Software development start-up: Signing into Microsoft services
We are a start-up software company with around 15 developers. We are almost entirely using Microsoft's technology stack.
A problem that we have at this point is the confusion between signing into Microsoft's online services.
Each developer has two accounts: an Office 365 account and a Windows Live account. The Live account is created from the Office 365 account's email address. So, essentially, we have one email address but two accounts (and thus two passwords).
When logging into an online service, we are often greeted with the following:
For many, this becomes a hit and miss with their various passwords until access is granted. From what I understand:
- Work or school account: An Office 365 account OR an account set up in Active Directory?
- Microsoft account: A Windows Live account?
Next, can Azure Active Directory help us in any way here?
Are we able to somehow unify our accounts so to have a "single sign-in" for Microsoft's online services?
EDIT:
Further comments on Dushyant Gill answer below.
If we don't need to register our Office365 accounts as Live accounts, then how would I typically add a user to the Azure Active Directory?
When creating a new user, I only have three options:
I guess the last option would be the correct approach if we wanted to move away from Live accounts. I want to add a user to my Azure AD from my Office365 AD?
When I try to do this, I get the following error:
Do I have to link the directories somehow?
davenewza, yes you can take action to improve the experience here (it won't be simple - but given the number of users in you company - it shouldn't be that difficult)
First, your company already has an Azure Active Directory - it is the directory behind your Office 365 subscription. Azure AD authenticates your company's users when they sign in to Office 365 services.
Second, you should use your Azure AD accounts (work or school account) to signup and access other Microsoft services that are meant for businesses: Microsoft Azure, Visual Studio Online, Microsoft Dynamics etc. The disambiguation screen that you see (pasted in your question) only shows up when you're signing in to a service that supports both Azure AD as well as Live accounts. So, move your Azure and other business services subscriptions to use Azure AD accounts and as a thumb rule - your companies users will always select the 'work or school account' option (if ever they see that screen).
Finally, let's get rid of that screen altogether: do you really need the live accounts to run your business? (what Microsoft services are you using that need live accounts?) If none, great - once you've moved your subscriptions to Azure AD accounts - get rid of the live accounts. If you indeed need them - change their emails (add an _live suffix to them) - you as it is have two password - different user names will reduce confusion.
Note that the second step will require you to call Microsoft support (or file online tickets) to move subscriptions for some services - however the risk of downtime is low because you already have Azure AD accounts - you might need to reconfigure permissions once the subscriptions are migrated.
I am with the Azure AD team - get in touch with me if you're stuck - contact me on http://www.dushyantgill.com
Best of luck.
ps: we are working to improve this experience - such that folks like you don't end up in this position in the first place. Stay tuned.
- Cannot add data to a ComplexField using Python SDK for Azure AI Search
- letsencrypt cert request failing for AKS ingress
- Playwright Test execution on Azure Windows machine fails in pipeline with error as No test found, It works perfectly with same command
- How to Combining PowerShell Output from multiple server to Single csv
- How can I find all Azure app registrations with API permissions to a specific app registration?
- Azure Deployment Groups vs Agent Pools
- I cannot extract .sql CREATE TABLEs for each table in my Azure SQL Database in my Azure Repo
- Can not read blobs through BlobContainerClient for blobs with empty folder prefixes
- Are task logs deleted when the node is deleted due to autoscaling in Azure Batch service?
- Azure Function Blob Storage Monitor
- I want to fetch Azure SQL table data from ADF to use as input in copy activity
- How to access code of my Azure website?
- Run JMeter script in AzureDevOps - Bearer Access Token generation
- Azure Function - HTTP trigger request length exceeded
- How and where to define an environment variable on Azure
- Stream Analytics doesn't output the data to SQL but does to a blob storage
- While Hierarchical namespace enabled cannot upload blob with metadata hdi_isfolder
- Cannot log in to Visual Studio Account in VS 2022
- SchemaColumnConvertNotSupportedException: column: [Col_Name], physicalType: INT64, logicalType: string
- create Azure Keyvault secret without exposing values
- Can you create 'User Flows' in Azure with a pay-as-you-go account
- Deploy ARM template at management group scope with Azure DevOps Pipeline
- How to make an azure function that deploys my bicep script from Azure Storage Account
- Basic SQL commands in Terraform
- Can we Deploy Web Application in Azure OpenAI of Production Level
- Get-MgGroupMember by display name instead of userID
- Azure DevOps REST API parent relation link to existing work item error
- What should be put to 'repoOwners' in Managed Identity Federated Credentials policy?
- How to get list of users from CSV file whose LastSignInDate column has a date that is before 90 days from current date or is empty?
- Langchain cannot connect with Azure SQL Database