Azure Portal access for identical Microsoft and Organisational Accounts after federation.

Published on
Reading time
Authors

People are making the right choice of federating their Office 365-created Azure Active Directory with their Azure subscriptions thus allowing their users to login into Office 365, Azure and other Microsoft services using the same set of credentials. This also provides a centralised place to manage all user accounts.

In some cases, however, organisations have previously mandated that staff create Microsoft Accounts (formerly Live ID) that match their corporate email addresses so they can easily identify those users in their Azure subscription or other services such as Visual Studio Online.

As I previously blogged on PAL licenses and Office 365, you will start to have login challenges once you start exposing your Azure AD and (typically) using ADFS because the Microsoft Account login service stops being authoritative and users will be automatically redirected to your ADFS login page based on the email address they enter.

The following workaround is suggested if you need to unblock someone in this scenario:

  1. Make sure the user is logged out of all accounts (Office 365 and Microsoft)
  2. They then navigate to https://manage.windowsazure.com/
  3. When prompted put in a valid Microsoft Account login (say, jsmith7787@live.com).  This redirects the user to the Microsoft Account login page.
  4. Enter the Microsoft Account actually required (i.e.johnsmith@example.com) and password and login.

This scenario doesn't currently apply on the Office 365 login page because you can choose to swap the login type you are using by clicking on the "Sign in with a Microsoft account" link.

You should be looking migrating away from Microsoft Accounts that use organisational email addresses and instead start investing in converting users to Azure AD. This will certainly be the case with the current changes happening with Visual Studio Online.