How can we improve Azure Active Directory?

Merge office365 and live accounts that use the same email address

I use both Azure/msdn and office 365
I already had an msdn account mvdl@our-company.com ( Windows Live account) and our company recently migrated to Office 365 which resulted in a mvdl@our-company.com Office365 account.

Wich is causing a lot of grieve when switching between asure web portal / msdn web portal / office 365 web portal

Even when I have no portals open, I cant switch accounts. I need to explicity open the portal that I last logged in to. Log out, and then I can switch accounts.

And having both office 365 portal and Azure portal open at the same time is impossible.

976 votes
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Marco shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →
    started  ·  AdminAzure AD Team (Admin, Microsoft Azure) responded  · 

    Folks,

    Thanks for the questions and suggestions. And apologies for not sharing any update on this thread for so long. We’ve been working on this problem and have announced changes on our official team blog (see here: https://cloudblogs.microsoft.com/enterprisemobility/2016/09/15/cleaning-up-the-azure-ad-and-microsoft-account-overlap/).

    First, we are acutely aware of the UX pain this is causing and we are sorry for this. We are trying to undo a decade and a half of systems divergence. There are literally hundreds of different engineering teams across Microsoft involved in this effort. So this is taking time.

    Second, we can’t easily “merge” two accounts, or allow IT to “take over” personal Microsoft accounts. There are two main hurdles: (1) The terms of service are fundamentally different for the two account types and (2) they are based on different technologies with different stacks (different identifiers, SDKs, token formats, etc.). We’re working to converge the two stacks but again this takes time. There are details of this in the blog post linked above.

    Third, in the past year we’ve worked with 70+ teams across Microsoft that operate business services but only supported MSA for historical reason. Our goal is for all of these apps to support Azure AD (work accounts) as well. As of Nov 2017, we’re about half way there. Dev Center and MSDN subscriptions (now called Visual Studio subscriptions) are example of apps that now support Azure AD. Microsoft Payment Central and Invoicing are a few weeks away. Volume Licensing and many others are in progress and a couple months away.

    The best recommendations we can provide right now are:
    1) Use your work account (in Azure AD) to access any work application that supports it.
    2) If you had created a personal Microsoft account to access Microsoft business apps, and no longer need it, close the account. Or rename it (which means chancing the user id) to avoid confusion.

    Please follow our team blog for future updates on this problem.

    Ariel Gordon

    220 comments

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)
      Submitting...
      • Sam DM commented  ·   ·  Flag as inappropriate

        Please permit me a simple question: How do I "discover" which AAD instance has created a work account for me?

        I get the dreaded "It looks like ***@***.com is used with more than one account ..." dialog when signing-in, but we do not have an AAD instance associated with our domain, which means some other domain added my personal account into their AAD system and know I need to figure out how to get me removed.

        IOW ... I cannot follow the "rename personal account" use-case, I just want to leave whatever AAD implementation has hijacked me.

        Thank you.

      • Richard Griffiths commented  ·   ·  Flag as inappropriate

        Right now I have this problem: my work email somehow has personal and a work version.

        We never intended to do this at all. Many resources are setup on the personal account for reasons I do not understand.

        I seriously need to lose the personal one with it's own password and have everything on the work one.

        1) Why is these even possible?
        2) How on earth can I kill this very useless feature and keep the stuff we've paid for on the work account only?

        It's causing a LOT of time cost. Right now I'm writing because I cannot access Azure thanks to this very nasty defect.

        Please give us a mechanism that allows accounts with the same email address to be merged - assuming the user has both passwords/credentials to hand.

        This would definitely fix my problem.

        Thank you.

      • Anonymous commented  ·   ·  Flag as inappropriate

        When my accounts synct together. I had emails today from 2014. . I just want my dead husbands pics. Out of the f..m cloud.

      • Anonymous commented  ·   ·  Flag as inappropriate

        Here is the deal! I have same 2accounts for about 12 yrs or better. I have gmail and outlook. They said don't. Worry the would sync togethey, I think they meant sink.

      • WW commented  ·   ·  Flag as inappropriate

        Back again to say your "solution" is absolutely ridiculous. My password just stopped working while trying to log into Windows and MS Support CHANGED THE EMAIL ADDRESS TO MY MICROSOFT ACCOUNT. They assigned my backup email for my Microsoft Account as my sign in credential because it somehow conflicted with my Office 365 ID. I am having a hard time believing this is going on 5 years later. It is quite silly to honest.

      • Chris commented  ·   ·  Flag as inappropriate

        Your recommendation is to rename the account, yet doing this takes 30-days-per-change (It literally took me 3 months to change an email address, security reset-method, and name)! It is unacceptable that we are treated like criminals throughout this whole process, when it was your screwup in the first place. Give us our Skype credits, Give us our Microsoft Office licenses, Give us our MSDN access!

