It looks like [email] is used with more than one account. Which account do you want to use?
- Work or school account
- Personal account
I get this prompt every time I try to log into Azure with my work email. If I choose the work account (the most intuitive option) my azure subscription list is empty. I have to log out and select the other option.
Why is there a difference and why isn't this transparent? I am authenticated, you know who I am, give me access to the things I'm authorized for. I don't know what kind of weird backend situation MS has, but asking me to understand it is terrible UX.
Back in the days MS used to allow you to create a "Microsoft Account" (MSA) using any email, including an email that's already associated with Azure Active Directory (AAD work or school account).
This was a mistake and has been patched. But it looks like an MSA was created using the same email as your AAD before the fix.
Thus, from MS's perspective, there are two distinct accounts under the same email, hence the UX. It's really quite a mess, and yes the situation is weird. We're working on it make it better.
that is just a microcosm of how bad the situation is. I dont think microsoft fully understands how impossible it is to have a conversation with a lay person using microsofts correct terms. "no not skype, what you want is skype for business (a completely different unrelated product), then you want to access a folder in your microsoft office 365 group team site document library (no not teams, thats different) through the onedrive client, unless in this case you want to use the sharepoint app, err no the onedrive app, err no the OUTLOOK GROUPS, no not the outlook app, the outlook groups app (not office groups??? why????) app because the sharepoint AND onedrive app dont have that feature. You can access your group team site onedrive files from sharepoint, or outlook groups, or onedrive, but if you use the teams app you can only see the files stored in channels, which are the same as folders in your onedrive/sharepointteamsitedocumentlibrary except they are also chat rooms in teams. If you want to scan something you need officelens or onedrive, but not sharepoint or outlook groups because they dont have a scan button nor teams, because that cant upload to groups/channels/subfoldersinteamsitedocumentlibraries, so you need onedrive which has a scan button. once you open onedrive (ios) you need to click sites to get to groups, because groups are in the sites tab, even though no other onedrive interface uses the sites nomenclature, nor is sites often used sans teams. then click the group name, then click documents (because thats the only option unless you make other document libraries. if you make non shared20%documents libraries, they are inaccessable from some clients such as OWA/attachgroupfiles. so dont ever ever make them, but you will still have to click documents ever time you click the group. every time. but if you want to make another document library to partition some large files into a different document library, to prevent accident giant syncs of data, you will need to click sync again. for every document library. on every persons computer.) If someone scans something to the root of the shared20%documents folder, its inaccessable from teams because it didnt make it to a channel. And if they made a different document library, its roulette whether or not varous clients can see it or if they just autoassume shared20%documents. Oh it looks like you did all this is in your microsoft account not your office account, now you have to start over and cant move your data automatically. Yes Im sorry that onedrive personal is different from onedrive corporate which is different from a (onedrive) office 365 groupteamsitedocumentlibrary.... ... here let me teach you the EASY WAY to do this. MEMORIZE tenent.sharepoint.com/sites/groupname/Shared%20Documents, and just type that right into the address bar, its much faster to MEMORIZE that string than it is to navigate the user interface. i promise you should memorize it to save time. no really im not kidding, i emplore you to memorize the url structure instead of learning the interface. fine, we can continue, lets walk through all the clicks one more time.
then onenote gets involved in the mix, which gets stored in onedrive. but the surface pen can only call the onedrive that accesses onedrive personal (msa) not onedrive individual corporate, because there are two onenotes, one built into windows one into office. the pen eraser can not be reprogrammed to use the PAID FOR CORPORATE onenote, just the free app. so never click the button on the only peripheral of the three thousand dollar computer you just bought, because it will lead you somewhere you dont want to go. so now onenotes are stored in the wrong onedrive. also for some reason your computer still has the onedrive for business client, formerly, sharepoint sync, formerly groove (acquired from ray ozzie who also tortured you introducing Lotus Notes to the world, back in the day) which is depricated, lets update you to onedrive, formerly live mesh, but now the correct client to use to access your aad onedrive for business. yes im sorry, one drive for business is no longer developed but you use onedrive not for business to access your onedrive for business which is different from your personal onedrive, and also different from groups. yes you could use the share feature to share documents in your individual (corporate not personal) onedrive with others, but the more correct way to sustainablty collaborate is by using gropu onedrives. and yes, you still have to click sync for each group/document library again on your second third and fourth computer, because sync settings cant be stored in the cloud or pushed to other users. if you want to mount your group/onedrive/sharepointteamsitedocumentlibrary as a drive letter without caching and syncing it we need to install a third party zeedrive service, because windows cant remount sharepoint drive letters on reboot well.
