This weekend I wanted to create a new App in Azure so I could help a local nonprofit automate one of their donor relations processes via email through Office 365.
So I tried registering an app by visiting the App Registration Portal. I signed in to my personal Microsoft account, clicked ‘New registration’, then was greeted by this page:
I thought that was a bit strange, since I shouldn’t have any restrictions… but then I noticed it listed [redacted] School
as the reason I couldn’t do this.
Then I noticed under my username / account info, it had my personal email, but it showed me as being a member of ‘[redacted] School’.
I guess somehow they threw me into their system, so surely there’s a way for me to sign out of that back into my personal account, right?
Wrong.
First I tried going to the My Account portal, as suggested on the support page Manage organizations for a work or school account in the My Account portal. I entered my username and got:
Okay… well this is weird. And yes, this is my personal account. It was created when I transitioned my Xbox LIVE account to a Microsoft account on 2014-03-07 (the LIVE account was created back in 2006, and neither it nor my Microsoft account were ever joined to any other domains).
So I clicked my username and saw it is listing my daughter’s school under my account email:
I saw a handy ‘Switch directory’ link so I clicked that.
Unfortunately, there’s only one directory listed… “[redacted] School.” So I can’t change directories.
Searching around, I also found the URL https://account.activedirectory.windowsazure.com/, so I went there and tried logging in… but got:
So at this point I didn’t know what else to do. It’s a weekend, so I probably won’t get ahold of the school’s IT person who could help on their end.
Somehow, the school ‘adopted’ my personal Microsoft account, and now I can’t do anything in Azure with it. At least my Xbox Live account and Windows licenses are still working—but could the school revoke that access too?
I have no clue how I got in this pickle. I certainly don’t remember receiving an email saying:
Dear Jeff Geerling, are you okay with [redacted] School taking over control of your Microsoft account and not allowing you to do anything in Azure anymore?
So how did it happen? And is there any way I’ll be able to regain control of my own account again?
And the bigger question: does this mean it’s possible for any org on Office 365 to forcibly adopt users on the platform who log in with their personal accounts?
I’ll update this post if I can figure out a way to regain control of my personal Microsoft account again. I also posted about it on Twitter, and there are others who mention similar stories of woe.
Hopefully [redacted] School
can help here. But they shouldn’t be able to do what they did in the first place—Microsoft Azure’s insane Active Directory behavior isn’t their fault!
Update: Following @NeilTheMann’s advice on Twitter, I went to https://myapps.microsoft.com and logged in there. Then I clicked on my ‘JG’ account info, and at the bottom of that profile pane, it had a link to ‘Manage organizations’. On that page, I see:
I clicked ‘Leave’, then got this nice scary warning page:
I’m assuming “deletion of your data” only includes any information that might be associated with the school… hopefully not the rest of my Microsoft account!
Now if I visit ‘Manage organizations’ I get an error:
…and now if I try doing anything in Azure I get this warning:
And my account now shows “RESTRICTED TENANT”:
So I think I just screwed myself out of even minimal access to Microsoft Azure.
🤷♂️
This experience certainly doesn’t recommend Microsoft Azure.
Update 2: It gets better. Now I can’t even log into myapps.microsoft.com:
However… I am now able to Register an Application in my personal account—though every page on Azure gives me this big ugly error message:
The rabbit hole goes deeper still…
Leave A Comment