Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community
Cleaning up the #AzureAD and Microsoft account overlap
Published Sep 07 2018 08:22 AM 165K Views
First published on CloudBlogs on Sep, 15 2016
Howdy folks, We receive pretty regular feedback about how the split between our cloud identity systems — work/school accounts in Azure Active Directory and personally owned Microsoft accounts (formerly known as "Live ID" accounts) - can make for some pretty confusing user experiences. In particular, we know many of you have pretty strong feelings about this one particular screen:

Some of the recurring feedback we're hearing:
  1. Developers want to know how to build apps that support both account types.
  2. IT Pro want to know if it's ok to ask employees to create Microsoft accounts using their work email addresses or to bulk provision accounts for them.
  3. Users and employees want to know why they have two accounts with the same email address?
All of these issues are the result of Microsoft having two giant cloud scale identity systems built by different parts of the company. Luckily we've combined those teams and together we are hard at work address these issues. Releasing our new combined Microsoft Authenticator apps for iOS and Android back in August was the first major deliverable from those efforts. This post shares the details of the next set of work we've done to address this confusion. It's written by Ariel Gordon, the PM in my team who's driving the work to converge sign-in/sign-up experiences between our two identity systems. As always, we would love to receive any feedback or suggestions you have! Best regards, Alex Simons (Twitter: @Alex_A_Simons ) Director of Program Management Microsoft Identity Division ----------- Hi everyone, If you follow this blog you know we're doing a lot of work behind the scenes to build a converged identity service that will bring together Azure AD and Microsoft account. It's a complex area and lots of work remains to be done. Today I'd like to tell you about some of the steps we've taken this week to address the overlap between our consumer and enterprise identity systems.

What do we mean by overlap?

Many users have two or more accounts with Microsoft. A personally-owned Microsoft account (formerly known as Live ID) used to access Skype, Office or OneDrive; and an organizational account (in Azure AD) used to access business services such as Office 365 or Power BI. We know from our telemetry data that just over 4M people have a personal Microsoft account with a work/school email address as a username. Why? Our research shows four main drivers:
  1. Some users prefer to use their work email to sign up for everything, out of convenience. This could be Microsoft apps or services, Amazon, eBay, etc.
  2. A handful of Microsoft business services, like MSDN, don't support Azure AD yet and require the use of personal Microsoft accounts
  3. IT departments are asking employees to create personal Microsoft accounts with their work email addresses, or in some rare cases bulk-create these accounts for the employees.
  4. Some students were given a personal Microsoft account when their school switched from the old live@edu program to Office 365.
And when these users' organization has an Azure AD tenant, they may have two Microsoft identities with the same email address.

Why this is bad

Whatever the cause, having a personal Microsoft account with a work address as a username is fraught with issues for end-users and IT departments alike. For example:
  • Users might think that their personal Microsoft account is business-compliant and that they're in compliance when they save business document to their OneDrive
  • Users who leave an organization generally lose access to their work email address. When they do, they may not be able to back into their personal Microsoft account if they forget their password. The flip side is that their IT department could reset their password and get into the personal account of former employees.
  • IT departments have a false sense of account ownership and security. But users only need to roundtrip a code to their work email address once, and can rename their account at any time in the future.
The situation is particularly confusing for users who have two accounts with the same email address (one in Azure AD & one Microsoft account). For example, they are often confronted with this message:

Based on these learnings we've decided to make an important change to how Microsoft account are created.

Blocking Microsoft account sign-up with work email address

Starting today, we're blocking the ability to create a new personal Microsoft account using a work/school email address, when the email domain is configured in Azure AD. What does this mean? If your organization uses Office 365 or other business services from Microsoft that rely on Azure AD, and if you've added a domain name to your Azure AD tenant, users will no longer be able to create a new personal Microsoft account using an email address in your domain. This sign-up block has been running in limited Preview for a hand full of organizations and is now active for all domains names that are configured (DNS-verified) in Azure AD. No action is necessary to enable the block.

What does experience look like?

If you try to sign up for a Microsoft consumer app with a work or school email address, you'll see the message below.

However, if you try to sign up for a Microsoft app that supports personal and work/school accounts , you should see the message below:

To reiterate, this logic will only trigger for an email address in a domain that's registered in an Azure AD tenant. If you don't get one of the error messages above, it means that the app you're signing up for or the domain name of your email are part of an exception list.

