Microsoft Security | Microsoft Entra | Microsoft Entra ID
A cloud-based identity and access management service for securing user authentication and resource access
I tried all of these already I need an escalation
Personal Microsoft Account Stuck in Ghost Azure AD Tenant
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(182.40000000000003, 48%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMS%3C/text%3E%3C/svg%3E)
molayos shre
0
Reputation points
My personal Microsoft account is stuck in a ghost Azure AD tenant from a former employer. I cannot access the Organizations page or Azure Portal to leave the directory.
I receive errors such as:
“You can’t sign in here with a personal account”
AADSTS50058 silent sign-in failure
Directory blades returning 404
Forced work-account login loops
This is an MSA/AAD account collision.
Need help to remove the shadow work identity associated with my personal Microsoft account so it is no longer bound to the old Azure AD tenant.
{
"sessionId": "09506c045dd140258caf5db49db56247",
"errors": [
{
"errorMessage": "interaction_required: AADSTS16000: User account '{EUII Hidden}' from identity provider 'live.com' does not exist in tenant 'Microsoft Services' and cannot access the application 'e6694c91-1590-4e35-9bb7-b865c638b9c1'(Microsoft_Azure_SupportPortalExtension) in that tenant. The account needs to be added as an external user in the tenant first. Sign out and sign in again with a different Azure Active Directory user account. Trace ID: 2fa96e88-f177-4dd4-b54b-e020d8720400 Correlation ID: dd0d52fb-36a6-4fac-86fb-48941daaa113 Timestamp: 2026-06-04 21:15:08Z",
"clientId": "e6694c91-1590-4e35-9bb7-b865c638b9c1",
"scopes": [
"959678cf-d004-4c22-82a6-d2ce549a58b8/.default"
]
{
"errorMessage": "interaction_required: AADSTS16000: User account '{EUII Hidden}' from identity provider 'live.com' does not exist in tenant 'Microsoft Services' and cannot access the application 'e6694c91-1590-4e35-9bb7-b865c638b9c1'(Microsoft_Azure_SupportPortalExtension) in that tenant. The account needs to be added as an external user in the tenant first. Sign out and sign in again with a different Azure Active Directory user account. Trace ID: 2fa96e88-f177-4dd4-b54b-e020d8720400 Correlation ID: dd0d52fb-36a6-4fac-86fb-48941daaa113 Timestamp: 2026-06-04 21:15:08Z",
"clientId": "e6694c91-1590-4e35-9bb7-b865c638b9c1",
"scopes": [
"959678cf-d004-4c22-82a6-d2ce549a58b8/.default"
]
},
{
"errorMessage": "interaction_required: AADSTS16000: User account '{EUII Hidden}' from identity provider 'live.com' does not exist in tenant 'Microsoft Services' and cannot access the application 'e6694c91-1590-4e35-9bb7-b865c638b9c1'(Microsoft_Azure_SupportPortalExtension) in that tenant. The account needs to be added as an external user in the tenant first. Sign out and sign in again with a different Azure Active Directory user account. Trace ID: 2fa96e88-f177-4dd4-b54b-e020d8720400 Correlation ID: dd0d52fb-36a6-4fac-86fb-48941daaa113 Timestamp: 2026-06-04 21:15:08Z",
"clientId": "e6694c91-1590-4e35-9bb7-b865c638b9c1",
"scopes": [
"959678cf-d004-4c22-82a6-d2ce549a58b8/.default"
]
},
{
"errorMessage": "interaction_required: AADSTS16000: User account '{EUII Hidden}' from identity provider 'live.com' does not exist in tenant 'Microsoft Services' and cannot access the application 'e6694c91-1590-4e35-9bb7-b865c638b9c1'(Microsoft_Azure_SupportPortalExtension) in that tenant. The account needs to be added as an external user in the tenant first. Sign out and sign in again with a different Azure Active Directory user account. Trace ID: 2fa96e88-f177-4dd4-b54b-e020d8720400 Correlation ID: dd0d52fb-36a6-4fac-86fb-48941daaa113 Timestamp: 2026-06-04 21:15:08Z",
