Share via

How to fix Authentication issues on microsoft azure

Growth Acquisition 5 Reputation points
2023-08-16T20:51:25.0133333+00:00

Hello, I need to refresh an API token through microsoft Azure in order to advertise on microsoft ads. however, i am getting an authentication issue upon signing into the azure portal. this is preventing me from submitting a support ticket. The person who set this up is no longer at my company. Here is the error:

Experiencing authentication issues

The portal is having issues getting an authentication token. The experience rendered may be degraded. Additional information from the call to get a token: Extension: Microsoft_Azure_Support Resource: self Details: The logged in user is not authorized to fetch tokens for extension 'Microsoft_Azure_Support' because the user account is not a member of tenant 'f8cdef31-a31e-4b4a-93e4-5f571e91255a'. Error details: invalid_grant: 50020 - [2023-08-16 20:46:49Z]: AADSTS50020: User account '{EmailHidden}' from identity provider 'live.com' does not exist in tenant 'Microsoft Services' and cannot access the application 'c44b4083-3bb0-49c1-b47d-974e53cbdf3c'(Azure Portal) in that tenant. The account needs to be added as an external user in the tenant first. Sign out and sign in again with a different Azure Active Directory user account. Trace ID: 53fae6bb-15b4-49f9-9d7b-0da93ae25201 Correlation ID: 539ca4e7-6c2d-40b0-99a8-e4e3cdc1b5e8 Timestamp: 2023-08-16 20:46:49Z - Correlation ID: 539ca4e7-6c2d-40b0-99a8-e4e3cdc1b5e8 - Trace ID: 53fae6bb-15b4-49f9-9d7b-0da93ae25201

Microsoft Security | Microsoft Entra | Microsoft Entra ID

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Anonymous
    2023-08-16T21:00:29.3833333+00:00

    If you are the only global admin on the account and are blocked entirely, you can reach out to the Azure / 365 Data Protection team to restore access. 866-807-5850

    Also, for the future, you can create an emergency access account (break glass) in Azure AD. This account will help prevent being accidentally locked out of your Azure Active Directory (Azure AD) organization because you can't sign in for any reason. https://docs.microsoft.com/en-us/azure/active-directory/roles/security-emergency-access

    Some other support options include;
    AzureSupport
    https://support.microsoft.com/en-us/topic/global-customer-service-phone-numbers-c0389ade-5640-e588-8b0e-28de8afeb3f2
    azcommunity@microsoft.com

    recovery form https://account.live.com/acsr

    or creating a ticket through a different account: https://learn.microsoft.com/en-us/microsoft-365/admin/get-help-support?view=o365-worldwide#phone-support

    -

    --please don't forget to upvote and Accept as answer if the reply is helpful--

  2. Shweta Mathur 30,296 Reputation points Microsoft Employee Moderator
    2023-08-21T05:28:55.07+00:00

    Hi @Growth Acquisition .

    The error AADSTS50020: User account '{EmailHidden}' from identity provider 'live.com' does not exist in tenant 'Microsoft Services' usually occurs when you sign in to Azure Portal using your personal account which is not added as an external/guest user to an Azure AD tenant. Due to this, you by default get connected to the Microsoft Services tenant. You can confirm this by navigating to Azure Active Directory > Overview blade and you can see f8cdef31-a31e-4b4a-93e4-5f571e91255a as Tenant ID.

    Since you are connected to the Microsoft Services tenant as a standard user with restricted access, you cannot perform actions such as creating new users, groups, enterprise applications, and so on. To perform administrative actions, you must have administrative access to the tenant.

    For this purpose, you need to create your own tenant rather than using the Microsoft Services (f8cdef31-a31e-4b4a-93e4-5f571e91255a) tenant. When you create a new tenant, you by default become the Global Administrator of the new tenant and have full access to all the options in that tenant.

    To create a new tenant, open in-private/incognito browser window (just to avoid SSO), access https://azure.microsoft.com/en-us/free/ to create a free Azure account.

    Once the new account is created, you should be able to see and switch to the new tenant by clicking on the settings icon as highlighted below:

    174999-image.png

    Alternatively, you can ask the global administrator or any existing Azure AD tenant to invite you as a guest user as mentioned here: https://docs.microsoft.com/en-us/azure/active-directory/external-identities/add-users-administrator#add-guest-users-to-the-directory. Once you are added to an azure tenant and you accept the invite sent to you via email, you can use https://portal.azure.com/#create/Microsoft.AzureActiveDirectory URL to create your own tenant as well.

    Hope this will help.

    Thanks,

    Shweta

    Please remember to "Accept Answer" if answer helped you.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.