Skip to content

Tenanted Passthrough Is Going to be Disabled for Azure PowerShell #26885

Open
@msJinLei

Description

@msJinLei

Annoucement

To enhance security, Azure PowerShell is going to block users from other organizations or personal Microsoft accounts (consumers) from signing in with Azure PowerShell to tenants where they aren't invited as guests.

Note

This change affects all Azure PowerShell versions.

If you attempt to sign in to a tenant where you aren't invited as a guest, you see the following error message in your web browser:

Selected user account does not exist in tenant '$YourTenantName' and cannot access the application '00000000-0000-0000-0000-000000000000(Microsoft Azure PowerShell)' in that tenant. The account needs to be added as an external user in the tenant first. Please use a different account.

To sign in to a tenant, ensure the user is either:

  • A member of the tenant
  • A guest invited to the tenant

Check whether you are the member of a tenant

If your username is [email protected] and the tenant ID is $tenantId, run the following commands:

Connect-AzAccount -AccountId [email protected]
Get-AzTenant

When you retrieve the list of tenants, determine if $tenantId is included. If not, or if the list is empty, contact the tenant administrator to request an invitation.

Invite a guest member

As a tenant member, you can invite a guest member . The guest user receives an email invitation to join the tenant. Once the invitation is accepted, they're added as a guest user and gain access to the tenant's resources.

Please leave a comment if your use case are blocked by the changes and we will provide the proposal to unblock it.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions