Forum Discussion
Can't setup MFA on Azure personal account
I'm unable to use the az cli with a personal account because of MFA requirements.
I have a free trial of Azure which I'm using for some basic testing. I'd like to deploy some Bicep from az cli, when I do I get:
AADSTS50076: Due to a configuration change made by your administrator, or because you moved to a new location, you must use multi-factor authentication to access 'subscription GUID'.
The docs say to go to Per-user multifactor authentication and enable MFA.
I did this, but I can't set it up. Trying to login to https://aka.ms/MFASetup gives:
You can't sign in here with a personal account. Use your work or school account instead.
My personal account is the only user on the tenant. There is no other account I can use and I'm prevented from setting up MFA on it.
3 Replies
Hi, personal Microsoft accounts and Entra work/school accounts behave differently with MFA setup, which is why aka.ms/MFASetup may reject a personal account. For Azure CLI, I would try az login --use-device-code first and confirm whether the tenant actually has a work/school account associated with it. If the subscription is tied only to a personal account, some Entra MFA management pages simply will not apply the way the docs describe
- Aqeel-KhadimTin Contributor
LouisT Azure personal accounts (MSA) can't use MFA setup via https://aka.ms/MFASetup, this portal only supports work/school (Azure AD) accounts. To resolve AADSTS50076 for CLI access, you must switch to an Azure AD tenant.
The MFA setup portal (https://aka.ms/MFASetup,) only works for Azure AD accounts, not Microsoft personal accounts (MSA) like @outlook.com, @hotmail.com, etc. Since you're using a personal account with a free trial, you're likely in a Microsoft Account (MSA) tenant, which lacks full Azure AD capabilities.
You can’t enable MFA for a personal Microsoft account (e.g. @outlook.com, hotmail.com) in the same way you do for an Azure AD “work or school” account. The https://aka.ms/MFASetup portal only works for organizational tenants. For personal accounts, MFA is managed through Microsoft Account security settings, not Azure AD. To use az cli with MFA enforced on your free trial tenant, you’ll need to either:
- Create an Azure AD tenant with a work/school account (recommended), or
- Switch to device code authentication in az cli, which bypasses the MFA setup portal and works with personal accounts.