Short term exceptions

Unfortunately, there's still a small number of Microsoft business services that don't support Azure AD. The good news is that we're making good progress. For example, Windows Dev Center finished their integration last winter and now supports both personal Microsoft accounts and Azure AD accounts. We're working with other teams such as MSDN and Brand Central to help them add support for Azure AD. Based on feedback we received during the preview, we will not block the ability to use a work email address to sign up for these business services. This is a short-term compromise that's consistent with our main goal of preventing accidental use of work/school email address to sign up for personal Microsoft account.

What about existing accounts?

The sign-up block described here only prevents the creation of new accounts. It has no impact on users who already have a Microsoft account with a work email address. If you are already in this situation, we've made making it easier to rename a personal Microsoft account. This support article provides simple step-by-step guidance. Renaming your personal Microsoft account means changing the username, and does not impact your work email or how you sign in to business services such as Office 365. It also doesn't impact your personal stuff—it just changes the way you sign in to it. You can use another (personal) email address, get a new @outlook.com email address from Microsoft, or use your phone number as a new username. Note: if your IT department asked you to create a personal Microsoft account with your work/school email, for example to access Microsoft business services like Premier Support, then talk to your admin team before renaming your account.

Conclusion and recommendations

These changes are part of bigger investments we're making to converge our identity systems. We'll share more details later this year. If you're an IT pro , do not bulk create personal Microsoft accounts for your employees. We've helped many customers through hard usability and security problems because they had done this. If you're configuring Windows devices for your employees, you should take advantage of the self-service set up and automatic MDM enrollment we've built into Windows 10 using Azure AD. If you're an IT pro , don't ask your employees to create personal Microsoft accounts with their work email address. It creates confusion about who owns the associated content and resources. We understand that there are still a few Microsoft services that require creating personal accounts with a work email address, and as mentioned above we're working hard to address this and have short-term exceptions in place. If you're an end user who has created a personal Microsoft account using your work email at of convenience, please consider renaming your account . If you're an app developer , you should probably support both personal and work accounts from Microsoft. Check out this post to learn more about the work we're going to converge our identity stack s. As always, keep the feedback coming and let us know about other issues and scenarios you'd like us to address. Thanks Ariel Gordon (Twitter: @askariel ) Principal Program Manager Microsoft Identity Division
35 Comments
Copper Contributor

It is mentioned that using a work email address to sign up for services like MSDN will not be blocked.

So how do you go about signing up for these then? Because everytime we try the message is given that you can't use a work email address to sign up.

Copper Contributor

I second the post above. I understand what Microsoft is trying to do here, but I don't think that all systems are ready for it yet. I just had a tech come to me and said the he couldn't create a Microsoft Account for a client that we sell Office Perpetual license to that you have to register with a Microsoft Account. The site won't let you use a Work Account and it won't let us setup a Microsoft Account for them. So... what do we have to do... Go and create an Outlook.com account and forward the emails.

 

This is not acceptable in my book. 

Copper Contributor

I have several customers who's employees have somehow setup a microsoft personal account with their work email address.  It's causing all kinds of problems with MS apps like outlook and onedrive etc.  I'm trying to figure out how this is happening, because none of them have any idea how or recollection of doing so. .  I know that a new Windows 10 machine will try to push you into a microsoft account, however for all these employees I look at their MS account and see no devices attached to it.  Any ideas? 

Steel Contributor

It wouls be great to be able to get a report to see which users in your Office 365 tenant actually have a personal account with their work email. They probably experience all kinds of confusion so would be great to get this report so we can reach out to them and help them with their situation.

Copper Contributor

OK, this story about live.com and AD side being separate doesn't seem to be entirely accurate anymore? I just changed my identity on account.live.com (the "personal" side?) to a secondary mail address. Unfortunately, this ALSO changed my primary identity on account.azure.com. If this is (now?) the same identity behind the scenes -- why not show them as one customer identity (billing????) on the front side?? Wow, this is my third attempt at onboarding my SMB on Microsoft but I will give up in disgust again. PLEASE fix your identity management mess. 

If the user has already accepted the invitation and is unable to login to PartnerCenter, the account may be linked to a personal account:

 

To resolve the issue, the user will need to rename the personal account (if there are no concerns). There is also a need to clean the up the accounts in the backend. The user will need to be removed from Partner Center and the Azure portal and re-invited to the engagements.