and microsoft wonders why people prefer dropbox/box....
tldr: teams vs teamsites (completely different). i can add people to groups or teamsites from outlook groups or teams, right? yes you can add people to teamsites from teams, but they are completely different things. msa onedrive vs aad onedrive vs group onedrive (not called a onedrive usually but accessable through the onedrive web/windows/mobile client using the onedrive api.) onenote vs onenote 2016. skype vs skype for business. channels vs folders, vs document libraries vs teamsites vs groups vs teams!>??!?! :( :( :(seriously why the fuck does my phone have onedrive, sharepoint, outlook groups, outlook, AND teams to get to files stored in and out of my office 365 groups, oh and lens can only scan to my aad onedrive, not a group. no messages cant pass between exchange, yammer, teams, and skype, except when they sometimes do poorly between teams and skype (for business of course, not skype.) why is outlook groups the only app with a follow button. from why when i follow an office 365 group team site document library (what should be called a group onedrive!!!) does it NOT show up in either onedrive nor sharepoint. why is the follow button different in teams, outlook groups, and the sharepoint web interface! yes there is a desktop teams app, but its really a copy of chrome without any chrome running web app locally on your computer, using at technology called electron which packages a client version of a javascript engine repackaged as a server repackaged as a client. i digress. but its sure not .net. and yes they use chrome, not edge. which isnt internet explorer. nor file explorer.
And then there's the interesting conversation that ensues when someone says they can't send mail in outlook. Outlook on the desktop, for windows or for mac, or maybe on the web, either outlook.com or outlook for business or outlook web access, or perhaps on mobile, on windows phone or android or iOS. All of those things are very different. It seems like writing a new outlook is the break-in project for any new team in microsoft, cause they have more outlooks than they know what to do with.
If you want to know what outlook you have, here's a handy article they made to help you figure it out. Mind you, they forgot about outlook for windows phone, but with that many outlooks who can blame them?
Funny how they have that problem of one name for a bunch of things, but also the problem of many names for the same thing.
When you say Outlook account, do you mean Hotmail? Outlook.com? Live.com? MSN.com? Microsoft Account? Windows Live ID? Windows 10 login? Windows phone login? XBox login? .Net Passport?
dont even get me started about the difference between follow and sync, and that you have to press sync for each document library you make, which includes each group you make, and no you cant just turn on sync for each person you add to the group, they both need to sync to their windows client, and follow so it shows up in their mobile app.
so the new sync process. go to office.com, sign in, click mail or onedrive. click the group. if mail, click files. now it brings you to a list of recent files as shown on a client served by the exchange server. to get to the correct sharepoint served web client, you need to click browse files in the upper right corner. no dont worry, your folders arent gone, the exchange client just brilliantly collapses the entire structure and shows only the files, in order of most recent. once you get onto the sharepoint server your folders will reappear. then click sync, then click allow, then yes, then sync now. then wait. if i add 30 people to a group, i have to walk all thirty through syncing and following. and dont worry as soon as i train them the sync button will be renamed. my new favorite one. there are now THREE terms used in different spots that all lead you back to the office 365 group team site document library (aka group onedrive.) they include: Open in Sharepoint, Browse Library, and Go to Site. For some damn reason, in the teams app "Open in Sharepoint" is the term used to launch the onedrive group web client, but in exchange its Browse Library or Go to Site.
This happens with "Visual Studio". When someone says "Visual Studio" won't work, do you mean VS Enterprise or VS Code--two totally different products. Come to find out they really mean visualstudio.com which is sometimes call VS Online or more like VSTS (Visual Studio Team Services). Some people who have been around just refer to it as TFS (Team Foundation Services) but that is more closely tied to TFVC (Team Foundation Verison Control) but VSTS supports Git.
I love analysis like this that does nothing more than describe how something is implemented. The most effective criticism is that which simply describes and doesn't editorialize. This comment is a perfect example of how the divides between teams at large companies results in absolute absurdity for the user.
It's a marketing and ux problem. Microsoft is terrible at picking good proper nouns for products. Groups, teams, etc. why is it Office Groups but Microsoft Teams. Is Microsoft ToDo part of Office? Why is Teams basically Skype/Lynx+Sharepoint but not Office?
Enterprise Architecture teams have their work cut out trying to describe the choices they make.
