Issue while logging in to Azure/Entra portal - AADSTS160021/AADSTS16000/AADSTS50020

Givary-MSFT 28,486 Reputation points Microsoft Employee
2023-09-29T06:27:45.6333333+00:00

When trying to access the Azure portal getting below Errors:

AADSTS160021/AADSTS16000(Interaction required)

User's image

User's image

User's image

Microsoft Entra
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,661 questions
0 comments
Accepted answer
  1. Shweta Mathur 27,936 Reputation points Microsoft Employee
    2023-09-29T06:31:26.23+00:00

    Hi @Givary-MSFT ,

    Thanks for reaching out.

    Issue: When Users are trying to login to Azure portal using their personal Microsoft Account (Outlook, Hotmail..) they are getting AADSTS160021 or AADSTS16000 or AADSTS50020 errors.

    Reason: Whenever you sign in Azure portal using Microsoft Personal Account you by default get connected to the Microsoft Services tenant (f8cdef31-a31e-4b4a-93e4-5f571e91255a).

    You can also confirm this by navigating to Azure Active Directory > Overview blade and you can see f8cdef31-a31e-4b4a-93e4-5f571e91255a as Tenant ID.

    In this default tenant, you do not have any directory associated with it which you can confirm by navigating to settings.

    User's image

    As this is a standard tenant without any directory associated, you cannot perform actions such as creating new users, groups, enterprise applications, and so on. To perform administrative actions, you must have administrative access to the tenant.

    Solution: For this purpose, you need to create your own tenant rather than using the Microsoft Services (f8cdef31-a31e-4b4a-93e4-5f571e91255a) tenant.

    To create a new tenant, open in-private/incognito browser window (just to avoid SSO), access https://azure.microsoft.com/en-us/free/ to create a free Azure account.

    User's image

    When you create a new tenant, you by default become the Global Administrator of the new tenant and have full access to all the options in that tenant.

    If you still want to access Entra portal using your personal Microsoft account only, you can invite that user as a guest user as mentioned here : https://learn.microsoft.com/en-us/azure/active-directory/external-identities/add-users-administrator#add-guest-users-to-the-directory and assign the Global Administrator role.

    Once you are added to an azure tenant and you accept the invite sent to you via email, you can use https://portal.azure.com/#create/Microsoft.AzureActiveDirectory URL to create your own tenant as well.

    Hope this will help.

    Thanks,

    Shweta

    Please remember to "Accept Answer" if answer helped you.

    2 people found this answer helpful.

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Renan Catan 0 Reputation points
    2024-04-22T20:57:24.0433333+00:00

    Hello @Shweta Mathur I'm getting the same issue, though I have a particularity:

    I bought azure cloud 1TB and I'm trying set up my "personal account" and adding external users to solve the issue you posted above with the error AADSTS16000, however in my case I can't click in external user, when i click this happens:
    AADSTS16000

    So how do I even add an external user if I can't even click it?
    And if so, which should be an external user, should I create it first somewhere else like inside microsoft 365 environment UI, and if so then it will work when I click in adding external user?
    Anyway please help me out because I don't want to create an account that is free for only a year since im already paying microsoft for this storage and i just want to retrieve my personal data for my app such as my images, videos, infos etc

    Thank you!

    0 comments