How to create first-time tenant

Question

How to create first-time tenant

Andrew Jameson 20

I wanted to start work on a 'hobby' project outside of work, so I signed-in to the Azure portal using my personal email address. I found that, for some reason, this was already linked to my work's Azure Active Directory, so I unlinked it.

And now, each time I look at a page in the portal, I'm told that I have RESTRICTED ACCESS, and a message appears (top-right corner) informing me of an authentication error.

When I follow the steps to create a new tenant I get an error page.

If I click on Switch directory I see only a GUID representing my work's AD that I have since left (with this account) and no other options.

What do I need to do to set up a new Azure Active Directory tenant with my own account?

Here is the full text of the message which shows each time I open a new page in the portal.

The portal is having issues getting an authentication token. The experience rendered may be degraded.

Additional information from the call to get a token:

Extension: Microsoft_AAD_IAM

Resource: self

Details: The logged in user is not authorized to fetch tokens for extension 'Microsoft_AAD_IAM' because the user account is not a member of tenant '827f50c0-b974-4942-b515-9414ca3726a4'. Error details: AADSTS50020: User account '{EmailHidden}' from identity provider 'live.com' does not exist in tenant 'Supertext AG Azure' and cannot access the application 'c44b4083-3bb0-49c1-b47d-974e53cbdf3c'(Azure Portal) in that tenant. The account needs to be added as an external user in the tenant first. Sign out and sign in again with a different Azure Active Directory user account.

Trace ID: c338e35f-d598-4541-9ad6-b668c9154900

Correlation ID: c5567571-2da0-4082-9ea7-2b38410c1cfb

Timestamp: 2023-03-26 07:42:56Z

Accepted answer

0 additional answers

Your answer

Answer 1

Patchfox 4,176

Hi Andrew Jameson, I hope I can help you with this question.

If I understand you correctly, you have separated your private user account from your business organization. Now Azure always tries to log you into the business tenant, which is no longer possible.

Problem

Since you have left the business tenant as a guest user with your identity, Azure can no longer find your user there as an active user. To make this possible again, someone from the business tenant with the necessary permissions needs to re-invite you.

As soon as you create a Microsoft account, a default tenant is always created in the background. However, since your last access to Azure was most likely done through the business tenant, you now need to set your home tenant (default) as default again.

To do this, try the following:

1. clear your browser cache ( all browser data) and reopen the browser.
go to https://login.microsoftonline.com and change the client ID with the ID of your home tenant

2.1 if you don't know your Home Tenant Id you can try to open [https://portal.azure.com/@your Tenantname].onmicrosoft.com (the TenantName is your personal Email Adress like firstname.surename.outlook)

Another option to find out the tenant ID is via Powershell:

Connect-AzAccount

Get-AzTenant

With the Get-AzTenant Cmdlet you should get all the tenants to where the user identity is authorized for.

enter your credentials, and you will get connected to the tenant that you have specified in the previous step.
1. after logging in, you can change your default directory by using the below option:

User's image

If the reply was helpful, please don’t forget to upvote or accept it as an answer, thank you.

Andrew Jameson 20 Reputation points

2023-03-26T19:13:53.5933333+00:00

Thanks @Patchfox, but I couldn't fully follow the process.

When I log-in to the portal using a fresh browser, I can see my home tenant ID, and I don't get the RESTRICTED TENANT messages. Good. But I couldn't follow your steps regarding what I now do with this new tenant ID.

In your first example you said...

go to https://login.microsoftonline.com and change the client ID with the ID of your home tenant

Can you be more explicit on where I do this?

In this 'fresh' browser, if I navigate to Portal settings | Directories + subscriptions, under Directories I now see "No directories found".

So how do I add/set... er, the Azure AD for my home tenant? (Is that what I need to do?)

I feel like you've helped me move forward a step, but I'm still one step short of the goal.
Patchfox 4,176 Reputation points

2023-03-31T20:17:36.7466667+00:00

Ok, I understand.

Can you please execute the following PowerShell commands and post the output here (please pay attention to data that must remain protected). Important would be how many tenants are present in the output.

Connect-AzAccount (with personal Credentials)

Get-AzTenant

To your question. With "Changing the client ID", I mean, that you need to enter your known tenant id or tenant name (with the syntax I wrote ) into the address line.

Are you able to log in to your home tenant with a fresh browser? If yes, can you explain what else is your problem? If not another problem could be, if you haven't already created an Azure subscription, you can log in but Microsoft hasn't created any tenant yet. That's why you can't find any directory.
Then, the first step is to create your first own tenant including your first (free) subscription. This doc explains to you what you have to do.
Andrew Jameson 20 Reputation points

2023-04-02T19:41:03.6233333+00:00

I'm actually on a Mac, so I used the Azure CLI and entered...

az login

The result was...

No subscriptions found for [my personal email address].

I was pretty sure that I had a personal account from a few years ago, but ok. So I just went to the 'Create Azure account' webpage, entered my details, and... I now have a brand new Azure account.

I'm sorry for wasting your time, I was sure that I already had an account.

Share via

How to create first-time tenant

0 additional answers

Your answer