Azure AD Identity issuer MicrosoftAccount

Question

In our tenant my user has multiple identity issuers. Other users have just one. In case of my user there is an issuer that is the same what other users have and there is an issuer named MicrosoftAccount. In case of the MicrosoftAccount issuer the Sign-in type is federated.

What does this mean? Why it is added to my account? What advantages it has and can I add it for other users too?

Answer 1

Identity Issuer with a value of Multiple states that the user has multiple issuers. You can get the details of the issuers (Identity Issuer) as well as a few other information like Sign-In Type and the Issuer Assigned ID once you click on that "Multiple" hyperlink under the Identity Issuer column.

What I have observe is there is basically three identity issuers.

1. {TennantName}.onmicrosoft.com
2. ExternalAzureAD
3. MicrosoftAccount

• {TennantName}.onmicrosoft.com: we get this identity issuer when we add any member to Azure AD.

• ExternalAzureAD : This identity issuer we get when we federate a user from one tenant to another tenant. Its user type is guest users.

• MicrosoftAccount: This identity user we get when we send invite to any user (any email it could be) and it should be accepting the invitation from user side.

So based on above explanation your account identity issuer is Microsoft Account so you should be guest user and you already accept the invitation.

Suppose If you are not accepting invitation, it should only shows {TennantName}.onmicrosoft.com identity issuer in the portal.

In the above screen shot Rahul Shaw identity issuer was showing only M3XXXX7257.onmicrosoft.com once I have accept inivitation it showing **Microsoft Account** as well.