 

See below for the steps shared with user x@y.com:

 

              1) Admin user to login to PC account->Users

                                           a. https://partner.microsoft.com/en-us/dashboard/account/usermanagement

              2) Remove user (x@y.com) by clicking on the remove link

              3) Invite user to PartnerCenter

                                           a. Admin user to login to PC account->Users->Add new user

                                           b. Select invite users and enter x@y.com

                                           c. Grant additional permissions(Collaborate->Manager)

                                           d. Submit

              4) If they see the error “User already exists”

                                           a. Global admin user to login to http://portal.azure.com->AAD->Users

                                           b. Remove user (x@y.com) from the AAD tenant

                                           c. The Global admin needs to delete this user completely.

                                           d. Invite user from Partner Center (go to step #3).

 

When the user accepts the invitation sent to x@y.com. The user will be added to PartnerCenter and also will be added to the AAD tenant (z.onmicrosoft.com).

 

Note, the above instructions will need to be updated for specific users.

Copper Contributor

I would love to understand how you use NLA with AAD if the local machine is not domain joined.  It seems like in the Microsoft account case, it is easy out of the box - ie, if the remote machine has NLA turned on, is not AAD domain joined and has the Microsoft account added to it and that account is in either administrator or remote desktop users group, then it can accept a connection from that account from a local computer where the user enters those credentials to connect.

 

In AAD, this use case is soul crushing - at least for me.  Here is my example:  

I have added Guest user from don.quixote@windmill.com (which is an AAD tenant)  to the AAD tenant holygrail.com   

I have made don.quixote@windmill.com a global admin on holygrail.com

 

So, on the one hand, Windows 10 tells you how unsecure turning of NLA is - but if I turn it on, then unless the local machine is also domain joined, I am unable to connected to a remote machine that is AAD joined from a local machine that is not with NLA on - but would greatly appreciate any help with the specific procedural documentation as to how the local and remote machines need to be configured to enable this use case. 

 

Thanks.

Can AAD tenant holygrail.com  guest user don.quixote@windmill.com log into a Windows 10 machine which is joined to holygrail.com as guest user don.quixote@windmill.com  ?

 

because this use case does not work for me so would appreciate either no this doesn't work in Windows 10 and despite the terabytes of documentation on Azure B2B, it isnt referring to this core feature that is soul crushing me or ….Yes and here is the procedure other than what I have done above.... much appreciated.

 

I understand that it is possible that the functionality you see with Microsoft accounts and Windows 10 is more complicated when trying to accomplish that with AAD - not sure, because there is almost ZERO documentation out there that hints at this issue - but for example, when you add a Microsoft account to a machine - it shows up everywhere a local account does in terms of being a "user" you can add to groups, etc.  but an AAD account doesn't work that way - you need to add it to groups via command line and again, only when the machine is domain joined and you can only add "users" of the AAD tenant, not guest users of an AAD tenant to an AAD domain joined machine - at least that is my experience.

Microsoft

 

 

 

Copper Contributor

You've made a huge mistake by assuming that someone that pays for Office 365 email is using it only for work. Some of us use it for personal email.

 

I've used my personal email address for Microsoft account for many, many years, and a couple years ago I also subscribed to O365 for email.  Logging in has been weird, but not because I had to choose an account type, but because the MSFT account insists on showing an outlook.com address for everything, which I wish I didn't have in the first place.  I was trying to set my real email address as the primary address for MSFT account, but wasn't a choice.  I decided to try removing and re-adding it, but now I cannot do that because the address is associated with my O365 subscription.

 

I really regret removing my personal, real email address from my MSFT account because I will not be checking the outlook.com email account and now I will miss any important emails.

 

Frankly this was the worst way to try to fix an existing problem, especially when some of us never considered it to be a problem in the first place.

 

Update: To further complicate things, I can't add *any* email address at the domain I use for my personal email.  I know it will make me sound like one of those crazy guys that rants at the internet, but this is stupid.  Incredibly frustrated.

Copper Contributor

Just for the records, this is really giving some issues for those of us running with our own domain on both the microsoft account and in Azure AD.

Copper Contributor

How am I suppose to buy things from the Microsoft store app store or other wise or use phone sync or browser sync? It seems like the are a lot of core services that get blocked out from the users that are paying the most money to Microsoft. I don't understand why this is so hard to link two accounts and block the use of email and OneDrive on the Microsoft account. 

