![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(176, 18%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETA%3C/text%3E%3C/svg%3E)
Microsoft Security | Microsoft Entra | Microsoft Entra ID
A cloud-based identity and access management service for securing user authentication and resource access
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(201.6, 99%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ER%3C/text%3E%3C/svg%3E)
The error indicates that the account used to sign in (... from identity provider live.com, a personal Microsoft account) does not exist in the Microsoft Entra tenant that backs the “Microsoft Services” directory and therefore cannot access the Azure Support Portal application in that tenant.
From the error text and documented causes, there are three main possibilities and corresponding fixes:
- Wrong endpoint for the account type
- The sign-in is being performed as if it were an organizational (work/school) account in a specific tenant, but the identity provider is
live.com(personal Microsoft account). - If the Azure AD app is configured for organizational accounts only, a
live.comaccount cannot be used unless it is added as a guest. - If developing or configuring an app, ensure the correct authority URL is used for the supported account type:
- Multitenant org-only:
https://login.microsoftonline.com/organizations - Multitenant + personal:
https://login.microsoftonline.com/common - Personal only:
https://login.microsoftonline.com/consumers
- Multitenant org-only:
- For portal access, use the correct work/school account associated with the Azure tenant instead of the
live.comaccount.
- The sign-in is being performed as if it were an organizational (work/school) account in a specific tenant, but the identity provider is
- Signed in to the wrong tenant / wrong session
- The browser session is currently authenticated with a different account (for example, a personal
live.comaccount) than the intended corporate Azure AD account. - Action:
- Sign out of all Microsoft accounts in the browser.
- Open a new InPrivate/Incognito window.
- Browse to the Azure portal and sign in explicitly with the corporate (work) account that belongs to the Azure tenant, not the
live.comaccount.
- Verify in the error details that
User accountandIdentity providermatch the intended combination (corporate account should show the organization’s identity provider, notlive.com).
- The browser session is currently authenticated with a different account (for example, a personal
- Account not present in the tenant (guest not invited)
- The
live.comaccount truly does not exist in the “Microsoft Services” tenant. - If the intention is to use that personal account as a guest in that tenant, a tenant admin must first invite it as a guest user, following the standard B2B invitation process. Until invited, the account cannot access apps in that tenant.
- The
To proceed with Azure portal access as a “corporate account”:
- Use the actual organizational account that belongs to the Azure tenant (not the
live.compersonal account), or - Ask an admin of the target tenant to invite the
live.comaccount as a guest if that is the intended access pattern, then sign in again after the invitation is accepted, ensuring a clean/private browser session.
References:
- Error AADSTS50020 - User account from identity provider does not exist in tenant
- Customer Support Portal - Troubleshoot Microsoft Identity Platform login
- Troubleshoot sign-in issues and account access problems
- "Sorry, but we're having trouble signing you in" when a user signs in to Microsoft 365, Azure, or Intune