Azure Active Directory – Solving “Access denied” issue

Gabriel Pineiro
2018-08-14T14:51:37-03:00By |
June 19, 2017


  •  you are using a Live account to enter into your Azure subscription
  •  you need to do something that makes you need to use Azure Active Directory (for example, continuous deployment with VSTS)
  • when you try to access your Azure Active Directory, you get an “Access denied” error… what? access denied from my OWN subscription?


What happen is this: when you log in with a Live account for the first time, Azure added your user as of type “Guest” in the default Active Diretoctory.

And what you need to do, is to give these user a userType=member.

But guess what? You can not do that from the Azure Portal, you need to do it from Azure Powershell.


So to fix this, open a powershell console, and type:


enter your credentials. Then, you need to find what is the “UserPrincipalName” of the user that you are trying to add access. For that, type:


The result should be a list of users. Look for the needed user, should be something like:

After this, you are ready for the magic:

Set-MsolUser -UserPrincipalName -UserType Member

And violà.

My subscription needed a while to replicate this change against the Azure servers, so you should be patient 🙂