Problem
You have clicked on the Complete button in the invitation email, but after logging in to the Enterprise Portal with Microsoft credentials you get a red error message such as the one below, possibly mentioning a Microsoft error code AADSTS650052.
.png?sv=2022-11-02&spr=https&st=2025-06-28T05%3A23%3A40Z&se=2025-06-28T05%3A34%3A40Z&sr=c&sp=r&sig=o2MIZt4TrUDkWMMT5J8JJu69Cpx%2BlCjgGaHbs4FW1%2FA%3D)
Solution
This error can occur when a Microsoft 365 tenant was created incompletely. A specific Azure AD addition is needed to allow Teams phone services to be configured and managed.
This can be accomplished by executing a PowerShell Azure AD command. This must be done in coordination with the Enterprise admin, or the Global Admin credentials must be available, because the command is executed by (or on behalf of) the Enterprise Global Admin.
First, you have to have the latest version of PowerShell (7.1.1 as of this writing). See this page for details about Azure AD usage, or just follow these simpler instructions below.
Start PowerShell as an Admin user (run as Administrator on windows, sudo pwsh in a Terminal on Mac).
You should see something like this:
.png?sv=2022-11-02&spr=https&st=2025-06-28T05%3A23%3A40Z&se=2025-06-28T05%3A34%3A40Z&sr=c&sp=r&sig=o2MIZt4TrUDkWMMT5J8JJu69Cpx%2BlCjgGaHbs4FW1%2FA%3D)
Second, you need to install the Az module with this command:
Install-Module -Name Az -AllowClobberThis will look like this (there is no output from the command):
Third, you need to connect as the Enterprise Global Admin. There are two options for doing this.
Option A is to let PS make you login in a browser window with this command
Connect-AzAccount -UseDeviceAuthentication
This should present you with a URL (probably https://microsoft.com/devicelogin) and a code - open a browser window with that URL and enter the code. Then you will login as the enterprise Global Admin as “usual”. Go back to the PowerShell window and you will see it showing you logged in after a few moments:
Option B is to just enter the command ‘Connect-AzAccount’ - this may automatically popup a browser (Safari, if you are on a Mac) and ask for your Enterprise Global Admin credentials. Or, it may give you an error. In which case you should use the first option.
Finally, you can enter the command that associates the Skype For Business service to the Enterprise account, the way it should have been all along. Enter this command:
New-AzADServicePrincipal -ApplicationId "39624784-6cbe-4a60-afbe-9f46d10fdb27"The result will look something like the screen shot below. After you see that “Warning” it may take a while for the prompt to return, but once you see the prompt the Enterprise Global Admin should be good to login to the ConnecttoTeams Enterprise Portal.
.png?sv=2022-11-02&spr=https&st=2025-06-28T05%3A23%3A40Z&se=2025-06-28T05%3A34%3A40Z&sr=c&sp=r&sig=o2MIZt4TrUDkWMMT5J8JJu69Cpx%2BlCjgGaHbs4FW1%2FA%3D)