How can we improve Azure Active Directory?

Merge office365 and live accounts that use the same email address

I use both Azure/msdn and office 365
I already had an msdn account mvdl@our-company.com ( Windows Live account) and our company recently migrated to Office 365 which resulted in a mvdl@our-company.com Office365 account.

Wich is causing a lot of grieve when switching between asure web portal / msdn web portal / office 365 web portal

Even when I have no portals open, I cant switch accounts. I need to explicity open the portal that I last logged in to. Log out, and then I can switch accounts.

And having both office 365 portal and Azure portal open at the same time is impossible.

928 votes
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    I agree to the terms of service
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Marco shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →
    started  ·  AdminAzure AD Team (Admin, Microsoft Azure) responded  · 

    Folks,

    Thanks for the questions and suggestions. And apologies for not sharing any update on this thread for so long. We’ve been working on this problem and have announced changes on our official team blog (see here: https://cloudblogs.microsoft.com/enterprisemobility/2016/09/15/cleaning-up-the-azure-ad-and-microsoft-account-overlap/).

    First, we are acutely aware of the UX pain this is causing and we are sorry for this. We are trying to undo a decade and a half of systems divergence. There are literally hundreds of different engineering teams across Microsoft involved in this effort. So this is taking time.

    Second, we can’t easily “merge” two accounts, or allow IT to “take over” personal Microsoft accounts. There are two main hurdles: (1) The terms of service are fundamentally different for the two account types and (2) they are based on different technologies with different stacks (different identifiers, SDKs, token formats, etc.). We’re working to converge the two stacks but again this takes time. There are details of this in the blog post linked above.

    Third, in the past year we’ve worked with 70+ teams across Microsoft that operate business services but only supported MSA for historical reason. Our goal is for all of these apps to support Azure AD (work accounts) as well. As of Nov 2017, we’re about half way there. Dev Center and MSDN subscriptions (now called Visual Studio subscriptions) are example of apps that now support Azure AD. Microsoft Payment Central and Invoicing are a few weeks away. Volume Licensing and many others are in progress and a couple months away.

    The best recommendations we can provide right now are:
    1) Use your work account (in Azure AD) to access any work application that supports it.
    2) If you had created a personal Microsoft account to access Microsoft business apps, and no longer need it, close the account. Or rename it (which means chancing the user id) to avoid confusion.

    Please follow our team blog for future updates on this problem.

    Ariel Gordon

    213 comments

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      I agree to the terms of service
      Signed in as (Sign out)
      Submitting...
      • Chris commented  ·   ·  Flag as inappropriate

        Your recommendation is to rename the account, yet doing this takes 30-days-per-change (It literally took me 3 months to change an email address, security reset-method, and name)! It is unacceptable that we are treated like criminals throughout this whole process, when it was your screwup in the first place. Give us our Skype credits, Give us our Microsoft Office licenses, Give us our MSDN access!

        At the very least use intelligence that if a passport account has the EXACT email address of one of your client O365 tenants, you can safely assume that it is one that you have tangled up in your garbage personal passports which YOU forced us onto 1-8 years ago... and give them a bit of a break when us SysAdmins try to take back control of them. These lockdowns work exactly against your own tip!!

      • Marc D Anderson commented  ·   ·  Flag as inappropriate

        I'm surprised you'd post a link to a blog post from September, 2016 and say "we’ve been working on this problem and have announced changes on our official team blog" about it. Is there no new news since then? You note some info in your second "STARTED" post above, but people are truly struggling with this stuff at every client I have and organization I know of. External sharing is an embarrassing process - not the beautiful experience demoed at places like Ignite. I'd love to be able to point people to a regular set of updates from you guys showing how you're moving the ball down the field.

      • Richard Griffiths commented  ·   ·  Flag as inappropriate

        Anyway to forbid the creation of a personal account if a work account of the same email already exists in your infrastructure?

        And if a personal account exists, creation of a work one triggers an optional process of migration from the personal one. If the user says No to this, don't create the new work one?

        I'm going to try deleting the personal one and force any resources that use it to accept the work one - as they're both the same email - such a bad idea that was :).

      • Neil G. commented  ·   ·  Flag as inappropriate

        typo "- and it does solve the UX, but so far Azure B2B invitations still generate the error".

        Sorry about the two typo's.

      • Neil G. commented  ·   ·  Flag as inappropriate

        Ariel,

        Thank you so much for posting an update.

        I'm not sure if you know but this issue is not just cosmetic/UX.

        Azure AD B2B invitations will not work, and often times SharePoint online external sharing requests to an email address don't work. Oh - and Exchange online Message encryption sometimes has issues too.

