Share via

The portal encountered an issue while attemding to retrieve access token.

Marion Langlet 0 Reputation points
2025-01-28T14:31:53.9433333+00:00

I can't do anything on my azure account, I have this error message below. I try to sign up to another subscription like "pay as you go" but it fails verfying my phone (which is correct).

It's for my personnal use so I don't have an another account to connect with.

But I don't know if it's related but my personnal account is linked to my former school account and my work account.

{
  "sessionId": "##",
  "errors": [
    {
      "errorMessage": "interaction_required: AADSTS16000: User account '{EUII Hidden}' from identity provider 'live.com' does not exist in tenant 'Microsoft Services' and cannot access the application '##;(ADIbizaUX) in that tenant. The account needs to be added as an external user in the tenant first. Sign out and sign in again with a different Azure Active Directory user account. Trace ID: ## Correlation ID: ## Timestamp: 2025-01-28 14:22:30Z",
      "clientId": "##",
      "scopes": [
        "##/.default"
      ]
    }
  ]
}
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
23,059 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Goutam Pratti 1,475 Reputation points Microsoft Vendor
    2025-01-28T20:06:08.41+00:00

    Hello @Marion Langlet ,

    Thank you for reaching out Microsoft Q&A.

    I Understand you can't do anything on your azure account while encountering AADSTS16000.

    Whenever you sign in Azure portal using Microsoft Personal Account (Outlook, Hotmail...) you by default get connected to the Microsoft Services tenant (Example: d6cdef31-a31e-4c4a-93e4-0f571a91255b). 

    You can also confirm this by navigating to Microsoft Entra ID > Overview blade and you can see Example: d6cdef31-a31e-4c4a-93e4-0f571a91255b as Tenant ID. 

    In this default tenant, you do not have any directory associated with it which you can confirm by navigating to settings. 

    As this is a standard tenant without any directory associated, you cannot perform actions such as creating new users, groups, enterprise applications, and so on. To perform administrative actions, you must have administrative access to the tenant. 

    Solution: For this purpose, you need to create your own tenant rather than using the Microsoft Services (Example: d6cdef31-a31e-4c4a-93e4-0f571a91255b) tenant. 

    To create a new tenant, open in-private/incognito browser window (just to avoid SSO), access https://azure.microsoft.com/en-us/free/ to create a free Azure account. 

    When you create a new tenant, you by default become the Global Administrator of the new tenant and have full access to all the options in that tenant. 

    If you still want to access Entra portal using your personal Microsoft account only, you can invite that user as a guest user as mentioned here : https://learn.microsoft.com/en-us/azure/active-directory/external-identities/add-users-administrator#add-guest-users-to-the-directory and assign the Global Administrator role to proceed further with the account. 

    Once you are added to an azure tenant and you accept the invite sent to you via email, you can use https://portal.azure.com/#create/Microsoft.AzureActiveDirectory URL to create your own tenant as well. 

    Hope this helps. Do let us know if you any further queries.

    If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.

    Regards,
    Goutam Pratti.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.