Using old azure portal, I am able to navigate to Azure Active Directory. But with the new portal 'Portal.Azure.com', I am seeing 'Access Denied' error message.
This is the below exact message I am seeing in the portal.
"Access denied. You do not have access Looks like you don't have access to this content. To get access, please contact the owner."
If you use the external account to access Azure AD, such as MSA account(e.g. outlook.com, hotmail.com), and the account from other Azure AD tenant. You may experience the error message as below.
There are two methods to resolve this issue.
Method 1
Log in to new Azure Portal by using the account with Global Administrator permission for Azure AD. Navigate to the Azure Active Directory extension, from the User settings tab, toggle the setting Guest users permissions are limited to No.
Method 2
Log in to new Azure Portal by using the account with Global Administrator permission for Azure AD. Navigate to the Azure Active Directory extension, from the Users and Groups tab, search for the external account, and change the Directory Role to Global Administrator.
In my case the solution was different.
The clock on my machine got de-synchronized (lagging 13 hours behind) and when my browser was encrypting a security token to request a sensitive page at Azure Portal, this token was rejected by server and I received "Access denied" error page.
It seams like "time.windows.com" was providing a wrong world time to my computer (yes, it is insane) - I changed it to "time.nist.gov" via Control Panel / Date and Time / Internet Time / Change Settings. It immediately updated my computer with correct time.
Then I signed-out and singed-in to Azure Portal and it started working just fine.
