0

As of around February 2023, only when our forward web proxy solution is enabled, signing in to a Microsoft Account (personal / consumer) works fine in general (e.g., at https://login.live.com/) except for Microsoft Learn and Enterprise Skills Initiative (ESI) which doesn't recognise that the account is signed in, and attempting to sign in on the page seems to go through and work but actually doesn't, and the following error message is logged somewhere in the background:

{"error":"invalid_grant","error_description":"AADSTS500021: Access to 'Microsoft Accounts' tenant is denied.

Improve this question

1 Answer 1

Reset to default
0

We:

  1. Assumed that Microsoft had changed their authentication mechanism. Although, we found no documentation for this.
  2. Guessed from the error message that their dedicated 365 tenant for this was MicrosoftAccounts.onmicrosoft.com and confirmed it by checking https://login.microsoftonline.com/MicrosoftAccounts.onmicrosoft.com/v2.0/.well-known/openid-configuration (if it didn't exist, the content would start with {"error":"invalid_tenant").
  3. Added this to our 365 tenant restrictions' allowlist.

This resolved the problem.

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.