Having issues with account login and getting support -- can't login to even reach support

Question

{
  "sessionId": "...",
  "errors": [
    {
      "errorMessage": "interaction_required: AADSTS16000: User account ...; from identity provider 'live.com' does not exist in tenant 'Microsoft Services' and cannot access the application (Microsoft_Azure_SupportPortalExtension) in that tenant. The account needs to be added as an external user in the tenant first. Sign out and sign in again with a different Azure Active Directory user account. Trace ID: ... Correlation ID: [Moderator note: personal info removed],
      "clientId": "...",
      "scopes": [
        ".../.default"
      ]
    }
  ]
}

Answer 1

Hi @SZ,

Thank you for reaching out and for providing the detailed error message.

I understand how challenging this situation can be, especially when you’re unable to sign in to your account and are blocked from accessing the support portal at the same time. Based on the error you shared, this is a tenant and account type mismatch during sign‑in, which is why you can’t reach the Support experience.

This typically occurs when you’re signing in with a personal Microsoft account (such as Outlook.com, Hotmail, or Gmail - also known as a live.com identity), while the portal is attempting to authenticate you against an Entra ID (Azure AD) tenant (in this case, “Microsoft Services”) where your account does not exist. As a result, authentication fails before access to support can be granted.

1/ Sign out and clear browser data:

Please try the following first:

• Sign out of all Microsoft accounts in your browser.
• Clear cookies and site data related to Microsoft.
• Close all browser windows, then reopen a fresh InPrivate/Incognito session and try signing in again.

 

2/ If the issue continues, please follow these steps:

To perform administrative actions, you must have administrative access to the tenant. For this purpose, you need to create your own tenant rather than using the Microsoft Services tenant where you are assigned the Global Administrator role.

To create a new tenant, open in-private/incognito browser window (just to avoid SSO), access https://azure.microsoft.com/en-us/free/ to create a free Azure account.

After this, you can sign in to the Azure portal under the correct tenant and create support requests, as long as your account has the required permissions (such as Owner, Contributor, or Support Request Contributor).

 

I hope this helps you regain access as quickly as possible. Please try the steps above and let me know how it goes. I’ll be happy to continue working through this with you if you need further assistance.

As other users will also search for information in this community, your vote can significantly help those with similar inquiries quickly locate the most relevant resources. 

Thank you for your kindness and for contributing to the forum.   

---

If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".       

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread. 

Answer 2

The error indicates a personal Microsoft account (live.com) is trying to access a resource in the “Microsoft Services” tenant where that account does not exist as a user. This blocks access to the Azure Support Portal extension and prevents opening support from that path.

Use these steps and alternatives based on the documented patterns:

1. Confirm the account type and tenant
   • The message shows the identity provider is live.com, which is a personal Microsoft account.
   • For admin and support actions in Microsoft Entra/Azure, a work or school (Entra ID) account in a proper tenant is required. Personal accounts are now connected to the Microsoft Services tenant without a linked directory, so they cannot administer a tenant.
2. If the goal is to administer Azure/Entra or open Azure support
   • Follow the documented guidance for personal accounts receiving tenant/Entra errors:
     • Create an Azure account that includes a new tenant, which will make that account a Global Administrator in that tenant. See the “Create an Azure account with a new tenant” solution for error AADSTS50020.
     • After the tenant exists, sign in to Azure and use that tenant to open support cases.
3. If the goal is to access the My Apps portal or other Entra-backed apps
   • Make sure the correct tenant is targeted when signing in:
     • Use https://myapplications.microsoft.com?tenantId=*your_domain_name* or https://myapplications.microsoft.com?tenant=*your_tenant_ID* if a work/school tenant exists and the account is part of it.
   • Verify the correct site address is used (https://myapps.microsoft.com or the organization’s custom URL) and that the password and verification info are valid.
4. If completely locked out as the only admin of a business tenant
   • When there is only one global admin and that admin cannot sign in, the documented path is to contact the Microsoft Data Protection team by phone so they can verify identity and help regain access.
   • For Partner/tenant admin scenarios, the guidance is to use the regional support phone numbers under “Get support - Microsoft 365 admin” or “Support for Business Products” and request transfer to the Microsoft 365 or Azure Data Protection team, depending on the product.
5. If sign-in loops or browser issues occur when trying to reach support.microsoft.com
   • Ensure microsoft.com, support.microsoft.com, login.live.com, and login.microsoftonline.com are not misconfigured in the browser’s Trusted sites list (or, if policy requires one of them, add all of them) so cookies can be shared correctly.
   • Clear browser cache, or try InPrivate mode or another browser, then attempt sign-in again.
6. If unable to reach support because of 2FA or password problems
   • For work/school accounts where self-service password reset is enabled, use the documented “Reset your work or school password using security info” flow.
   • If 2FA is lost and there is only one admin, contact the Data Protection team by phone as above; forum and portal channels cannot override these protections.

In summary, the specific AADSTS16000/AADSTS50020-style condition arises because a personal live.com account is not a user in the Microsoft Services tenant. To proceed, use or create a proper Entra tenant with a work/school account for admin and support, or contact the appropriate Microsoft support line (Data Protection team) if locked out of an existing business tenant.

---

References:

• Error AADSTS50020 - User account from identity provider does not exist in tenant
• Troubleshoot problems with the My Apps portal
• Troubleshoot sign-in issues and account access problems
• Troubleshoot sign in issues for support.microsoft.com
• I have a Micrsoft business account and I am the admin and the only user registered under this account. I can't log in because i have replaced my phone and the authenticator doesn't work. - Microsoft Q&A
• 7 Day Old Azure Account: AADSTS5000225: This tenant has been blocked due to inactivity. - Microsoft Q&A
• Error message: interaction_required: AADSTS5000225: This tenant has been blocked due to inactivity - Microsoft Q&A
• I need to speak with a real person and it seems impossible. - Microsoft Q&A
• Can not access Azure - Microsoft Q&A
• Customer Support Portal - Troubleshoot Microsoft Identity Platform login