Share via

How to fix "Selected user account does not exist in tenant 'Microsoft Services'" when using Microsoft Entra to access Azure SQL Server?

Ryan M 0 Reputation points
2024-11-07T16:49:33.31+00:00

I'm encountering the following error when trying to access my Azure SQL Server using Microsoft Entra:

Selected user account does not exist in tenant 'Microsoft Services' and cannot access the application '04b07795-8ddb-461a-bbee-02f9e1bf7b46' in that tenant. The account needs to be added as an external user in the tenant first. Please use a different account.

The process I've followed looks like this:

  1. I create an Azure SQL Server with Microsoft Entra Authentication Only selected.
  2. I set myself as the Microsoft Entra Admin.
  3. I wait for the database server and database instance to initialize.
  4. I run a Python script on my machine that accesses the new Azure SQL database, creates some tables and imports data from a local database. On this step, the Azure login page appears and I select my account to log in with. The error above is displayed.

I've looked in "Manage Tenants" in Microsoft Entra ID, but the Microsoft Services tenant doesn't appear. I have no idea how to fix this issue.

Azure SQL Database
Microsoft Security | Microsoft Entra | Microsoft Entra ID

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Raja Pothuraju 46,350 Reputation points Microsoft External Staff Moderator
    2024-11-11T13:23:44.5733333+00:00

    Hello @Ryan M,

    Thank you for posting your query on Microsoft Q&A.

    Typically, "Microsoft Services" appears when you're using a personal account (such as Gmail, Hotmail, or MSN) to authenticate to Azure resources, where your users may have been added as guest accounts in the tenant.

    Could you please confirm whether you're using a personal account or a work/school account to authenticate with Azure SQL Server?

    If you're using a personal account, try directing the authentication to your tenant by modifying the token URL in your Python script to: https://login.microsoftonline.com/<Replace your tenant_ID>.

    Please check these steps, and let me know if the issue persists.

    Additionally, if the affected users try to log into the Azure Portal or Office portal, do they encounter the same error message?

    Thanks,
    Raja Pothuraju.

    0 comments
  2. Deepanshu katara 18,145 Reputation points MVP Volunteer Moderator
    2024-11-07T17:47:15.7333333+00:00

    Hello Ryan, Welcome to MS Q&A

    To resolve the error 'Selected user account does not exist in tenant' when accessing Azure SQL Server using Microsoft Entra, ensure that the user account you are trying to use is correctly configured in the Azure Active Directory (AAD) tenant associated with your Azure SQL Server.

    Here are some steps you can follow:

    1. Verify User Existence: Confirm that the user account exists in the Azure AD tenant. You can check this in the Azure portal under Azure Active Directory > Users.
    2. Check Tenant Configuration: Ensure that the Azure SQL Server is associated with the correct Azure AD tenant where the user account is registered.
    3. Service Principal Authentication: If you are using a service principal, ensure that it is correctly set up and has the necessary permissions to access the Azure SQL Database.
    4. Conditional Access Policies: Review any Conditional Access policies that may be preventing the user from authenticating. Adjust these policies if necessary to allow access.
    5. Role Assignments: Make sure that the user has been assigned the appropriate roles in Azure SQL Database to perform the actions you are attempting.

    If you continue to face issues, consider looking into the specific error messages returned by Azure SQL, as they can provide further insights into what might be wrong.

    References:

    Kindly check and let us know if any further questions

    Thanks

    Deepanshu

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.