Azure Active Directory - Solving "Access denied" issue

Symptoms:

you are using a Live account to enter into your Azure subscription
you need to do something that makes you need to use Azure Active Directory (for example, continuous deployment with VSTS)
when you try to access your Azure Active Directory, you get an “Access denied” error… what? access denied from my OWN subscription?

Diagnostic:

What happen is this: when you log in with a Live account for the first time, Azure added your user as of type “Guest” in the default Active Diretoctory.

And what you need to do, is to give these user a userType=member.

But guess what? You can not do that from the Azure Portal, you need to do it from Azure Powershell.

Solution:

So to fix this, open a powershell console, and type:

Login-AzureRmAccount

enter your credentials. Then, you need to find what is the “UserPrincipalName” of the user that you are trying to add access. For that, type:

Get-MsolUser

The result should be a list of users. Look for the needed user, should be something like:

whateveraccount.com#EXT#@whateverdirectory.onmicrosoft.com

After this, you are ready for the magic:

Set-MsolUser -UserPrincipalName whateveraccount.com#EXT#@whateverdirectory.onmicrosoft.com -UserType Member

And violà.

My subscription needed a while to replicate this change against the Azure servers, so you should be patient 🙂

Azure Active Directory – Solving “Access denied” issue

Symptoms:

Diagnostic:

Solution:

SHARE THIS POST

Related Posts

How to build a Hangouts Chat bot for MS Azure DevOps alerts