"clientId": "e6694c91-1590-4e35-9bb7-b865c638b9c1",
"scopes": [
"959678cf-d004-4c22-82a6-d2ce549a58b8/.default"
]
},
{
"errorMessage": "interaction_required: AADSTS16000: User account '{EUII Hidden}' from identity provider 'live.com' does not exist in tenant 'Microsoft Services' and cannot access the application 'e6694c91-1590-4e35-9bb7-b865c638b9c1'(Microsoft_Azure_SupportPortalExtension) in that tenant. The account needs to be added as an external user in the tenant first. Sign out and sign in again with a different Azure Active Directory user account. Trace ID: 2fa96e88-f177-4dd4-b54b-e020d8720400 Correlation ID: dd0d52fb-36a6-4fac-86fb-48941daaa113 Timestamp: 2026-06-04 21:15:08Z",
"clientId": "e6694c91-1590-4e35-9bb7-b865c638b9c1",
"scopes": [
"959678cf-d004-4c22-82a6-d2ce549a58b8/.default"
]
},
{
"errorMessage": "interaction_required: AADSTS16000: User account '{EUII Hidden}' from identity provider 'live.com' does not exist in tenant 'Microsoft Services' and cannot access the application 'e6694c91-1590-4e35-9bb7-b865c638b9c1'(Microsoft_Azure_SupportPortalExtension) in that tenant. The account needs to be added as an external user in the tenant first. Sign out and sign in again with a different Azure Active Directory user account. Trace ID: 2fa96e88-f177-4dd4-b54b-e020d8720400 Correlation ID: dd0d52fb-36a6-4fac-86fb-48941daaa113 Timestamp: 2026-06-04 21:15:08Z",
"clientId": "e6694c91-1590-4e35-9bb7-b865c638b9c1",
"scopes": [
"959678cf-d004-4c22-82a6-d2ce549a58b8/.default"
]
}
]
}
Microsoft Security | Microsoft Entra | Microsoft Entra ID
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(201.6, 99%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ER%3C/text%3E%3C/svg%3E)
Rukmini 41,995 Reputation points Microsoft External Staff Moderator2026-06-04T21:39:30.89+00:00 Hello @molayos shre
Based on your description, it appears that you have created a Microsoft personal account, not an Azure work or school account. This is why you’re encountering errors when trying to access the Azure Portal.
Issue: When users try to login to Azure portal using their personal Microsoft Account (Outlook, Hotmail..) they are getting AADSTS160021 or AADSTS16000 or AADSTS50020 errors.
Reason: When signing in to the Azure portal with a personal Microsoft account, you are automatically connected to the Microsoft Services tenant (Tenant ID:
f8cdef31-a31e-4b4a-93e4-5f571e91255a).You can verify this by navigating to Microsoft Entra ID > Overview, where you’ll see this Tenant ID.
This default tenant does not have a directory associated with it, which you can confirm by going to the Settings blade. As a result, you cannot perform administrative actions such as:
- Creating users or groups
- Registering enterprise applications
- Managing resources
In short, it’s a system tenant with restricted capabilities, and administrative access is not granted by default.
Solution: To fully utilize the Azure portal, you need to create your own tenant instead of relying on the Microsoft Services tenant.
Follow these steps:
- Open an in-private/incognito browser window (to avoid automatic sign-in via SSO).
- Navigate to https://azure.microsoft.com/en-us/free/ to sign up for a free Azure account.
- During the setup, you’ll be prompted to create a new directory (tenant). Once completed, you will become the Global Administrator of this new tenant, giving you full access to manage Azure resources.
Let me know if you need help with the sign-up process or configuring your new tenant.
If you already have an existing tenant and still unable login, please share your email address over private message which used to login into Azure Portal.
