Share via

Unable to access Azure tenant

Kazi Ariful Haq 0 Reputation points
2025-07-11T00:02:41.4533333+00:00

I have loose access of 'Global Administrator' Role in my account. Please suggest me how to get it back.

Login email- [******@outlook.com]

tenantId  = 260058db-695e-4c0a-9129-9605357f7bff

I had 3 subscriptions in this tenant named 'Production', 'Dev' and 'Test'.

Accidentally in that account I tried to convert my entra login from external to internal. After that I was not able to see my subscriptions

and my PAAS services that I created before. 

I am getting below error while I try to do anything in that account-

 Error: Request Id: c8952360-1457-4c06-a58b-90774d4d1100 Correlation Id: ce918dca-3c80-451c-a408-1c72b24d9180 Timestamp: 2025-07-09T03:20:08Z Message: AADSTS50020: User account '[******@outlook.com]' from identity provider '[live.com]' does not exist in tenant 'Default Directory' and cannot access the application '04b07795-8ddb-461a-bbee-02f9e1bf7b46'(Microsoft Azure CLI) in that tenant. The account needs to be added as an external user in the tenant first. Sign out and sign in again with a different Azure Active Directory user account. 

I have also attached the error with this email.

Microsoft Security | Microsoft Entra | Microsoft Entra External ID
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Pradnya Parab 0 Reputation points
    2025-07-11T07:20:39.15+00:00

    Hello Kazi Ariful Haq,

    You converted your Entra ID user ([outlook.com]) from external to internal, but this likely broke the user object link in Azure AD (now Entra ID). As a result:

    Your original account (******@outlook.com) is no longer recognized as a valid user in the tenant (260058db-695e-4c0a-9129-9605357f7bff).

    You lost visibility of your subscriptions (Prod, Dev, Test).

    Your account is not a Global Administrator anymore, and is now orphaned.

    The error you're seeing:

    AADSTS50020: User account ‘[outlook.com]’ from identity provider ‘live.com’ does not exist in tenant...

    This usually means:

    Your Microsoft Account (MSA) is no longer linked to the tenant.

    Azure considers you an external identity without guest access.

    Step-by-Step Recovery Strategy:

    Option 1: Use Another Global Administrator Account

    Do you have access to any other Global Admin in the tenant?

    If yes:

    Log in as that user.

    Re-invite your @outlook.com user as a Guest to the tenant.

    Promote the account again to Global Administrator.

    Optionally, assign RBAC access to the subscriptions again.

    If no (you were the only admin), go to Option 2.

    Option 2: Microsoft Support – Ownership Recovery

    Since you've lost Global Admin and cannot access subscriptions:

    🔹 Submit a Microsoft Support Request

    Microsoft provides a Tenant Recovery / Global Admin Reinstatement process for exactly this scenario.

    Here’s how to trigger it:

    1. Go to: https://aka.ms/AzureTenantAccess

    Use your Microsoft Account ([outlook.com]) to log in.

    Select:

    "I can’t access my tenant anymore"

      Choose **"I lost access to all Global Administrator accounts"**
  
     Provide:
     
           Your **Tenant ID**: `260058db-695e-4c0a-9129-9605357f7bff`
           
                 **Previous Subscriptions**: 'Production', 'Dev', 'Test'
                 
                       Your Entra ID login and details
                       
                             Exact error message (AADSTS50020)
    1. Microsoft will validate ownership of the domain + billing + services and may reinstate access.You converted your Entra ID user ([outlook.com]) from external to internal, but this likely broke the user object link in Azure AD (now Entra ID). As a result:
      • Your original account (******@outlook.com) is no longer recognized as a valid user in the tenant (260058db-695e-4c0a-9129-9605357f7bff).
      • You lost visibility of your subscriptions (Prod, Dev, Test).
      • Your account is not a Global Administrator anymore, and is now orphaned.
      • The error you're seeing:

        AADSTS50020: User account ‘[outlook.com]’ from identity provider ‘live.com’ does not exist in tenant...

      This usually means:
      • Your Microsoft Account (MSA) is no longer linked to the tenant.
      • Azure considers you an external identity without guest access.
      Step-by-Step Recovery Strategy Option 1: Use Another Global Administrator Account Do you have access to any other Global Admin in the tenant? If yes:
      • Log in as that user.
      • Re-invite your @outlook.com user as a Guest to the tenant.
      • Promote the account again to Global Administrator.
      • Optionally, assign RBAC access to the subscriptions again.
      If no (you were the only admin), go to Option 2. Option 2: Microsoft Support – Ownership Recovery Since you've lost Global Admin and cannot access subscriptions: 🔹 Submit a Microsoft Support Request Microsoft provides a Tenant Recovery / Global Admin Reinstatement process for exactly this scenario. Here’s how to trigger it:
      1. Go to:
        https://aka.ms/AzureTenantAccess
      2. Use your Microsoft Account ([outlook.com]) to log in.
      3. Select:
        • "I can’t access my tenant anymore"
        • Choose "I lost access to all Global Administrator accounts"
        • Provide:
        • Your Tenant ID: 260058db-695e-4c0a-9129-9605357f7bff
        • Previous Subscriptions: 'Production', 'Dev', 'Test'
        • Your Entra ID login and details
        • Exact error message (AADSTS50020)
      4. Microsoft will validate ownership of the domain + billing + services and may reinstate access.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.