Login Error Upon Initial Enterprise Registration
Table of Contents
Scope:
The following document will show you how to fix the error upon logging in for initial enterprise Registration.
Requirements:
- Global admin access
- The latest version of PowerShell (7.1.1 as of this writing)
Solution
This error can occur when a Microsoft Office 365 tenant was created incompletely. A specific Azure AD addition is needed to allow Teams phone services to be configured and managed.
This can be accomplished by executing a PowerShell Azure AD command. This must be done in conjunction with the Enterprise admin, or the GA credentials must be available because the command is executed by (or on behalf of) the Enterprise GA.
- Start PowerShell as an Admin user (run as Administrator on windows, ‘sudo pwsh’ in a Terminal on Mac).
- You need to install the Az module with this command:
Install-Module -Name Az -AllowClobber
- You need to connect as the Enterprise GA. There are two options for doing this.
- Option A: Let PS make you login in a browser window with this command
Connect-AzAccount -UseDeviceAuthentication
- This should present you with a URL (probably https://microsoft.com/devicelogin) and a code - open a browser window with that URL and enter the code. Then you will log in as the enterprise Global Admin as “usual”. Go back to the PowerShell window and you will see it showing you logged in after a few moments:
- Option B: Enter the command ‘Connect-AzAccount’ - this may automatically popup a browser (Safari, if you are on a Mac) and ask for your Enterprise Global Admin credentials. Or, it may give you an error. In which case you should use the first option.
- Finally, you can enter the command that associates the Skype For Business service to the Enterprise account, the way it should have been all along. Enter this command:
- Finally, you can enter the command that associates the Skype For Business service to the Enterprise account, the way it should have been all along. Enter this command:
New-AzADServicePrincipal -ApplicationId "39624784-6cbe-4a60-afbe-9f46d10fdb27"
- The result will look something like the screenshot below. After you see that “Warning” it may take a while for the prompt to return, but once you see the prompt the Enterprise GA should be good to login to the EPP.