OTP (One Time Passcode) is a new feature, turned on by default, which logs you in. If the customer has disabled the feature, you can still create a Microsoft or Azure Account. If you have a Microsoft account, you are good to go either way.
That means I can now accept Teams invitations without creating shadow tenants. Yay!
I am so pumped. Yesterday I managed to finally delete all three of my Azure shadow tenants. What is a shadow tenant? Come sit by the fire and I will explain.
Microsoft has this schism between Microsoft Accounts and Azure Accounts. For some products Microsoft creates an Azure Account when you login with a Microsoft Account if it believes you are a potential enterprise client. This happened to me when I had first contact with Microsoft Teams. A co-author wanted to collaborate via Teams when authoring an article and invited me to his Teams team as a guest. I logged in with my Microsoft account and from then on I would always be asked if I wanted to login with my personal or my business account.
OK, that is only one question to answer, but you suddenly have two account to secure. And the terrible thing about these shadow accounts is that when anything goes wrong you are being told to contact your admin, but there is is no admin. You are on a cruise ship without a captain. You never wanted to own a cruise ship. In fact, you only wanted to cross the river to get to the other side.
My first Azure tenant was ‘vowenet.onmicrosoft.com’. I learned how to become captain of this account and it involves signing up for a free PowerBI trial (yes, really!) and then publish a TXT record to your DNS (yes, really!) and the next time you login, you will be asked if you want to be admin. Yay! I created a new admin, deleted the twin of my Microsoft account, and failed at deleting the Azure tenant.
I got my second Azure tenant when I signed up for the free Teams account in 2020: ‘vowevowenet.onmicrosoft.com’. This tenant hosted the Circus team. I cannot remember how I became admin, but it was probably the same detour as the first time. Last week I retired the Circus team which had caused me quite a bit of admin headaches and tried to delete the tenant, and I failed again.
But this time, I pressed on. Microsoft would not let me delete the Azure account although I was Global Admin (god) because I presumably had a subscription active. I totally understand that Microsoft makes it difficult to sink a cruise ship, but remember, I never wanted one in the first place. It would not show any licenses in Azure Active Directory, but I was looking in the wrong place. I had this free 300 people Teams subscription, but that is in Microsoft 365 and not (directly) in Azure. Once I found the subscription, I went through a deactivate/delete operation and had to wait 3+ days for the deletion to go through, but then finally, I checked out OK and could remove the second Azure tenant.
I had also started the deletion process on the dormant first shadow tenant. The roadblock was a free 100 people Teams subscription, from the days back when I first had contact with Teams, only as a guest. Removed the second Azure tenant. Yay.
But wait. When I logged in again it still asked me Microsoft Account or Company account? There was another shadow tenant hiding in the shadow (pun intended). I went to the AAD portal and found vowenet0.onmicrosoft.com. I have a hunch that was created when I trained for my Microsoft Azure Architect certification. I was in full swing. Start PowerBI free trial, accept admin duties, publish DNS record, take over the tenant, remove all free unused subscriptions, remove tenant.
Bingo. Three shadow tenants down and I am free. No more question for personal or business account.
Sidenote: Windows 11 comes with a personal version of Teams, which is completely useless. You cannot talk to Skype contacts, you cannot talk to work Teams, it’s just another version of everything. Don’t waste your time and just delete it.
