This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(99.2, 51%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBL%3C/text%3E%3C/svg%3E)
Hi, I'm trying to login an user to my AAD Application via oAuth2. But I'm getting the following error:
Request Id: 818c8dfa-22fd-4e00-93f1-16e6d8142a00
Correlation Id: dc0539ce-d422-4933-b813-036dfcf50c48
Timestamp: 2023-05-10T09:57:44Z
Message: AADSTS500200: User account '****@****.net' is a personal Microsoft account. Personal Microsoft accounts are not supported for this application unless explicitly invited to an organization. Try signing out and signing back in with an organizational account.
The goal is to impersonate the user and make requests to https://graph.microsoft.com on the users behalf with delegated permissions. As far as I understand a guest invitation to the application is not needed, is it? What do I need to change to allow any personal account to log in?
Things I already did:
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(246.4, 20%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESM%3C/text%3E%3C/svg%3E)
Hi @Bülent Hacioglu ,
Just checking in to see if the below answer helped. If this answers your query, please don’t forget to click "Accept Answer" which might be beneficial to other community members reading this thread. And, if you have any further query do let us know.
You may want to try Azure B2C as “social” accounts are used with AAD, that is more a B2B or AAD to AAD. I would B2C to segment out these type of accounts.
Hi @Bülent Hacioglu ,
Thanks for reaching out.
You need to invite the user as a guest user in your Azure AD tenant to authenticate using OAuth.
If you don't want to invite guest users to your directory. Then you can leverage Azure AD B2B or Azure AD B2C as per case scenario to authentication to your application registered in Azure AD.
https://learn.microsoft.com/en-us/azure/active-directory/external-identities/what-is-b2b
https://learn.microsoft.com/en-us/azure/active-directory-b2c/overview
Hope this will help.
Thanks,
Shweta
Please remember to "Accept Answer" if answer helped you.
Hi, thanks for your response. I have been looking into Azure AD B2C and managed to
However, as far as I understand I cannot use this flow to get authorization from an user to e.g. read their calendar via Graph API. Also, the "API Permissions" page states that "Azure AD B2C only uses offline_access and openid delegated permissions".
Is there a way or do I have to go with the guest invite in AAD?
Your understanding is correct here.
Tokens obtained using user flow or custom policies are not used to call graph API, those tokens can be used to call your backend Web API.
To call calendar using Graph API, you can leverage Azure AD and invite guest users.
In order to call /{user-id}/events/calendars to work the user must have mailbox on Exchange Online.
But for your scenario, it seems assigning license to a guest account (Microsoft personal account in this case) is not possible and hence the user account never gets access to the calendar service (part of o365 exchange online) due to which it cannot retrieve the calendar information of personal account.
Hope this will help.
Thanks,
Shweta
Please remember to "Accept Answer" if answer helped you.
Hi @Bülent Hacioglu
Your error may be caused by one of the following reasons, please refer to the corresponding official document for troubleshooting.
Hope this helps.
If the reply is helpful, please click Accept Answer and kindly upvote it. If you have additional questions about this answer, please click Comment.