Share via

Azure portal: Experiencing authentication issues

Robert Elliot 0 Reputation points
2025-02-17T12:53:00.1133333+00:00

After I login I get this over and over again. Signing out and in again does not help.

I've literally just signed up for the first time trying to use Azure to trial installing our Kubernetes helm chart into an Azure Kubernetes cluster.

There is no other Azure Active Directory user account.

May be related to trying to signup for the Azure Free Trial, which failed because it simply would not allow me to get a text message. Perhaps it has left my account in some broken half way state?

Experiencing authentication issues

The portal is having issues getting an authentication token. The experience rendered may be degraded.

Additional information from the call to get a token: Extension: Microsoft_Azure_Support Resource: self Details: The logged in user is not authorized to fetch tokens for extension 'Microsoft_Azure_Support' because the user account is not a member of tenant 'f8cdef31-a31e-4b4a-93e4-5f571e91255a'. Error details: invalid_grant: 50020 - [2025-02-17 12:43:16Z]: AADSTS50020: User account '{EUII Hidden}' from identity provider 'live.com' does not exist in tenant 'Microsoft Services' and cannot access the application 'c44b4083-3bb0-49c1-b47d-974e53cbdf3c'(Azure Portal) in that tenant. The account needs to be added as an external user in the tenant first. Sign out and sign in again with a different Azure Active Directory user account. Trace ID: 319062a5-af20-41d7-9615-b05fbd2d0100 Correlation ID: d49e5c19-8f39-42f1-a297-9d6a5bd9aa39 Timestamp: 2025-02-17 12:43:16Z - Correlation ID: d49e5c19-8f39-42f1-a297-9d6a5bd9aa39 - Trace ID: 319062a5-af20-41d7-9615-b05fbd2d0100

Experiencing authentication issues

Additional information from the call to get a token: Extension: Microsoft_Azure_Billing Resource: graph Details: interaction_required: AADSTS16000: User account '{EUII Hidden}' from identity provider 'live.com' does not exist in tenant 'Microsoft Services' and cannot access the application '631d36ba-ddbd-4e88-807a-b8cd54f9b390'(Microsoft_Azure_Billing) in that tenant. The account needs to be added as an external user in the tenant first. Sign out and sign in again with a different Azure Active Directory user account. Trace ID: 7cd09c37-6df7-4475-a3c6-81a91cd3d900 Correlation ID: 330a60c5-81d7-4e81-ae68-8643079357b4 Timestamp: 2025-02-17 12:42:20Z

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
23,337 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Akhilesh Vallamkonda 12,020 Reputation points Microsoft Vendor
    2025-02-18T06:05:21.4633333+00:00

    Hi @Robert Elliot

    Thank you for reaching Microsoft Q&A Forum!

    When you are trying to login to Azure portal using their personal Microsoft Account (Outlook, Hotmail..) they are getting AADSTS160021 or AADSTS16000 or AADSTS50020 errors.

    Error AADSTS16000 is thrown when the user not found in the tenant used for authentication. In your case, this error usually occurs when you sign in to Azure Portal using your personal account which is not the part of the tenant or not added as an external/guest user to an Azure AD tenant. Due to this, you by default get connected to the Microsoft Services tenant.

    Reason: Whenever you sign in Azure portal using Microsoft Personal Account you by default get connected to the Microsoft Services tenant.

    If you are connected to the Microsoft Services tenant as a standard user with restricted access, you cannot perform actions such as creating new users, groups, enterprise applications, and installing Kubernetes. To perform administrative actions, you must have administrative access to the tenant.

    Solution: You need to create your own tenant rather than using the Microsoft Services tenant.
    You get one with an Azure free trial
    When you create a new tenant, you by default become the Global Administrator of the new tenant and have full access to all the options in that tenant.

    In some cases, the user might already have an active session that uses a different personal account than the one that's intended to be used. Or they have a session that uses their organization account although they intended to use a personal guest account (or vice versa).
    In that scenario, try signing in to the Azure Portal trough a tenant-specific URL using the following format:

    https://portal.azure.com/<tenant domain name>

    Eg.

    https://portal.azure.com/constoso.onmicrosoft.com

    Hope this helps. Do let us know if you any further queries by responding in the comments section.

    If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.