Cannot connect Azure DevOps organization to Azure Active Directory

Question

I have created an Azure DevOps organization. I have created it with my outlook account. I want to connect it to Azure Active Directory (AAD), Default Directory, on my Azure portal. I am using the free account on Azure portal which allows me to have one subscription. The AAD directory is shown below:

I want to connect my Azure DevOps organization to Azure Active Directory. I am using the same user in Azure portal and Azure DevOps. I have basically created both by the same account. I am following the instruction at this link to connect Azure DevOps organization to Azure AD. I emphasize that in my case both are created by the same email. However, in Azure DevOps Organization settings, by clicking on "connect directory" under "Azure Active Directory", I get an error that: "User myuser@outlook.com is a guest in the target AAD tenant Default Directory. The current organization policy does not allow guest users to access the organization. Change the policy setting to allow external guest access and try again."

This is what I see at organization settings in DevOps:

This is the error when I try to connect it to AAD:

When I check my user in Azure Active Directory I can see it has global admin role, and is a member, not guest! It is after all the user by which I have created this account and all the resources: (It is the user on the second row:)

As mentioned earlier, this user has global administrator role:

I also tried changing my policies at AAD side to be able to connect my DevOps project to AAD, but again it fails. This is how the policies are:

I basically don't know what else I should do to connect DevOps to AAD. Any help is appreciated.

Answer 1

A solution that doesn't require creating a new Azure DevOps organization

Due to the fact that all solutions suggest creating a new organization - which is not always possible, for example due to the requirement of using a new name - my solution doesn't require creating a new organization.

1. Go to the Azure Active Directory service in your directory and create a new user.
2. Add the newly created user to the Azure DevOps organization (the email might look like tempadmin@myorg.onmicrosoft.com).
3. Log in with this user (tempadmin@myorg.onmicrosoft.com) in incognito mode in your web browser to the Azure DevOps organization.
4. Go back to your Azure Devops organization (logged using Microsoft Account) and transfer ownership of the organization to the newly created user (tempadmin@myorg.onmicrosoft.com).
5. Remove unnecessary users (optional).
6. At this point, you can link the organization with Azure Active Directory.

Once the organization is linked to Azure Active Directory, you can change the organization's owner and remove the temporary account from the organization and AD (tempadmin@myorg.onmicrosoft.com).

Answer 2

Switch to right Directory when creating new organization in devops:

Answer 3

Click on the link and Change the Microsoft Directory To Default Directory. This solves the issue.

Answer 4

I actually read the answer many times but still did not understand. After spending a lot of time I realized after deleting my organization when we are on dev.azure.com when we login we need to select the right directory in the popp-up.

Answer 5

When you log in to Azure DevOps, it logs in with Microsoft Directory.

You need to switch the tenant to your default directory

Then you would be able to link your Azure AD tenant to your Azure DevOps Organization