Share via

Corrupt Entra ID Tenant

Tim Blizard 0 Reputation points
2024-04-02T12:43:14.5433333+00:00

I created an 'external' Entra ID tenancy but somehow it's now configured in an unmanageable state. This may be because of a combination of me configuring MFA and Visual Studio registering an App. The symptoms are as follows:

  1. When viewing the tenant properties under 'Manage tenants' all the fields except 'Organization Name' and 'Tenant ID' show 'Loading...'
  2. Any attempt to login to that Tenant results in a repeating sequence of"
    1. Action Required - Your organization requires additional security information. Follow the prompts to download and set up the Microsoft Authenticator app. (NEXT)
    2. Success! Great job! You have successfully set up your security info. Choose "Done" to continue signing in. Default sign-in method: Authenticator app or hardware token - code (DONE goto a.)
  3. There are entries in the sign-in log for the Global Admin with error code 50072 and I saw this error message but I can't remember where ... 'AADSTS90014: The required field 'request' is missing from the credential' when login in with Azure B2C with Custom Identity Provider
  4. For a while I had trouble finding a way to log back into my Workforce tenant because it kept redirecting to the damaged tenant but I found that I could go via the Office 365 portal.

I can't delete the tenant because you have to be able to login though I have been able to delete the Resource Group so I'm not sure how that's possible or what Resource Group it's now in.

Any help gratefully received.

Tim

Microsoft Security | Microsoft Entra | Microsoft Entra External ID
Microsoft Security | Microsoft Entra | Microsoft Entra ID

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Babafemi Bulugbe 4,025 Reputation points MVP Volunteer Moderator
    2024-04-04T14:16:22.0533333+00:00

    Hello Tim Blizard,

    Thank you for posting this in the Microsoft Q&A Community.

    From my understanding, you are not able to access your Entra ID Organization.

    Based on the errors listed above, you are trying to authenticate into an Azure B2C organization that is explicitly for application authentication. Hence, the reason you never created a subscription or a resource group during the setup.

    One major pointer that no tenant has been created is the first error you highlighted above (When viewing the tenant properties under 'Manage tenants' all the fields except 'Organization Name' and 'Tenant ID' show 'Loading...')

    We might need to go through some troubleshooting steps to be able to resolve this.

    Firstly, let's start by trying to force the authentication to the tenant and see if we are successful. I need you to copy the tenant ID, and then access the URL portal.azure.com/yourtenantid in an Incognito tab. Use the same account you created the tenant with to see if you can authenticate.

    Secondly, check the tenant ID in the Office environment. Make sure this corresponds with the same tenant you are trying to authenticate to.

    NB: This error indicates that you are trying to authenticate to the wrong tenant. Only a consumer account in Azure B2C can go through an Azure External Provider to authenticate. Your Global Admin account is an administrative account and not a consumer account. (There are entries in the sign-in log for the Global Admin with error code 50072 and I saw this error message but I can't remember where ... 'AADSTS90014: The required field 'request' is missing from the credential' when login in with Azure B2C with Custom Identity Provider)

    Let me know what the result is then we can go ahead to troubleshoot more.

    Babafemi

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.