Some customers of ours are using external Microsoft accounts to access AAD services.
Since we're not linked with their domain, and some of them use Gmail account, adding their entire domain to our AAD is hardly possible.
The old portal (manage.windowsazure.com) had the following screen:
The new portal has a guest system which hardly works (adding an external guest results in a generic B2BError: Unable to invite user with no other details -- even if the old portal still works), and "New user" can only create users with registered domains.
Is there a way, in the new portal (portal.azure.com), to add Microsoft accounts?
I'm asking this now, since this is technically a duplicate of How do I add a Microsoft account to Azure Active Directory?, because the old portal is sunsetting on November 30, 2017, at which point working like this will no longer be possible.
Running New-AzureADMSInvitation helped me to get it working, with some more steps for our own setup:
Executed New-AzureADMSInvitation -InvitedUserEmailAddress account-to-invite#gmail.com -SendInvitationMessage $True -InviteRedirectUrl "http://mybusiness.com"
New-AzureADMSInvitation failed with an error, but one I could understand this time: The object either is sourced from an on prem directory or is undergoing migration
Went to check our on-prem AD if it had a user with the affected e-mail. It did not. Huh.
Ran a complete AD Sync cycle, just in case, on our on-prem AD with Start-ADSyncSyncCycle -PolicyType Initial
Waited until (Get-ADSyncScheduler).SyncCycleInProgress went back to False
Reexecuted New-AzureADMSInvitation, which worked this time.
Related
My team already has a working Azure DevOps account. I would like to start an Azure subscription / Active Directory to begin linking our DevOps to App Services and other Azure products.
However, any time I click on a link to get started with Azure, I am met with a perplexing paradox trying to log in.
First I'm told that I can't log in because my MS account isn't found:
But if I try to "Create one!" or "get a new Microsoft account", I'm told it already exists:
I've taken out the email address being used, but I've confirmed they are the same between the two screens (I'm not even typing anything; all I'm doing is clicking "Next" on each screen).
I know that this MS account is valid. It's the same one I use to sign in with Azure DevOps and many other MS services. I'm not sure why I can't log in to the Azure set up platform. And there doesn't seem to be any kind of support options with Azure before you become a subscriber, so I thought I'd try my luck posting the issue here.
Thanks for any help!
You can connect your Azure DevOps organization to Azure Active Directory (Azure AD). Kindly checkout this document - About accessing your organization via Azure AD
Just to clarify, I hope you are an administrator on the subscription.
https://learn.microsoft.com/azure/devops/organizations/accounts/faq-azure-access?view=azure-devops
When your sign-in address is shared by your personal Microsoft account and by your work account or school account, but your selected identity doesn't have access, you can't sign in. Although both identities use the same sign-in address, they're separate: they have different profiles, security settings, and permissions.
Sign out completely from Azure DevOps by completing the following steps.
Closing your browser might not sign you out completely.
Sign in again and select your other identity.
https://learn.microsoft.com/azure/devops/organizations/accounts/faq-azure-access?view=azure-devops
To connect your organization to Azure AD.
Sign in to your organization, https://dev.azure.com/{yourorganization}).
Select gear icon > Organization settings.
Select Azure Active Directory, and then select Connect directory.
This problem may stem from the dependency on MS accounts for MSDN instead of work accounts, but maybe some one has found a solution?
I use the same email address for both my MS and Work Accounts.
Our Company Subscriptions seems to be linked to our MS Accounts, as does our VSTS accounts. I can sign into Azure Portals using both MS and Work Account. I want to be able to deploy do our company subscription from VSTS.
When I sign into Azure, using my work account, I can see our Azure AD. I am a global admin and can make changes, etc. This is not visible when I sign in using the MS account. It tells me I don't not have access, which I can understand.
In VSTS, I have linked my MS Account to my work account. But I cant access some of the projects # {whatever}.visualstudio.com VSTS sites with my work account, I must use my MS account.
The main problem is when I try to set up a build and deploy from VSTS into the Company Azure Subscription. To achieve this I need to set up a Service Endpoitn to ARM in Azure. So I go ahead and try to do that.
It fails as it says that the account does not have the sufficient privileges needed in Azure Active Directory. Remember, AAD is only accessible when I log into my work account in the azure portal.
One last point, AAD would see my MS account as a guest account, so I thought 'hey, I will add that account to AAD as a guest and assign privileges necessary to perform the tasks I need'. But because the same email address was used for both my MS account and work account, it tells me when I try to add the guest account, that it already exists.
