Share via

Unable to log in with a new Azure Student account

Roscoe Annas 0 Reputation points
2025-02-08T21:21:20.8833333+00:00

I am exploring use of Azure Virtual Desktop with a Student account for a project, but I am unable to log in after creating the account. I receive the following error:

User account 'r#####1@#######.######.edu' from identity provider 'https://sts.windows.net/b2e1e6f4-64f1-4872-9da1-ca8a9a7c41f7/' does not exist in tenant 'Microsoft' and cannot access the application 'c44b4083-3bb0-49c1-b47d-974e53cbdf3c'(Azure Portal) in that tenant. The account needs to be added as an external user in the tenant first. Sign out and sign in again with a different Azure Active Directory user account.

I also have login errors when I try to submit a support ticket, but I do not have an issue accessing my school's Microsoft 365 resources.

Any advice or assistance would be appreciated.

Microsoft Security | Microsoft Entra | Microsoft Entra ID
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Anonymous
    2025-02-10T12:09:02.8966667+00:00

    Hello @Roscoe Annas

    Thank you for reaching out to Microsoft Q&A.

    Issue: When Users are trying to login to Azure portal using their personal Microsoft Account (Outlook, Hotmail.) they are getting AADSTS160021 or AADSTS16000 or AADSTS50020 errors.

    AADSTS50020: This code indicates that the user account is not recognized in the specified tenant and needs to be added as an external user.

    https://learn.microsoft.com/en-us/troubleshoot/entra/entra-id/app-integration/error-code-AADSTS50020-user-account-identity-provider-does-not-exist

    Reason: Whenever you sign in Azure portal using Microsoft Personal Account you by default get connected to the Microsoft Services tenant.

    You can also confirm this by navigating to Azure Active Directory > Overview blade and you can see as Tenant ID.

    In this default tenant, you do not have any directory associated with it which you can confirm by navigating to settings.

    User's image

    As this is a standard tenant without any directory associated, you cannot perform actions such as creating new users, groups, enterprise applications, and so on. To perform administrative actions, you must have administrative access to the tenant.

    Solution: For this purpose, you need to create your own tenant rather than using the Microsoft Services (f8cdef31-a31e-4b4a-93e4-5f571e91255a) tenant.

    To create a new tenant, open in-private/incognito browser window (just to avoid SSO), access https://azure.microsoft.com/en-us/free/ to create a free Azure account.

    User's image

    When you create a new tenant, you by default become the Global Administrator of the new tenant and have full access to all the options in that tenant.

    If you still want to access Entra portal using your personal Microsoft account only, you can invite that user as a guest user as mentioned here: https://learn.microsoft.com/en-us/azure/active-directory/external-identities/add-users-administrator#add-guest-users-to-the-directory and assign the Global Administrator role.

    Once you are added to an azure tenant and you accept the invite sent to you via email, you can use https://portal.azure.com/#create/Microsoft.AzureActiveDirectory URL to create your own tenant as well.

    I hope this clarifies things. Please contact us if you have any additional questions.

    If this answers your query, do click Accept Answer and Yes for "Was this answer helpful". And, if you have any further query do let us know.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.