I'm thinking Microsoft is just terrible at saying NO. Especially NO to certain naming, feature and product requests coming from marketing. It needs more architects with decision power for each product line that curate and focus their efforts.
> Microsoft is terrible at picking good proper nouns for products.
I wonder if there's a sort of internal fighting for each team to squat on the "best" names for their product or service. Basically a Dilbertian confusopoly [0] where the goal is to make your project sound like "the obvious choice" regardless of its merits, with "Microsoft" on the front as the only way it stops being impossible to trademark.
I imagine other large companies struggle with this as well, although Amazon seems to have taken to the other extreme [1].
Branding teams and divisions are getting in the way of coherence and usability. I think ONE of the worst right now is the OneDrive vs SharePoint back and forth. First they were kind of hiding the SharePoint name, and renaming everything onedrive. SharePoint Workspace, formerly Microsoft Office Groove, became OneDrive for Business (because it was the client sync tool, not a server.) Now its making a comeback and certain things are "not" OneDrive, such as 'Office 365' Groups '''SharePoint 'Team Site'' 'Document Libraries''
At least in the Mail world the divide MOSTLY makes sense. Outlook is the Client, Exchange is the server. Yes, the OWA web/javascript client streams from the server and renders in your browser, but otherwise the divide is mostly intact. You NEVER see an Exchange app, and you rarely see the word outside the content of "connect to this server." The SharePoint branding team on the other hand cant handle being the server only and has now forced a SharePoint app that is like some bastardized fork of the OneDrive app. They mostly do the same thing, but not quite. Microsoft needs to draw a line and say "OneDrive = Client, SharePoint = Server" and try and not cross it. The OneDrive web client should be an interface that streams from the SharePoint server to your browser.
I wish they would have left 'Lync' as the "server" to the various clients.
This could be resolved by sending an email notice telling people exactly what's happening and giving them the option to collapse their personal/non-work Microsoft accounts into the current work/managed accounts.
If it's a company domain then there's not much reason to have personal account with the same work email address.
Google does the same thing when a customer previously used their own "branded" email for Google services, and then switches to use G Suite (formally Google Apps).
Every login will prompt to select the organizational account, or the personal account.
Not sure why only MS is being called out for it ... they probably modeled their system after Google.
That's not what Google does. (Edit: It sounds like Google used to do this. I switched to G Suite very recently and did not end up with an account in this state.) If you have an existing joe@example.com Google account and then sign up for G Suite as the owner of example.com, what happens is the old joe@example.com account gets divorced from its email and given a new temporary name. You can then change it to a new @gmail.com but that change is permanent.
Unfortunately you cannot merge. Google services will have an option to switch between the different accounts. The priority order is shared, and to change the order you have to log out of all your accounts and log in again, with the primary account first. I decided to keep my @gmail.com account first, so I only have to switch to the @example.com account when I check GMail.
Could be much better, of course. I was personally a bit frustrated with the process.
I mean, that is exactly what Google does. Google does allow the change you listed above, which is nice. But if you don't explicitly change your accounts, you keep getting the "pick an account" screen on every single login, just like the parent described, and just like Microsoft shows users too.
To clear up the confusion: Google has that UI, but it's legacy. They no longer allow you get your account into that state; new G Suite accounts and personal Google Accounts can't use the same address.
How legacy? Personally I made this change/split maybe 12-15 months ago and still get the prompt. I'm also pretty sure I had a client with this same issue recently, although I can't confirm with certainty. I routinely migrate clients TO G Suite which is why I have some first-hand exp here.
Also, when signing up the Google system will not allow you to use the same email (if it's registered) but once you "take over" or verify domain ownership, you can then claim / use that address - which I believe creates this situation.
I got into a confused state with my Youtube account where I have two accounts linked to the same Google account. One of them lists all my subscriptions but doesn't allow me to comment. The other one can comment but says it has no subscriptions on the sidebar but I can see all of my subscriptions if I click the subscriptions button.
I occasionally have to perform some bizarre incantation once in a blue moon to switch accounts when I want to comment on something and then switch back so I can see my subscriptions again.
If Google had the same terrible UX, I would rant about that as well, but I've never had a single problem with any of my Google accounts. I cringe every time I have to do any type of maintenance on one of my MS accounts because I know it's going to be terrible, and it always is.
As you said. the Work/School Account is one provided by your employer (normally), and usually comes from Active Directory (or AzureAD).
The Personal accounts (also called Microsoft accounts/IDs or Live IDs) are the ones you as an individual create directly with Microsoft. The prime example would be people who've had a Hotmail account for ages, and that eventually became a Microsoft account.