Copper Contributor

Thank you very much exactly what I'm investigating and your Article speak out of my soul :) 

Copper Contributor

So for what I understand: if a domain is ever used to been registered to a Microsoft service none other domain users can use that domain to register an new Microsoft account.

So if you ISP registered: yourisp.com at a Microsoft service.

And that ISP hands out e-mail addresses like costumor1@yourisp.com and costumor2@yourisp.com

Those costumers can't use their e-mail addresses for registration for a Microsoft account because of that.

 

That's just f*cked up.

So in the Netherlands we have ISP's like ziggo.nl and xs4all.nl I tried to create a Microsoft account with the handed out e-mail address bij that ISP and it would let me. So I needed to create an account with outlook.com or hotmail.com.

For older people this is very confusing. Sick.

Copper Contributor

I call this being "Microshafted". Been using MS products professionally since 1993 and they have ALWAYS been like this.

... You should have seen the hoops I had to jump through to post this comment :)

Copper Contributor

I was actually able to make a "Microsoft Account" with my 365 account a few months back. I don't know if I just got lucky that day but hopefully Microsoft has come to their senses.  

Copper Contributor

I apologize if this question was asked earlier. There are too many comments to follow at this point.

Can you or will you be able to combine you person and work Microsoft accounts together into one account?

I only want to use the work account and created a personal account on my work account on accident. I would delete the personal account but it has windows 10 licenses that I purchased as well as other info i would need migrated to my work account.

 

Thanks

Copper Contributor

@KRKHiram 

 

You can log onto you private account and simply give it a new e-mail address, and after you have done that, you can make it the primary, and remove your workaccount.

 

That way you can still have an account for you licenses and will not be "bound" to the same address as your work account.

 

https://support.microsoft.com/en-us/help/12407/microsoft-account-change-email-phone-number
scroll down and expand the "I want to use a different email address or phone number to sign in"  section, there it will guide you to how :) 

 

Copper Contributor

I get this message every time I used my laptop: Activate Window go to setting but I can not activate it 

Copper Contributor

This decision is now forcing me to get rid of Office 365 Online for Business. 

I have... for some time been running my own mail servers for my own and friends domains, all of us are semi-professional, in that... our domains are intended to define US online and not a business, so the inability to use "personal" services on a business account has now come to a head as things like Windows 10 require personal account registration. Family members now want to play games on Xbox for example. I'm sure there was a reason for this decision, but ultimately when i complain about these issues on User Voice which is where i always get sent they don't get the kind of attention they need to be resolved. Which is a shame because i otherwise love the exchange online product for its general simplicity at low level and power to do much greater things. All of which become pointless if this is the only mail server out there, that actively locks my ability to choose which services i can sign up for with my personal email address because you think I'm a business. you've locked yourself out of an entire use case which i cant imagine will do anything but grow over the years.

 

Copper Contributor

I have to join the others complaining here. I have a private domain with several accounts here at microsoft.

All but one account have a private account. Now I can't add a private account to for that person.

 

I will NEVER, EVER EVER use Outlook.com. Yuck! You could just as well have a free gmail account.

 

What is the easiest / best solution?  Migrate away from exchange online!

If microsoft thinks they should be able force people to a specific method of doing things, they don't deserve our business.

Copper Contributor

So how should one go about setting up a personal email address in their paid Outlook.com account? The instructions are to buy a domain from GoDaddy.com. GoDaddy.com insists that you buy an email address from them, which in turn opens up another Office 365 account. Now I cannot link my GoDaddy email address with my outlook.com email account (either as a personal address or IMAP), and the MS support folks I've spoken with so far along with the GoDaddy support folks can't seem to find the solution.

 

I feel like this personal email address paid service should come with instructions, or it shouldn't be advertised if it just plain doesn't work.

 

And if anyone has a link to a solution, please let me know. Thanks!

Copper Contributor

Wow Microsoft! You just turned a complete and utter clusterf**ked situation with multiple directories and limitations for which Microsoft applications MUST use specific directories into an even worse situation by locking out your customers. It's not YOUR problem to deal with if users use a work email address. It's theirs or their company's problem. You didn't need to do this lockout. You just screwed all of your customers over (again). Good job!

Copper Contributor

Well, this thread highlights the issue that I have been having the last few months with my TEAMS account free which I set up using my work email account!  