        At the very least use intelligence that if a passport account has the EXACT email address of one of your client O365 tenants, you can safely assume that it is one that you have tangled up in your garbage personal passports which YOU forced us onto 1-8 years ago... and give them a bit of a break when us SysAdmins try to take back control of them. These lockdowns work exactly against your own tip!!

      • Marc D Anderson commented  ·   ·  Flag as inappropriate

        I'm surprised you'd post a link to a blog post from September, 2016 and say "we’ve been working on this problem and have announced changes on our official team blog" about it. Is there no new news since then? You note some info in your second "STARTED" post above, but people are truly struggling with this stuff at every client I have and organization I know of. External sharing is an embarrassing process - not the beautiful experience demoed at places like Ignite. I'd love to be able to point people to a regular set of updates from you guys showing how you're moving the ball down the field.

      • Richard Griffiths commented  ·   ·  Flag as inappropriate

        Anyway to forbid the creation of a personal account if a work account of the same email already exists in your infrastructure?

        And if a personal account exists, creation of a work one triggers an optional process of migration from the personal one. If the user says No to this, don't create the new work one?

        I'm going to try deleting the personal one and force any resources that use it to accept the work one - as they're both the same email - such a bad idea that was :).

      • Neil G. commented  ·   ·  Flag as inappropriate

        typo "- and it does solve the UX, but so far Azure B2B invitations still generate the error".

        Sorry about the two typo's.

      • Neil G. commented  ·   ·  Flag as inappropriate

        Ariel,

        Thank you so much for posting an update.

        I'm not sure if you know but this issue is not just cosmetic/UX.

        Azure AD B2B invitations will not work, and often times SharePoint online external sharing requests to an email address don't work. Oh - and Exchange online Message encryption sometimes has issues too.

        I have just finished suggestion #2 - and it does solve the UX, so far Azure B2B initiations still generate the error
        "Error Message: Multiple users contain this email address"

        Azure B2B specifically addressed in my feedback:
        https://feedback.azure.com/forums/34192--general-feedback/suggestions/15179097-azure-b2b-fails-for-end-user-on-invite-when-liveid

        And also posted in tech community here:
        https://techcommunity.microsoft.com/t5/Azure-Active-Directory-B2B/Help-AzureAD-B2B-Error-Message-Multiple-users-contain-this-email/m-p/132377#M343

        Many old services and most new Azure and O365 services expect there to be only one "username" even when they search both AzureAD and LiveID directories. :(

        Thanks again for updating us!

        -N

      • Ron Pitts commented  ·   ·  Flag as inappropriate

        Hi Ariel,

        Thanks for the update.

        Fully understand the various systems in place so some good work done so far.

        We got stuck the other week when one of our developers used the work account when completing a MS Partner individual account and ended up not receiving the MSDN benefit since previously this only worked with personal accounts (we ended up recreating the account again but as a personal account).

        It would be good to have a status page somewhere which indicates what type of accounts are possible (Work or Personal or both), e.g. MSDN = Personal, VisualStudio.com = Both, etc.

        The other issue is that when a problem arises its very hard to get the correct help from within Microsoft given the size and various teams this problem touches.

        Kind Regards,
        Ron

      • Anonymous commented  ·   ·  Flag as inappropriate

        Oh come on, Microsoft. This is a really really REALLY annoying "feature". Some, myself included, might call it a DEFECT. I only found this thread because one of our admins was trying to come up with a solution for the DEFECT. Unfortunately said admin came back empty-handed.

        When I originally signed up with my corporate email address in order to use the corporate MSDN subscription and stuff like that, all worked fine. However, suddenly when the company signed up for Office 365 my original _work_ account became a "private" account in the eyes of Microsoft. And what's worse, no option to merge them. Not even for IT department, it seems.

        How could this possibly happen? It's a corporate email address! There's no ambiguity about it whatsoever. There wasn't and isn't any intent on my side to mix private and work matters. I have a private MSDN subscription as well, yes, but that's registered on my _actual_ private email address. If it's the same email address offer at the very least the option to merge these accounts if you already go by the far fetched assumption that they ought to be private vs. work.

        And when you think that the mess couldn't get any worse, sysdev.microsoft.com, a site _dedicated_ to corporate partners, you can't even log on with a known email address which is already bound to Office 365. Oh really? So for work matters on a website dedicated to work matters I _have_ to give a private email address (or in other words, an email address unknown to O365). What the heck?

      • Jim commented  ·   ·  Flag as inappropriate

        I just signed up for Exchange Online using my existing live.com account email address and now I can't use that email address for an Exchange account on my Surface Pro 4. I ended up having to use IMAP to access my new Exchange email service.

        Also if I log into live.com with my account the site crashes as it tries to bring up the Outlook.com email site. A fine mess.

      ← Previous 1 3 4 5 10 11

      Feedback and Knowledge Base