This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
I have a Azure B2C instance configured to manage authentication for my web service. When I try and add an Identity provider using a Microsoft Account following these instructions https://learn.microsoft.com/en-us/azure/active-directory-b2c/identity-provider-microsoft-account, It will only allow the user to use a personal account to sign in. I would like for the user to be able to use a work or school account to sign in as well.
I have tried these instructions for multi-tenant https://learn.microsoft.com/en-us/azure/active-directory-b2c/identity-provider-azure-ad-multi-tenant-custom?tabs=app-reg-ga. But when I try to create the custom IDP, I get the following error message:
"The Metadata Endpoint 'https://login.microsoftonline.com/common/v2.0/.well-known/openid-configuration' is not an allowed endpoint."
I just want to be able to give the user to choose any Microsoft account to login. Similar to how I signed up for this learn.microsoft.com, where it let me choose from personal or my work accounts.
It is a lot of careful steps and configuration, but, it does work:
To use Custom Policies, the first step is to complete all the steps described here:
Get started with custom policies - Azure AD B2C | Microsoft Learn
Then complete the steps described here:
Set up sign-in for multi-tenant Azure AD by custom policies - Azure AD B2C | Microsoft Learn
I detailed my experience in this Blog post:
User flows do not support multi-tenant Azure AD identity providers. You might try with custom policies but choosing Accounts in any organizational directory (Any Azure AD directory - Multitenant) and personal Microsoft accounts (e.g. Skype, Xbox) instead of Accounts in any organizational directory (Any Azure AD directory - Multitenant) in step 6 of Register an application.
--
Please let us know if this answer was helpful to you. If so, please remember to mark it as the answer so that others in the community with similar questions can more easily find a solution.