.413+00:00

Thank you!

Answer 2

Hi all,

"Homed in a Microsoft or other account and represented as a guest user in the host organization. In this case, the guest user signs in with a Microsoft account or a social account. The invited user's identity is created as a Microsoft account in the inviting organization’s directory during offer redemption." @ https://learn.microsoft.com/en-us/training/modules/implement-manage-external-identities/3-collaboration.

On invite redemption MS account is created in inviting organizations directory.

Share via

Azure AD Identity issuer MicrosoftAccount

1 additional answer

Your answer