- you are using a Live account to enter into your Azure subscription
- you need to do something that makes you need to use Azure Active Directory (for example, continuous deployment with VSTS)
- when you try to access your Azure Active Directory, you get an “Access denied” error… what? access denied from my OWN subscription?
What happen is this: when you log in with a Live account for the first time, Azure added your user as of type “Guest” in the default Active Diretoctory.
And what you need to do, is to give these user a userType=member.
But guess what? You can not do that from the Azure Portal, you need to do it from Azure Powershell.
So to fix this, open a powershell console, and type:
enter your credentials. Then, you need to find what is the “UserPrincipalName” of the user that you are trying to add access. For that, type:
The result should be a list of users. Look for the needed user, should be something like:
After this, you are ready for the magic:
Set-MsolUser -UserPrincipalName whateveraccount.com#EXTfirstname.lastname@example.org -UserType Member
My subscription needed a while to replicate this change against the Azure servers, so you should be patient 🙂