Sign in to comment
2 answers
Sort by: Most helpful
-
AI answer
2026-06-04T21:26:42.81+00:00 The errors indicate a collision between a personal Microsoft account (MSA from
live.com) and work/school identities, plus cached sign-ins that keep trying to use the wrong identity and tenant.From the provided context, only the following supported actions are available:
- Clear cached sign-ins and force re‑selection of identity
- Fully sign out of Azure DevOps / Microsoft identity:
- Close all browser windows.
- Open a new InPrivate/Incognito window.
- Browse to
https://aka.ms/vssignout. - Wait for the “Sign out in progress” page to complete and redirect.
- Then sign in again and, when prompted, explicitly choose the other identity type (if previously using “Work or school account”, choose “Personal Microsoft account”, or vice versa). This addresses the case where the same sign‑in address exists as both an MSA and a work/school account and the wrong one is being used.
- Fully sign out of Azure DevOps / Microsoft identity:
- Understand and respect the separation between MSA and work/school accounts
- Personal Microsoft accounts and work/school accounts are separate and not synchronized. If the sign‑in page detects that the entered address is associated with a work/school account for a given service, it will only allow sign‑in to that service with the appropriate account type. If the selected identity does not have access, sign‑in fails even if the email address string is the same.
- When a domain is configured in Microsoft Entra ID (for example, by a former employer), new personal Microsoft accounts cannot be created using that work/school email address. Existing collisions (same address used for both MSA and Entra ID) are a known source of confusion.
- If the issue is with signing in to a specific portal (My Apps / My Account)
- For work or school account access to My Apps, verify the correct tenant URL is used and that the account is indeed a work/school account. If a personal Microsoft account is used, and the portal expects a work/school account, sign‑in will fail.
- If the problem is specifically with a personal Microsoft account sign‑in (MSA), use the Microsoft account sign‑in helper and general MSA sign‑in troubleshooting guidance.
- If the account is a personal Microsoft account and tenant/organization membership is blocking actions (like closing the account)
- The context shows similar cases where a personal Microsoft account appears to be tied to an organization/tenant but the user cannot see or leave it. In those cases, resolution required working with the appropriate Microsoft support channel for personal accounts (for example, Outlook / Microsoft account support), not Azure support.
- For issues involving hacked or blocked personal accounts, or where tenant membership cannot be self‑managed, the recommended path is to:
- Use the official Microsoft account recovery and sign‑in helper tools.
- If those do not resolve the issue, contact Microsoft Support via the consumer support channel (for Outlook/Microsoft account) and clearly describe that the personal Microsoft account is blocked by an organization/tenant link that cannot be managed from the user side.
- If the sign‑in address exists as both MSA and work/school account
- When signing into services that support both account types, always choose the correct identity type on the picker dialog.
- If one identity type does not have access to a given service (for example, Azure DevOps organization, Azure portal, or a specific tenant), sign out fully and retry with the other identity as described in step 1.
Because the context does not provide a self‑service method to remove a “shadow” or “ghost” work identity from a personal Microsoft account or to force a tenant unlink, the only supported remediation path in such collision/ghost‑tenant scenarios is:
- Clear cached sign‑ins and explicitly choose the correct identity type, and
- Escalate through the appropriate Microsoft consumer account support channel (Outlook/Microsoft account) when tenant linkage cannot be managed by the user.
References:
- Organization FAQs
- What's the difference between a Microsoft account and a work or school account?
- Troubleshooting suggestions for signing in to Visual Studio subscriptions
- Troubleshoot problems with the My Apps portal
- I can't sign in to my Microsoft account
- Manage organizations for a work or school account in the My Account portal
- Personal Microsoft account cannot be closed due to organization link (Error AADSTS5000225) - Microsoft Q&A
- Struggling to delete my personal Microsoft account - Microsoft Q&A
- I have no other Azure AD account, I cannot add myself as an external user from within the tenant. - Microsoft Q&A
- How do I send an email to Microsoft about my account being hacked and taken over by <removed> ? - Microsoft Q&A
- My account got hacked. - Microsoft Q&A
- Services Hub sign in FAQs
AI-generated content may be incorrect. Read our transparency notes for more information. - Clear cached sign-ins and force re‑selection of identity