        I have just finished suggestion #2 - and it does solve the UX, so far Azure B2B initiations still generate the error
        "Error Message: Multiple users contain this email address"

        Azure B2B specifically addressed in my feedback:
        https://feedback.azure.com/forums/34192--general-feedback/suggestions/15179097-azure-b2b-fails-for-end-user-on-invite-when-liveid

        And also posted in tech community here:
        https://techcommunity.microsoft.com/t5/Azure-Active-Directory-B2B/Help-AzureAD-B2B-Error-Message-Multiple-users-contain-this-email/m-p/132377#M343

        Many old services and most new Azure and O365 services expect there to be only one "username" even when they search both AzureAD and LiveID directories. :(

        Thanks again for updating us!

        -N

      • Ron Pitts commented  ·   ·  Flag as inappropriate

        Hi Ariel,

        Thanks for the update.

        Fully understand the various systems in place so some good work done so far.

        We got stuck the other week when one of our developers used the work account when completing a MS Partner individual account and ended up not receiving the MSDN benefit since previously this only worked with personal accounts (we ended up recreating the account again but as a personal account).

        It would be good to have a status page somewhere which indicates what type of accounts are possible (Work or Personal or both), e.g. MSDN = Personal, VisualStudio.com = Both, etc.

        The other issue is that when a problem arises its very hard to get the correct help from within Microsoft given the size and various teams this problem touches.

        Kind Regards,
        Ron

      • Anonymous commented  ·   ·  Flag as inappropriate

        Oh come on, Microsoft. This is a really really REALLY annoying "feature". Some, myself included, might call it a DEFECT. I only found this thread because one of our admins was trying to come up with a solution for the DEFECT. Unfortunately said admin came back empty-handed.

        When I originally signed up with my corporate email address in order to use the corporate MSDN subscription and stuff like that, all worked fine. However, suddenly when the company signed up for Office 365 my original _work_ account became a "private" account in the eyes of Microsoft. And what's worse, no option to merge them. Not even for IT department, it seems.

        How could this possibly happen? It's a corporate email address! There's no ambiguity about it whatsoever. There wasn't and isn't any intent on my side to mix private and work matters. I have a private MSDN subscription as well, yes, but that's registered on my _actual_ private email address. If it's the same email address offer at the very least the option to merge these accounts if you already go by the far fetched assumption that they ought to be private vs. work.

        And when you think that the mess couldn't get any worse, sysdev.microsoft.com, a site _dedicated_ to corporate partners, you can't even log on with a known email address which is already bound to Office 365. Oh really? So for work matters on a website dedicated to work matters I _have_ to give a private email address (or in other words, an email address unknown to O365). What the heck?

      • Jim commented  ·   ·  Flag as inappropriate

        I just signed up for Exchange Online using my existing live.com account email address and now I can't use that email address for an Exchange account on my Surface Pro 4. I ended up having to use IMAP to access my new Exchange email service.

        Also if I log into live.com with my account the site crashes as it tries to bring up the Outlook.com email site. A fine mess.

      • Ian Beyer commented  ·   ·  Flag as inappropriate

        Ran into this with a customer site just this morning. The entire company has Microsoft accounts for logging into Windows 8, and since doing that, they have implemented O365. Users didn't realize that they had two separate and effectively unrelated Microsoft accounts under the same e-mail address. When receiving invitations to be external users on THEIR clients' Sharepoint sites, sometimes that invite would be accepted while the browser was logged into the Microsoft account instead of their O365 account. Cue the trouble tickets when users can't access internal sharepoint because they're logged into their Microsoft account to access their client's SP site.

        And it happened with my own partner account a few weeks ago. It's utterly absurd that partner accounts are tied to Mirosoft personal accounts, and that Azure credits, MSDN or Action Pack accounts, VLSC accounts, etc, are also still tied to a personal accounts. When redeeming partner usage credits on Azure, I had to create an Azure account under my Microsoft account, redeem the credits, then open a ticket to have the credits moved to my company's O365 based Azure account. That cost me time, it certainly cost Microsoft time and resources. In late 2017, WHY IS THIS STILL A THING?

      • Thomas Wismer commented  ·   ·  Flag as inappropriate

        It is now almost the end of 2017 and I can find no evidence of any real progress with regard to the 2015 promise of working to add support for organizational accounts with MSDN, VLSC, or MS Partner resources described in point 2.

        This is a significant pain point for corporations looking to ensure that resources paid for by the company are secured with corporate not personal identities and I am frankly quite surprised that MS has allowed this situation to continue for so long.

        Could you please:

        Publish a definitive listing of all Microsoft services that are corporate consumable but do not support Work/School accounts and have the program managers responsible for those services provide their best guidance at how they expect enterprises to provision access to resources for corporate consumption using personal Microsoft accounts?

      • Anonymous commented  ·   ·  Flag as inappropriate

        Any advice on how to access my live account? My liveID and office 365 account are the same and all of a sudden I can’t even access my liveID outlook. Shows a message saying something went wrong

      • Diane commented  ·   ·  Flag as inappropriate

        Has Microsoft fixed this situation yet. I have been trying for years now to fix as I have different computers for each account and for some reason, I now can't access office365 on the computer set up with my old Microsoft account.

      ← Previous 1 3 4 5 10 11

      Feedback and Knowledge Base