This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(3.2, 62%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMC%3C/text%3E%3C/svg%3E)
Hello,
We are a government organization trying to configure the Intune Certificate Connector for use with PKCS certificates. Everything was going good until we got to the part where it asks us to sign in to Azure AD. When we go to log in to Azure AD in the cert. connector we choose the Intune for government cloud, then try to sign in with 3 different global admin accounts that have intune licenses assigned to them and they all say they're personal accounts and will not work. Then I tried to log in with my account that has Intune administrator privileges but Microsoft says it cannot find the account.
My first question, how can we go about having Microsoft see our global admin accounts as "organization" accounts as opposed to "personal" accounts. My second question, even though all of our accounts are in the Azure AD why does my account not exist according to Microsoft? I was following this doc: https://learn.microsoft.com/en-us/mem/intune/protect/certificate-connector-install and once I got to step 6. under "configure the certificate connector" we ran in to problems using any of our accounts. We made sure all of these accounts have Intune licenses and that our accounts are all synchronized from our local AD.
My manager said maybe it has something to do with our tenant not being linked to an Azure subscription because we just recently upgraded our licenses and he noticed we cannot do certain things like diagnostic logs. He also explained there may be some issues with account privileges if we do license our tenant (can anyone explain this?) but since it's been working we're not sure if the license was ever applied or just recently expired due to us upgrading our license from Office 365 to Microsoft 365 G3 GCC. Any ideas and help would be greatly appreciated!
Answer: I was using Government cloud to log in however only specific organizations are eligible for that (We are not one of them). Logging in via public commercial cloud was the fix even though we are a government organization with GCC licensing.
@Matt Chapman
I'm glad that you were able to resolve your issue and thank you for posting your solution so that others experiencing the same thing can easily reference this!
If you have any other questions, please let me know.
Thank you for your time and patience throughout this issue.
Hi,
I am assuming the upgrading of licenses might have caused this behaviour, can you provide information whether it was via third party provider or a MSP provider that upgraded the licenses for your tenant?
As the GCC licenses are government linked and there are some rules, conditions to be fulfilled before they are activated and assigned, I will suggest you connect with your license provider and clarify the process.
Note:Office 365 Government plans are available to (1) qualified government entities, including US federal, state, local, tribal, and territorial government entities, and (2) other entities (subject to validation of eligibility) who handle data subject to government regulations and requirements, where use of Office 365 Government is appropriate to meet these regulations and requirements.
Alternatively please try this support link and select the region - support
Please read this gcc
==
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.
Good morning Jimmy,
To clarify, I understood my manager wrong. He mentioned our tenant is not linked to an azure subscription so there are certain things we cannot do, would connecting a certificate connector be one of them?
We went through CDWG to upgrade our license. We've already had the government Office 365 license but now we upgraded to the Microsoft 365 license. We're not sure if the tenant Azure subscription was an issue previously because we didn't have a previous certificate connector. I posted this in the other community as well so hopefully I can get some understanding on why our admin accounts say they're personal accounts and why an intune administrator account seemingly doesn't exist according to Microsoft. Thank you for the information.
@Matt Chapman
Thank you for your detailed post and I apologize for the delayed response!
When it comes to your sign-in issues, since you've already made sure that you're using a Global Admin/Intune Admin, and the account has the Intune License assigned, can you also make sure the user account that you're logging in with is a synchronized account from your local Active Directory.For more info - Prerequisites for the Certificate Connector for Microsoft Intune
To verify if the user you're logging in with was sync'd from on-prem:
Note: You can also verify if the user is on-prem sync'd by adding the "On-premises immutable ID" column when viewing all users in your tenant.
Prerequisites for the Certificate Connector for Microsoft Intune - Azure Active Directory User
I've also added the mem-intune-general tag to this thread so their community can take a look into this issue as well.
If you have any other questions, please let me know.
Thank you for your time and patience throughout this issue.
----------
Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.
@JamesTran-MSFT Hello!
Thanks for the reply, I have confirmed that my intune administrator account and my it manager's global admin accounts are syncing with on-prem. I have confirmed we met all of the pre-requisites regarding connecting the certificate connector.
The problem when trying to sign in to Azure AD for my intune administrator account just claims that this microsoft account doesn't exist, when trying to log in with my IT Manager's global admin account, it claims it's a personal account and not an organization account. Could you help us figure out why it's saying my account doesn't exist, and why it says my manager's account does exist but that it's not an organization account?
Thank you for your time and support!
Matt
@Matt Chapman
Thank you for following up on this!
Would you be able to share a screenshot of the error message(s) that you're seeing so I can gain a better understanding of your issue? I've also reached out to our Intune team directly to see if they can take a look into this as well.
Since you've confirmed everything is correct, this might require our support engineers to take a closer look into your environment. If you'd like to work closer with our support engineers through a one-time free technical support request and have an active Azure Subscription, please let me know.
Thank you for your time and patience throughout this issue!
Here is a screenshot that my manager's account is receiving (Global Admin):
Here is a screenshot with the message my account receives:
@Matt Chapman
Thank you for following up on this and I apologize for the delayed response!
Since you don't have an active Azure Subscription ID, I won't be able to enable your subscription for a one-time free technical support request. However, I spoke to our Intune team and since your issue requires more troubleshooting, they recommend that you create an Intune support request using our How to get support in Microsoft Endpoint Manager admin center documentation.
If you have any other questions, please let me know.
Thank again you for your time and patience throughout this issue.