Cannot login to Azure portal: AADSTS16000: User account does not exist in tenant 'Microsoft Services'

Question

I'm encountering an issue while trying to sign in to the Azure portal with an email ******@gmail.com . The error message I receive states:

{
  "sessionId": "bc6682fadb7f441e8774efda82173cf2",
  "errors": [
    {
      "errorMessage": "interaction_required: AADSTS16000: User account '{EmailHidden}' from identity provider 'live.com' does not exist in tenant 'Microsoft Services' and cannot access the application '74658136-14ec-4630-ad9b-26e160ff0fc6'(ADIbizaUX) in that tenant. The account needs to be added as an external user in the tenant first. Sign out and sign in again with a different Azure Active Directory user account.
Trace ID: b1e11038-774c-46ee-be73-e512ec7a7700
Correlation ID: 9d5ce3f1-def9-4a33-a5e1-f14338211d5b
Timestamp: 2023-08-30 20:34:00Z",
      "clientId": "74658136-14ec-4630-ad9b-26e160ff0fc6",
      "scopes": [
        "a57aca87-cbc0-4f3c-8b9e-dc095fdc8978/.default"
      ]
    }
  ]
}

I've double-checked my credentials and the tenant, but I can't seem to resolve the issue. Could you please provide guidance on how to proceed? Thank you.

@AmanpreetSingh-MSFT

Answer 1

Hi @Javeria Noor ,

Thanks for reaching out.

Error AADSTS16000 is thrown when the user not found in the tenant used for authentication. In your case, this error usually occurs when you sign in to Azure Portal using your personal account which is not added as an external/guest user to an Azure AD tenant. Due to this, you by default get connected to the Microsoft Services tenant.

Since you are connected to the Microsoft Services tenant as a standard user with restricted access, you cannot perform actions such as creating new users, groups, enterprise applications, and so on. To perform administrative actions, you must have administrative access to the tenant.

For this purpose, you need to create your own tenant rather than using the Microsoft Services tenant. When you create a new tenant, you by default become the Global Administrator of the new tenant and have full access to all the options in that tenant.

To create a new tenant, open in-private/incognito browser window (just to avoid SSO), access https://azure.microsoft.com/en-us/free/ to create a free Azure account.

Once the new account is created, you should be able to see and switch to the new tenant by clicking on the settings icon as highlighted below:

In some cases, the user might already have an active session that uses a different personal account than the one that's intended to be used. Or they have a session that uses their organization account although they intended to use a personal guest account (or vice versa).

In that scenario, try signing in to the Azure Portal trough a tenant-specific URL using the following format:

https://portal.azure.com/<tenant domain name>

Eg.

https://portal.azure.com/constoso.onmicrosoft.com

Hope this will help.

Thanks,

Shweta

---

Please remember to "Accept Answer" if answer helped you

Answer 2

Hi @Shweta Mathur ,

Thanks for you prompt response and apologies for delaying from my side.

I appreciate your guidance, but I wanted to confirm if this procedure applies to a student account as well. I am using an Azure student account, and I want to ensure that I follow the correct steps for resolving this issue. Could you please clarify if the solution you provided is suitable for student accounts?

Thank you."

Answer 3

Hi @Shweta Mathur ,

it is giving me this error when trying to create new tennat