The confusion comes because since a couple years ago, you can create Microsoft accounts with any e-mail that you own, be it personal, from work, hosted in gmail, hosted by your employer, hosted by yourself... You name it. So it is possible to create a Microsoft account with your work e-mail, even if your work e-mail also has a Work/School Account tied to it. All the notifications for that Microsoft account will go there, but they are not for your "Work/School Account" (also referred to as Organizational account), they are for your personal one.
Yes, it is a mess. After a while I got used to it and now I'm comfortable navigating all my identities, but it can be very annoying when you first encounter it.
Yes, but as a consumer I don't care about that differentiation.. Just make it transparent.. merge my authorization rules or something...
Gawd.. You're microsoft, you can create a whole new security protocol. Don't have this half baked persona solution.
If you can't figure this out, it really reinforces the reason for every time we come across something in Azure where we're like wtf isn't this feature supported?
I'd wager there's something enforcing that distinction such as licensing rules for products you might have access to.
But, ultimately, those licensing rules may be under MS's control as well. Even if they aren't, it sounds like it has a significant impact on their service's design and usability, so it's in their interest to make a change somewhere.
Your 'work/school account' is managed by your work. They can close it at any time, and you would no longer have access to it. Your personal account via the same email address is an account you created with Microsoft. Even if your work/school take away your email address, that account will still exist (just that if you no longer have access to that email you won't be able to retrieve password resets or whatever for it).
It doesn't matter. A collection of roles/claims are associated with each account, resulting in different authorization profiles.
Just merge them into a single collection and have my experience be dictated by that merged collection. With how entrenched they are with the Enterprise world, they should have foreseen this scenario and designed their family of products to facilitate this seamless merging of authorization rules across disparate accounts.
Work or school is a federated option, using ADFS to do the authentication using your company's Active Directory info. If you choose that, when you enter your work email address, it'll redirect you to your company's ADFS login page. It's used a lot with Azure AD.
The 'non-company' account is created manually by signing up for a new microsoft account and then clicking the activation link in the email you receive.
The school/work account is somehow created by a company administrator, but I don't know exactly how or where.
I just went through this exact thing last night when I had to remove an old Azure and Outlook 365 subscription that I stopped using months ago. It literally took me 4 hours to figure out how to get into all the correct accounts to remove the active directory users from Azure, remove all the user subscriptions for Outlook 365, remove my Azure subscriptions so I could stop being billed and then finally delete my domain from GoDaddy.
Coupled with the fact that I'd enabled 2FA made for a ridiculously poor user experience. By the end of the process I was so pissed off, I'm not sure if I'll ever use Azure or Office 365 again... we'll see.
The other day I wanted to check if a windows key I had is still valid for another fresh installation before wiping my HDD. I don't even remeber the whole endavour, but I had to install some specific MS software for it...
Amazon manages to keep multiple accounts of mine, with the same email, but different passwords.
Amazon does this because, when it was founded, it was common for entire families to share the same email account so they built in support for multiple accounts mapped to the same email address. I knew someone who was in charge of maintaining it and it was a legacy nightmare mess.
What's sometimes really bothersome to me, is when I had autologin in either chrome and/or my lastpass, and it would constantly push through the right or wrong password and/or account, because they're on different screens.
Though the more bothersome one in my mind, is that I can't login to gmail in chrome without attaching it to chrome... I don't want to attach my work email to my home chrome browser (which forces a couple extensions, and my home page). So I've opted to run both Chrome Canary (work) and Chrome release (home/personal)... It seems even worse UX when you have multiple google accounts you want to keep separate.
As to Skype, it's been weird since MS bought them, and I remember having great pain migrating/attaching to my MS account so I can have a single login, and it was just weird for some while.
Aside: I'm glad google domains includes DNS and email forwarders, so I can keep my really old domain emails forwarding to my gmail so I can on occasion recover old accounts.
You'll need to go to your subscription settings in Azure Portal, and in the Access Control (IAM) options, you can add the other account as an authorized user of your Azure subscription. Once you do this, you can use your subscription from both accounts. It works kind of like Active Directory.
- Work or school account
- Personal account
I get this prompt every time I try to log into Azure with my work email. If I choose the work account (the most intuitive option) my azure subscription list is empty. I have to log out and select the other option.
Why is there a difference and why isn't this transparent? I am authenticated, you know who I am, give me access to the things I'm authorized for. I don't know what kind of weird backend situation MS has, but asking me to understand it is terrible UX.