How to setup users with "mail" identities

Question

I have some users that i need to grant access to my main subscription and setup via Micrasoft Entra.

If I check my existing accounts based on what works and what does not. The accounts which are marked as Microsoft Account or External Azure AD seem to work fine, meaning that i can add the user as a co-administrator on my subscription, and the user can then login and see what they need to see to go about their business.

Unfortunately, users that are marked as "mail" are not visible when i try to add co-administartors to my subscription, and when i do a "check access" and search for the email address, i get nothing, then if i try to look at eligible assignments i get a message saying "The tenant needs an AAD Premium 2 license.". Does anyone know what the problem is and how to fix it?

Answer 1

Hello @Matthew , you cannot add self-signed up users (the ones wil mail identity) as Azure Co-Administrator. Only guests that were invited (ExternalAzureAD or MicrosoftAccount identity) can be added.

Pleawe keep in mind that Classic resources and classic administrators will be retired on August 31, 2024. Remove unnecessary Co-Administrators and use Azure RBAC for fine-grained access control, which do support self-signed up users.

Let us know if you need additional assistance. If the answer was helpful, please accept it and rate it so that others facing a similar issue can easily find a solution.