![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(179.20000000000002, 24%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMV%3C/text%3E%3C/svg%3E)
Microsoft Security | Microsoft Entra | Microsoft Entra ID
A cloud-based identity and access management service for securing user authentication and resource access
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(201.6, 99%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ER%3C/text%3E%3C/svg%3E)
The error indicates that the account ******@my-vpa.com, which is backed by the live.com identity provider (a personal Microsoft account), does not exist as a user in the Microsoft Services tenant and therefore cannot access the Microsoft 365 Copilot application in that tenant.
Based on the provided context, the relevant causes and actions are:
- The account is not in the tenant that owns the app
- The error text explicitly states that the user account from identity provider
live.comdoes not exist in tenantMicrosoft Servicesand cannot access the application. - To use this tenant’s application, the account must be added as an external (guest) user in that tenant.
- If there is an administrator for the
Microsoft Servicestenant, that administrator must invite thislive.comaccount as a guest user following the steps in “Quickstart: Add guest users to your directory in the Azure portal”.
- The error text explicitly states that the user account from identity provider
- Possible wrong tenant/session
- The error can also occur if signed in to the wrong tenant or with the wrong account session.
- Sign out from all active sessions and then sign in again, preferably using a different browser or an in-private/incognito session, and ensure the correct Microsoft Entra ID tenant and account are used.
- Personal account vs. tenant account
- The message shows
identity provider 'live.com', which is a personal Microsoft account. If Microsoft 365 Copilot in this scenario is intended only for organizational (work/school) accounts in a specific tenant, a personallive.comaccount will not work unless explicitly added as a guest.
- The message shows
- Universal Print–style guidance (same error pattern)
- Similar guidance for Universal Print with the same error code states that the credentials must be an account in the Microsoft Entra ID tenant that is using the service. By analogy, to use Microsoft 365 Copilot in this tenant, sign in with an account that belongs to that tenant (or a guest account that has been properly invited).
Summary of what must happen:
- Either:
- Use a Microsoft Entra ID account that actually exists in the
Microsoft Servicestenant and has access to Microsoft 365 Copilot.
- Use a Microsoft Entra ID account that actually exists in the
- Or:
- Have the tenant administrator invite
******@my-vpa.comas a guest user to that tenant, redeem the invitation, then sign out and sign back in (preferably via a private browser session) with that invited account.
- Have the tenant administrator invite
References: