Hello @Mikhail Padalko ,
Thank you for reaching out to Microsoft Azure QnA platform. I have reviewed the session details and see you are trying to connect on Microsoft Azure Portal using Personal Account. The error you are facing is a design behavior and has been answered/documented by one of my colleagues on following QnA post: https://learn.microsoft.com/en-us/answers/questions/1377925/issue-while-logging-in-to-azure-entra-portal-aadst
Adding content from above QnA post on this thread for your reference: Issue: When Users are trying to login to Azure portal using their personal Microsoft Account (Outlook, Gmail, Hotmail..) they are getting AADSTS160021 or AADSTS16000 or AADSTS50020 errors. Reason:
- Whenever you sign in Azure portal using Microsoft Personal Account you by default get connected to the Microsoft Services tenant (f8cdef31-a31e-4b4a-93e4-5f571e91255a).
- You can also confirm this by navigating to Azure Active Directory > Overview blade and you can see f8cdef31-a31e-4b4a-93e4-5f571e91255a as Tenant ID.
- In this default tenant, you do not have any directory associated with it which you can confirm by navigating to settings.
- As this is a standard tenant without any directory associated, you cannot perform actions such as creating new users, groups, enterprise applications, and so on.
- To perform administrative actions, you must have administrative access to the tenant.
Solution:
- For this purpose, you need to create your own tenant rather than using the Microsoft Services (f8cdef31-a31e-4b4a-93e4-5f571e91255a) tenant. To create a new tenant, open in-private/incognito browser window (just to avoid SSO), access https://azure.microsoft.com/en-us/free/ to create a free Azure account.
- When you create a new tenant, you by default become the Global Administrator of the new tenant and have full access to all the options in that tenant.
- If you still want to access Entra portal using your personal Microsoft account only, you can invite that user as a guest user as mentioned here : https://learn.microsoft.com/en-us/azure/active-directory/external-identities/add-users-administrator#add-guest-users-to-the-directory and assign the Global Administrator role.
- Once you are added to an azure tenant and you accept the invite sent to you via email, you can use https://portal.azure.com/#create/Microsoft.AzureActiveDirectory URL to create your own tenant as well.
I hope this answer helps to resolve your issue. Please "Accept the answer" if the information helped you. This will help us and others in the community as well.