Azure SQL Database
An Azure relational database service.
5,773 questions
How to fix "Selected user account does not exist in tenant 'Microsoft Services'" when using Microsoft Entra to access Azure SQL Server?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(19.2, 53%, 11%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERM%3C/text%3E%3C/svg%3E)
Ryan M
0
Reputation points
I'm encountering the following error when trying to access my Azure SQL Server using Microsoft Entra:
Selected user account does not exist in tenant 'Microsoft Services' and cannot access the application '04b07795-8ddb-461a-bbee-02f9e1bf7b46' in that tenant. The account needs to be added as an external user in the tenant first. Please use a different account.
The process I've followed looks like this:
- I create an Azure SQL Server with Microsoft Entra Authentication Only selected.
- I set myself as the Microsoft Entra Admin.
- I wait for the database server and database instance to initialize.
- I run a Python script on my machine that accesses the new Azure SQL database, creates some tables and imports data from a local database. On this step, the Azure login page appears and I select my account to log in with. The error above is displayed.
I've looked in "Manage Tenants" in Microsoft Entra ID, but the Microsoft Services tenant doesn't appear. I have no idea how to fix this issue.
{count} votes
-
Deepanshukatara-6769 10,455 Reputation points2024-11-07T17:47:15.7333333+00:00 Hello Ryan, Welcome to MS Q&A
To resolve the error 'Selected user account does not exist in tenant' when accessing Azure SQL Server using Microsoft Entra, ensure that the user account you are trying to use is correctly configured in the Azure Active Directory (AAD) tenant associated with your Azure SQL Server.
Here are some steps you can follow:
- Verify User Existence: Confirm that the user account exists in the Azure AD tenant. You can check this in the Azure portal under Azure Active Directory > Users.
- Check Tenant Configuration: Ensure that the Azure SQL Server is associated with the correct Azure AD tenant where the user account is registered.
- Service Principal Authentication: If you are using a service principal, ensure that it is correctly set up and has the necessary permissions to access the Azure SQL Database.
- Conditional Access Policies: Review any Conditional Access policies that may be preventing the user from authenticating. Adjust these policies if necessary to allow access.
- Role Assignments: Make sure that the user has been assigned the appropriate roles in Azure SQL Database to perform the actions you are attempting.
If you continue to face issues, consider looking into the specific error messages returned by Azure SQL, as they can provide further insights into what might be wrong.
References:
- Microsoft Entra service principals with Azure SQL
- Configure and manage Microsoft Entra authentication with Azure SQL
Kindly check and let us know if any further questions
Thanks
Deepanshu
-
Deepanshukatara-6769 10,455 Reputation points
2024-11-08T06:28:48.49+00:00 Following up to see if the provided answer was helpful. If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.
-
Ryan M 0 Reputation points
2024-11-08T19:45:00.23+00:00 Hi Deepanshu, thank you for your reply.
The tenant in question, called "Microsoft Services', is not a tenant under my control. I'm not sure what it is. I only see one tenant in my Microsoft Entra and that is the Default Directory. My user account does exist in this tenant, but that's not the tenant it's looking in for some reason.
I have no conditional access policies in the database, and as far as role assignments go, I am the owner.
I've been unable to find instructions on how you can associate an SQL server with a specific tenant. Can you help me with that? Thank you!
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(166.4, 27%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERP%3C/text%3E%3C/svg%3E)
Raja Pothuraju 8,095 Reputation points Microsoft Vendor2024-11-11T13:23:44.5733333+00:00 Hello @Ryan M,
Thank you for posting your query on Microsoft Q&A.
Typically, "Microsoft Services" appears when you're using a personal account (such as Gmail, Hotmail, or MSN) to authenticate to Azure resources, where your users may have been added as guest accounts in the tenant.
Could you please confirm whether you're using a personal account or a work/school account to authenticate with Azure SQL Server?
If you're using a personal account, try directing the authentication to your tenant by modifying the token URL in your Python script to:
https://login.microsoftonline.com/<Replace your tenant_ID>.Please check these steps, and let me know if the issue persists.
Additionally, if the affected users try to log into the Azure Portal or Office portal, do they encounter the same error message?
Thanks,
Raja Pothuraju. -
Raja Pothuraju 8,095 Reputation points Microsoft Vendor
2024-11-12T12:52:04.81+00:00 Hello @Ryan M,
Following up to see if the below suggestion was helpful. And, if you have any further query do let us know.
Sign in to comment
Sign in to answer