Is there any way around this problem? How can I associate/move all VSTS subscriptions to my work account?
When the VSTS identity you are using does not have access to the Azure subscription your trying to deploy to, the best way to do this is to create your service endpoint manually.
The steps are [here][1]. See the Azure Resource Manager service endpoint -> Manual subscription definition section. It has a few more steps, but once you create that, just use that service endpoint in your build or release definitions & your good to go.
I am unable to view any services in my azure portal. A couple of days back everything was visible.
I think there's some permissions issue. I am logging as Global Admin on the portal.
[UPDATE]: I was trying to publish a web application from visual studio to my azure account and when I select my account, it says "There are no Azure subscriptions associated with this account". Is it that my account is suspended or deactivated or so?
You are signed in to the classic portal with an AAD subscription. These subscriptions don't support using other services. You might be signed in to the wrong directory. Use the "Subscriptions" menu at the top to switch. If you don't have that, you could also be signed in to the wrong account. Some people have used "work/school" (AAD) email addresses to sign up for a "personal" (Microsoft Account) account. If that happens, you'll see a prompt to pick one of the two when you sign in. If you don't see your subscription, it may be assigned to the personal/MSA account. You can grant access to the other one to avoid this.
I cancelled my "Pay-as-you-go" account that used to host my windows azure website. today I looked on google however, and it decided to index the azure site (builtagroup.azurewebsites.net). I want to re-enable my account and put a permanent redirect on the site until google removes it, but it's not letting me. When I try to re-enable it, it just makes me create a new account, but does not let me have access to my old site. Any suggestions?
I don't think there is any current provision to re-enable cancelled account. You might have to open Billing Support ticket with Windows Azure Team and which is free.
Support for billing and subscription management issues are covered
with your Windows Azure subscription at no additional charge, and you
don’t need to have a Windows Azure Support plan to raise these issues.
To submit an incident, go to the Windows Azure Support site and click
on Get Support
.
I joined to Windows Azure Active Directory beta trial when http://activedirectory.windowsazure.com was initially launched.
At initial process, site forced me to use a new LIVE account instead of the one I already have which is myname#live.com and also controls all my Azure services. Anyway, I did create a new one as myname#mycompany.com
Next, I did be able to create the active directory domain as mycompany#onmicrosoft.com and added my mycompany.com domain as secondary domain.
While ago, Active Directory tab appeared in Azure control panel and it came empty. So I assumed it needs to be link somehow but couldn't find anything about it.
After that, I tried to create a new domain but when I type mycompany into the name field of the create a directory page, it says "This domain is not unique" which is predictable since other live account holds the name.
Tried to delete entire account but didn't work. Also in here says :
"The original contoso.onmicrosoft.com domain name that was provided for your tenant when you signed up cannot be removed from your tenant."
Since I'm the owner of the both account, I would like to move (or re-create etc.) mycompany#onmicrosoft.com under my actual Azure account which is myname#live.com.
Please advise. Thank you!
I didn't realize you had an existing subscription you were looking to work wit. So what you are seeing is expected behavior as there is no subscription associated with your Azure AD account.
We are propping an update this weekend and Monday that will help you here. On Tuesday morning, do the following:
Log into Azure using your Azure AD account.
It will tell you that you have no subscription - set up a 90 day trial subscription - you will not be charged anything for this.
Click onto Active Directory tab in the Azure Portal.
Add a new user - and select to add a user with a Microsoft Account - specify the account that is the administrator of your Windows Azure subscription and make them a "global administrator".
Log off
Log in to Azure portal using the same Microsoft Account that you just added.
Go into Settings.
Click on administrators tab
Select your Azure Subscription
Click "add" in the tray at the bottom
Now add the Azure AD user account you would like to have be a co-admin on your Azure subscription.
That should do it. Now when you log in using your Windows Azure Account you'll be able to administer your Azure subscription.
Just a reminder - try this on Tuesday morning! We will have the update propped by then.
You can make this work though by creating a new 90 trial subscription - you do this on the page where you are being told there are no subscriptions associated with your account.
You need to log into Azure using your myname#mycompany.com account (the Windows Azure Active directory account you created).
To do that, go to the Azure Management portal - if you are already logged in using a Microsoft Account (formerly LiveID) you will need to log-out first - Then the left hand side of the login page you should see a link that says "Office 365 users: Sign in using your organizational account".
Click on that link, and now log into the Azure portal using your Azure AD Account (myname#mycompany.com). Once you do that, you should see your Windows Azure AD tenant in the Active Directory tab in the portal.