Locked out of directory I am an Owner of

Question

Hello,

A friend invited me to their Azure Entra ID as a guest user, and set me as a member of the admin group that has owner privileges.

I was able to log in for 10 days, created resources (including an Azure Databricks cluster that no one can access now). But somehow lost access to the directory.

In fact, I do not see their directory when I click "switch directory" when logged in to the Azure portal.

They triple checked, my user is still active on their Entra ID, and I am still part of the admin group.

Any ideas what we did wrong?

Answer 1

Hello Emile Kratiroff,

Thank you for raising your question in the Microsoft Q&A Community.

I understand you are not able to access the directory you were invited to.

Firstly, check if you have a dual account (if your account has a work or school account and also a personal account). If you logged in to a different one other that the one you use to authenticate with, then this might be a reason why you are not seeing the tenant under the switch feature

To check this, open an Inprivate or Incognito tab and try accessing the portal. If your account is dual, you will have the same as in the screenshot above.

Secondly, get the tenant id of the Organization and force the authentication if the first rule doesnt apply to you. Authenticate by going to portal.azure.co/tenantid and see if you are able to authenticate.

If the above doesnt work, have them reset the invitation

Please note that if there is a need to allow someone else have access to those resources, the Global Admin in the tenant can elevate him or herself and assign a role to his or her account after the elevation. Elevating a Global Admin account will give access to the Global Admin on all the Subscriptions and Resources within the tenant.

Follow this link to learn more about elevation https://learn.microsoft.com/en-us/azure/role-based-access-control/elevate-access-global-admin?tabs=azure-portal

Let me know if further assistance is needed.

Babafemi

Answer 2

Hello Emile Kratiroff,

Thank you for raising your question in the Microsoft Q&A Community.

I understand you are not able to access the directory you were invited to.

Firstly, check if you have a dual account (if your account has a work or school account and also a personal account). If you logged in to a different one other that the one you use to authenticate with, then this might be a reason why you are not seeing the tenant under the switch feature

To check this, open an Inprivate or Incognito tab and try accessing the portal. If your account is dual, you will have the same as in the screenshot above.

Secondly, get the tenant id of the Organization and force the authentication if the first rule doesnt apply to you. Authenticate by going to portal.azure.co/tenantid and see if you are able to authenticate.

If the above doesnt work, have them reset the invitation

Please note that if there is a need to allow someone else have access to those resources, the Global Admin in the tenant can elevate him or herself and assign a role to his or her account after the elevation. Elevating a Global Admin account will give access to the Global Admin on all the Subscriptions and Resources within the tenant.

Follow this link to learn more about elevation https://learn.microsoft.com/en-us/azure/role-based-access-control/elevate-access-global-admin?tabs=azure-portal

Let me know if further assistance is needed.

Babafemi