Issue with Entra ID

Question

Almost 10 years ago, my friends and I were in a startup called IrisCheck, and we used Azure cloud services for the product. We won the Imagine Cup back then, and had a full subscription for a year or a couple of years (I don't quite remember by now).

Now I want to try today's version of Azure and do exercises for some Databricks courses using a trial subscription.

But I didn't notice when I first logged into the Azure portal and activated the trial subscription that I still was in that super-old IrisCheck Active Directory.

After noticing that, I tried to delete everything, and I seemed to succeed:

• I deleted all the users and recourses related to the IrisCheck tenant,
• I canceled and three days later (due to the restrictions) deleted the subscription,
• Lastly, I deleted the IrisCheck tenant itself.

And now after opening the Entra ID page, I constantly (signing in again doesn't help) receive the following error message (copied details below):

{
  "sessionId": "c6b4c070df6a4b4184ed960610256c8e",
  "errors": [
    {
      "errorMessage": "interaction_required: AADSTS16000: User account '{EmailHidden}' from identity provider 'live.com' does not exist in tenant 'Microsoft Services' and cannot access the application '74658136-14ec-4630-ad9b-26e160ff0fc6'(ADIbizaUX) in that tenant. The account needs to be added as an external user in the tenant first. Sign out and sign in again with a different Azure Active Directory user account. Trace ID: 0c515bba-5e2f-43df-bda7-973002e62b00 Correlation ID: b562c635-cfb3-4d69-8a74-72381905f0f7 Timestamp: 2024-01-21 20:17:21Z",
      "clientId": "74658136-14ec-4630-ad9b-26e160ff0fc6",
      "scopes": [
        "a57aca87-cbc0-4f3c-8b9e-dc095fdc8978/.default"
      ]
    }
  ]
}

How can I completely detach my account (padalkom@gmail.com) from that super-old IrisCheck space and delete it?
Or maybe you can just delete everything related to IrisCheck on your side?
I also sent this request to AzCommunity@microsoft.com but haven't received any answer yet.

Thank you!

Answer 1

Hello @Mikhail Padalko ,

Thank you for reaching out to Microsoft Azure QnA platform. I have reviewed the session details and see you are trying to connect on Microsoft Azure Portal using Personal Account. The error you are facing is a design behavior and has been answered/documented by one of my colleagues on following QnA post: https://learn.microsoft.com/en-us/answers/questions/1377925/issue-while-logging-in-to-azure-entra-portal-aadst

Adding content from above QnA post on this thread for your reference: Issue: When Users are trying to login to Azure portal using their personal Microsoft Account (Outlook, Gmail, Hotmail..) they are getting AADSTS160021 or AADSTS16000 or AADSTS50020 errors. Reason:

• Whenever you sign in Azure portal using Microsoft Personal Account you by default get connected to the Microsoft Services tenant (f8cdef31-a31e-4b4a-93e4-5f571e91255a).
• You can also confirm this by navigating to Azure Active Directory > Overview blade and you can see f8cdef31-a31e-4b4a-93e4-5f571e91255a as Tenant ID.
• In this default tenant, you do not have any directory associated with it which you can confirm by navigating to settings.
• As this is a standard tenant without any directory associated, you cannot perform actions such as creating new users, groups, enterprise applications, and so on.
• To perform administrative actions, you must have administrative access to the tenant.

Solution:

• For this purpose, you need to create your own tenant rather than using the Microsoft Services (f8cdef31-a31e-4b4a-93e4-5f571e91255a) tenant. To create a new tenant, open in-private/incognito browser window (just to avoid SSO), access https://azure.microsoft.com/en-us/free/ to create a free Azure account.
• When you create a new tenant, you by default become the Global Administrator of the new tenant and have full access to all the options in that tenant.
• If you still want to access Entra portal using your personal Microsoft account only, you can invite that user as a guest user as mentioned here : https://learn.microsoft.com/en-us/azure/active-directory/external-identities/add-users-administrator#add-guest-users-to-the-directory and assign the Global Administrator role.
• Once you are added to an azure tenant and you accept the invite sent to you via email, you can use https://portal.azure.com/#create/Microsoft.AzureActiveDirectory URL to create your own tenant as well.

I hope this answer helps to resolve your issue. Please "Accept the answer" if the information helped you. This will help us and others in the community as well.