 

When covid19 started, I set up a trial account of TEAMS free using the outlook.com email address that i use for personal emails, and sent invitations to all of my work colleagues work email addresses asking them to register for personal microsoft.com accounts in order to gain access.  I sent one to my work email address too, and set up a personal microsoft.com account.

 

It all worked pretty well until a few months ago when I was no longer able to log in to the TEAMS free account using my work email address.  I assume that this may be because I had been subscribing to various Office 365 plans under my work tenant which was connected to my work email address.  Or maybe because I have a ONEDRIVE FOR BUSINESS account tied to my work email address, which I guess would have connected my work email address to Azure AD, in addition to Microsoft Account.

 

I have been planning to migrate my SMB office (50 persons) to Office 365 and the paid TEAMS account, and was hoping that our employees would be able to log in to both the TEAMS fee account, and the TEAMS paid account at the same time by selecting WORK OR SCHOOL account or PERSONAL account at log in, and then copy and paste any existing files or wikis or whatever between them, but am afraid this would not be possible.  

 

What to do!

Copper Contributor

Hi,

 

I have been using Microsoft Office 365 for years now!

 

Please someone guide me how to create a new microsoft personal account with my work email address?

 

Will be grateful to someone who comes on board and helps me

 

Many Thanks,

Mayur

 

Copper Contributor

I have this issue: I've had a personal MS account for a while -Skype actually, but turned into MS. It's tied to my personal email (Gmail).

I just created an Azure account, and somehow it's considered to be part of my former employer's Azure account. It's quite a mess. The only reason why that can be, is that for convenience, I must have joined a Teams meeting for my employer, while being logged-in with my own account (because I only had my personal account, and didn't bother to create a professional one for this sole use, for a one-shot meeting).

Now, how do I get out of this cluster**bleep**? Having my Azure stuff mixed up with my former job's really makes my first steps into Azure an unpleasant experience. Any hints as to how to solve that would be much appreciated!

Copper Contributor

This is the wrong solution to the right problem:

  • The intended effect is to hide the issue, which is never a good approach.
  • It doesn't even completely hide the issue: if you create an AAD tenant for a domain people already have their personal account on, they will still get duplicate addresses.
  • Now many people are locked out (see other comments).
Copper Contributor

My domain on m365 is a vanity domain, it is not a business, and never will be. I'm its only user and that's highly unlikely to change. I have one mailbox configured, and it's set up as a catch-all for the domain.

Every service I sign up for I do with service-name@domain - but I couldn't do this with Microsoft. I didn't even want to use the same value before the @ as is the name of my domain's one user, but the whole domain was blacklisted. The current solution is far too heavy-handed. 

I ended up logging a Microsoft case, and asked the following:

  1. If I had changed my Microsoft account address to microsoft@domain before adding the domain to m365, would it have worked as I want it to?
    • Answer: Yes
  2. If the answer to my previous question is yes - how long after deleting my m365 tenant would I have to wait before I could set the address on my Microsoft account, then bring my domain back on to m365? Because as incredibly dumb a solution as that sounds, I am genuinely considering that course of action.
    • Answer: You can just delete the domain from the tenant - you don't have to delete the whole tenant. Also the answer depends on how many users, how many groups, and various other factors tied to the number of references to the domain.

In my case I had another mail provider (Google) that I was able to point the domain at for a short time, so that was easy. It took me only a few hours to redirect my mail to Google, remove the domain from m365, change my personal Microsoft account address, add the domain back to m365, and direct my mail back to m365 (though I think I was somewhat of a best-case scenario for those timeframes).

  • I was not alerted that an address on my domain was already in use for a personal Microsoft account when re-adding the domain
  • I have not been prompted to change the address on my personal Microsoft account
  • Because the usernames do not clash (microsoft@domain and user@domain) I do not get the "which account do you want to use?" prompt.

Basically this now works exactly the way I wanted it to... it just should not have been nearly this complicated to reach this point.

Copper Contributor

It has been 6 years since the original publication of this article and this is still an issue. I cannot sign in to a new Windows 11 Home laptop with any email address that is hosted on O365.

 

Some staff members use their O365 email address for everything, they're unable to sign in to their own new personal laptops as Win 11 Home requires a Microsoft account, but they can't sign up for a Microsoft account because Microsoft can't get their act together after over half a decade.

 

It's really embarassing.

