Share via

Azure entra id setup gone wrong. Caanot access account

Swastik Nayak 0 Reputation points
2026-03-21T13:03:41.7633333+00:00

Please help . I cannot access my azure account.User's image

Microsoft Security | Microsoft Entra | Microsoft Entra ID

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. VEMULA SRISAI 12,840 Reputation points Microsoft External Staff Moderator
    2026-03-23T06:48:08.8133333+00:00

    Hello Swastik Nayak,

    Error AADSTS16000 is thrown when the user not found in the tenant used for authentication. In your case, this error usually occurs when you sign in to Azure Portal using your personal account which is not added as an external/guest user to an Azure AD tenant. Due to this, you by default get connected to the Microsoft Services tenant.

    Since you are connected to the Microsoft Services tenant as a standard user with restricted access, you cannot perform actions such as creating new users, groups, enterprise applications, and so on. To perform administrative actions, you must have administrative access to the tenant.

    For this purpose, you need to create your own tenant rather than using the Microsoft Services tenant. When you create a new tenant, you by default become the Global Administrator of the new tenant and have full access to all the options in that tenant.

    User's image

    To create a new tenant, open in-private/incognito browser window (just to avoid SSO), access Create Your Azure Free Account Or Pay As You Go | Microsoft Azure to create a free Azure account.

    Once the new account is created, you should be able to see and switch to the new tenant by clicking on the settings icon as highlighted below:

    In some cases, the user might already have an active session that uses a different personal account than the one that's intended to be used. Or they have a session that uses their organization account although they intended to use a personal guest account (or vice versa).

    In that scenario, try signing in to the Azure Portal trough a tenant-specific URL using the following format:

    [https://portal.azure.com/<tenant] domain name>

    Eg.

    https://portal.azure.com/constoso.onmicrosoft.com

    Note: In your scenario The issue occurred because of converting to internal user, so please sign in with the full UPN so that you can be able to sign in.

    For the recovered account, no changes are required in the B2B configuration. The recovery process restores the existing user object and does not change the user type. If the user was already a B2B Guest (External user) before recovery, you should keep it as is. You only need to change the user type if there is a business requirement to convert the user to an internal Member account.

    Was this answer helpful?

    0 comments
  2. Q&A Assist
    2026-03-21T13:03:59.33+00:00
    AI generated content. This question contains an answer created with AI from Q&A Assist. Learn more

    The error message indicates that the Microsoft account (live.com) being used doesn’t exist in the Microsoft Entra tenant that the Azure portal is trying to use, so it can’t get an authentication token for the support extension. The message also states that the account must be added as an external user in that tenant, or a different Entra ID account must be used.

    Use these steps to recover access:

    1. Confirm the correct identity
      • If the same email address exists both as a personal Microsoft account and as a work/school (Entra ID) account, they’re separate identities with different permissions.
      • Sign out completely from Azure and related services, then sign back in with the correct identity that actually belongs to the target tenant.
      • To fully sign out and switch identity for Azure DevOps and related services, follow the pattern described for shared identities:
        1. Close all browser windows.
        2. Open a private/incognito window.
        3. Browse to https://aka.ms/vssignout to force sign-out.
        4. Then go to the Azure portal and sign in again, choosing the other identity (work/school vs personal) when prompted.
    2. If locked out of the tenant as an admin
      • If this is a Microsoft 365/Azure tenant and sign-in is blocked because of password or MFA issues, use the appropriate recovery path:
        • If there is another global admin in the tenant, that admin can reset the password or reset MFA methods for the locked-out account from Microsoft Entra ID → Users → Authentication methods.
        • If there is no other global admin, or the tenant has no accessible global admin, contact Microsoft support via the Data Protection / Tenant Recovery channel as described in the sign-in troubleshooting guidance.
    3. If the tenant itself is blocked or inaccessible
      • If the tenant has been blocked due to inactivity (error AADSTS5000225), the tenant admin must contact Microsoft using the global support phone numbers to request reactivation within the allowed time window.
    4. If the account truly doesn’t exist in that tenant
      • If the message is shown while trying to access a specific tenant that is not the home tenant of the live.com account, the owner/admin of that tenant must:
        • Add the live.com account as a guest/external user in that tenant, and
        • Assign appropriate roles or access.
      • Alternatively, sign in with a work/school account that already belongs to that tenant.
    5. If none of the above applies
      • Use the “Support for Business Products” or global support phone numbers referenced in the sign-in troubleshooting documentation to reach Microsoft support, explain that the Entra ID account cannot access the Azure portal due to the AADSTS16000/interaction_required error, and request tenant/account recovery.

    References:

    Was this answer helpful?

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.