entra auth problems when logging in to azure

Question

entra auth problems when logging in to azure

Jason S 0

There doesn't seem to be a tag for "azure auth" so doing my best with the entra tags.

I want to use azure for my business, but am unable to login/authenticate properly. it seems likely this is a migration issue from the legacy accounts systems from 10 or so years ago to Entra? Please let me know how to get this fixed. azure is unusable because it either doesn't log me in, or kicks me out immediately after logging in, with a message like the following:

Request Id: 3424d8b1-dc31-454f-8ba1-c8cdf4260d00

Correlation Id: eb40f6e0-7945-49df-82b6-a97190d7c9e4

Timestamp: 2025-04-27T18:14:17Z

Message: AADSTS50020: User account '******@novaleaf.com' from identity provider 'live.com' does not exist in tenant 'Microsoft Services' and cannot access the application 'e6694c91-1590-4e35-9bb7-b865c638b9c1'(Microsoft_Azure_SupportPortalExtension) in that tenant. The account needs to be added as an external user in the tenant first. Sign out and sign in again with a different Azure Active Directory user account.

2 answers

Your answer

Answer 1

So it appears that you originally had an account like ******@novaleaf.com that was tied to your Microsoft personal account. Azure expects a Work/School Account (an account tied to an Azure AD/Entra ID tenant) to authenticate. Your ******@novaleaf.com account is still a personal account, and it does not exist inside the Entra ID tenant that Azure is trying to log you into. Hence this error: AADSTS50020: User account '******@novaleaf.com' from identity provider 'live.com' does not exist in tenant 'Microsoft Services'

To fix this, you have two options, depending on what you want long-term:

Option 1: Create an Entra ID (Azure AD) account properly for your domain (novaleaf.com)

Step 1: Go to Microsoft Entra Admin Center and create a new tenant or ensure your novaleaf.com domain is registered properly in a tenant.
Step 2: Create a new Work/School Account (******@novaleaf.com) inside that tenant (or invite yourself as a Guest if needed).
Step 3: Sign in to Azure Portal using the new work account, not the old personal Microsoft Account.
Step 4: Migrate any subscriptions/resources if necessary (I'll explain if needed — it's a process involving "changing subscription ownership").

Option 2: Add your old account as a Guest User to the tenant

If you don’t want to create a whole new account yet:

Step 1: Someone who has access to the tenant where the Azure subscription resides (maybe you? or someone you can log in as?) can invite your personal ******@novaleaf.com account as a Guest User.
Step 2: Once invited, you can access Azure resources by accepting the invitation.
Step 3: This is a "band-aid" — it works but isn't ideal long-term because you’ll still have this weird Personal-vs-Work account conflict sometimes.

Btw. when you have both a personal Microsoft Account and a Work/School account with the same email address, login might get a bit confusing — you might get a prompt "Which account do you want to use: Work or Personal?", so you might consider choosing the first option.

If the above response helps answer your question, remember to "Accept Answer" so that others in the community facing similar issues can easily find the solution. Your contribution is highly appreciated.

hth

Marcin

Jason S 0 Reputation points

2025-04-27T19:56:33.6766667+00:00

Thank you for the detailed reply Marcin. likely your deduction is correct, in that I used to have some sort of azure tenant tied to my domain long ago that has been deleted.

If a new email address signs into azure for the first time, how would that be treated, given that they wouldn't have their own tenant/work account? would they be prompted to create a new work tenant also? If not, is there any way to reset my account to be the same "personal developer account" so I don't get hit by these issues? I would like to not have to pick between Personal/Work accounts for the same email address.
Jason S 0 Reputation points

2025-04-27T23:02:01.1566667+00:00

when I visit the Entra Admin center I'm greeted by this 403 error:

{ "shellProps": { "sessionId": "4915dfdc7f6746e6845329e70e60f6b1", "extName": "Microsoft_AAD_IAM", "contentName": "EntraDashboard.ReactView", "code": 403 }, "error": { "message": "Insufficient privileges to complete the operation.", "code": 403 }} and am unable to perform any actions there.
Venkata Jagadeep 1,250 Reputation points Microsoft External Staff Moderator

2025-04-29T09:58:08.1+00:00

Hello Jason S,

We haven’t heard from you on the last response and was just checking back to see if you are able to access your user account. If in case you have any issues, please let us know with more details and we will try to help.
Venkata Jagadeep 1,250 Reputation points Microsoft External Staff Moderator

2025-04-30T11:01:16.68+00:00

Hello Jason S,

We haven’t heard from you on the last response and was just checking back to see if you are able to access your user account. If in case you have any issues, please let us know with more details and we will try to help.

Answer 2

Hello Jason S,

As per the description, you are not able to login to Azure tenant and getting the error AADSTS50020.

The error shows that your user account is a guest account in the tenant and now it does not exist, so getting authentication failures.

You can check the tenant where your domain is registered by providing your domain name in the below website.

https://whatismytenantid.com

Once, you get the tenant ID, I request you to login to the tenant and can create a new work/school account rather than inviting the user as guest to avoid confusion.

Please review and try to login as i mentioned in private message.

Share via

entra auth problems when logging in to azure

2 answers

Your answer