Steel Contributor

@eug_k to be honest, I don't even think this is on their roadmap. Their thought with Windows 10 Home is for Home (Personal) usage, not work. I suggest you look into providing your work users with a Microsoft 365 license that also adds a version of Windows 10 that enables them to sign into the device with their Work account if that is a requirement you have.

Copper Contributor

@Jonas Back Thanks for the reply! They're not using the Windows 10 Home device for work, they want to use the laptop at home for personal home use. They use one email address for everything, and it's hosted on O365.

 

As a result they cannot use a Windows 11 Home computer. 

Absolutely no domain or cloud features whatsoever are needed. A local account like what was possible on Windows 10 and every previous version before that is all that is needed. 

 

Right now as a workaround I have to create a dummy MS account just to get past that requirement, then add a local account. It's an added hassle with Win 11 that's just not needed. 

 

I suggest you look into providing your work users with a Microsoft 365 license that also adds a version of Windows 10 that enables them to sign into the device with their Work account if that is a requirement you have.

Is there a 365 licence that allows an O365 email address to sign in to a Windows 10/11 Home device? Or do I have to buy a Windows 10/11 Pro licence just so I can login to a laptop that has no need for any Pro features whatsoever?

 

The original behaviour where the user is asked if an email address is work/personal is a terrible user experience, but at least that would allow a user to use the same email address to login to a Windows 11 Home device. 

Copper Contributor

omfg how can this not be solved. I decided to dive into 365 on all levels, I have set up Teams and Sharepoint Sites for my small business and I am certain my old hotmail account - which I used when I first set up this laptop -- before I set up the Microsoft business account -- is now the culprit for one huge hot mess.  Neither I nor my IT guy can sort it.  Microsoft owes me so many hours of my time and dollars spent with consultants trying to figure it out.

 

I feel "Microshafted" indeed. 

 

Is there even a solution yet?  

 

Jane

Copper Contributor

there is no solution to this, they outright don't care. 


Unless your specific problem is that you want move entirely to business for your domain, in which case they can..i believe disable the consumer microsoft account that exists on that email to fix your issue.

 

Want to have a custom domain on exchange? yeah.. you'll need an outlook.com email address completely separate to register your windows license to, you cant use if for Xbox or anything else considered "for public"... got a problem with this!? sure they'll bounce you round 12 departments who all claim you need to talk to a different one... support is fundamentally broken. After a year of trying to explain the issue and being told to go to user voice, I emailed Sayta Nadella, whoever moderates that email account forwarded me to a complaints exec... who .. essentially told me not to use their business service... so i moved off the platform that day.

 

Learnt the hard way to stay away from microsoft products... they used to be decent, it used to be that only in development circles you would find difficulties because it was always "follow the shiny thing". I don't know what went wrong, but now support is the same, they dont give you options, they decide the microsoft way to do it, and if you happen to have a common case that doesnt quite fit in their narrow solution you have to just find a workaround. dissapointing to say the least. fortunately they have nothing there isnt an alternative for now that Steam Deck exists.

 

an extermely bitter former user.

Copper Contributor

The whole Teams thing is confusing and frustrating. can't get into it using my own email because 'I don't have permission" need to talk to the IT guy. (me btw) etc. Then there's the personal vs work. Just try to remove your email address from an organization. Good luck.

Copper Contributor

Hello Everyone. My organization also has issues with inviting guest users now. Seems it is related to this article. We are inviting some guest users with different domain to our tenant but when they receive the invitation they always getting the error-"This username may be incorrect. Make sure you typed it correctly. Otherwise, contact your admin."

What could be the solution in this scenario as all the external collaboration settings from Microsoft Entra ID is correct and all domains are allowed.

Please let me know solution for it as slowly slowly this count is increasing.

Copper Contributor

I remember i had some issues with this in the past, but it seemed to be resolved. Now recently i try to get into Azure DevOps and use ms learn. It seems some  services associated with it like the devops demo generator. e.g. still point me to a "microsoft Account" Directory, which it should't  as i use only my azure home directory for everything within Azure. This messes up some configuration steps in azuredevops, like mentioned azure demo generator or even pipeline creation when connection to github. this is a major pain in the **bleep** and only workaround so far is signing out and in on all azure services and hoping it associates to the right directory.

maybe someone has a better solution.

Version history
Last update:
‎Jul 24 2020 02:03 AM
Updated by: