diff --git a/azure/login/login.go b/azure/login/login.go
index 62b33f458..a4841e6f6 100644
--- a/azure/login/login.go
+++ b/azure/login/login.go
@@ -127,6 +127,9 @@ func (login AzureLoginService) Login(ctx context.Context) error {
 			if err := json.Unmarshal(bits, &t); err != nil {
 				return errors.Wrapf(errdefs.ErrLoginFailed, "unable to unmarshal tenant: %s", err)
 			}
+			if len(t.Value) < 1 {
+				return errors.Wrap(errdefs.ErrLoginFailed, "could not find azure tenant")
+			}
 			tID := t.Value[0].TenantID
 			tToken, err := login.refreshToken(token.RefreshToken, tID)
 			if err != nil {
diff --git a/azure/login/login_test.go b/azure/login/login_test.go
index 887984628..323eb3e0e 100644
--- a/azure/login/login_test.go
+++ b/azure/login/login_test.go
@@ -50,7 +50,6 @@ func (suite *LoginSuite) TestRefreshInValidToken() {
 		Foci:         "1",
 	}, nil)
 
-	//nolint copylocks
 	azureLogin, err := newAzureLoginServiceFromPath(filepath.Join(suite.dir, tokenStoreFilename), suite.mockHelper)
 	Expect(err).To(BeNil())
 	suite.azureLogin = azureLogin
@@ -102,7 +101,6 @@ func (suite *LoginSuite) TestInvalidLogin() {
 		Expect(err).To(BeNil())
 	})
 
-	//nolint copylocks
 	azureLogin, err := newAzureLoginServiceFromPath(filepath.Join(suite.dir, tokenStoreFilename), suite.mockHelper)
 	Expect(err).To(BeNil())
 
@@ -144,7 +142,6 @@ func (suite *LoginSuite) TestValidLogin() {
 		ExpiresIn:    3600,
 		Foci:         "1",
 	}, nil)
-	//nolint copylocks
 	azureLogin, err := newAzureLoginServiceFromPath(filepath.Join(suite.dir, tokenStoreFilename), suite.mockHelper)
 	Expect(err).To(BeNil())
 
@@ -160,6 +157,40 @@ func (suite *LoginSuite) TestValidLogin() {
 	Expect(loginToken.Token.Type()).To(Equal("Bearer"))
 }
 
+func (suite *LoginSuite) TestLoginNoTenant() {
+	var redirectURL string
+	suite.mockHelper.On("openAzureLoginPage", mock.AnythingOfType("string")).Run(func(args mock.Arguments) {
+		redirectURL = args.Get(0).(string)
+		err := queryKeyValue(redirectURL, "code", "123456879")
+		Expect(err).To(BeNil())
+	})
+
+	suite.mockHelper.On("queryToken", mock.MatchedBy(func(data url.Values) bool {
+		//Need a matcher here because the value of redirectUrl is not known until executing openAzureLoginPage
+		return reflect.DeepEqual(data, url.Values{
+			"grant_type":   []string{"authorization_code"},
+			"client_id":    []string{clientID},
+			"code":         []string{"123456879"},
+			"scope":        []string{scopes},
+			"redirect_uri": []string{redirectURL},
+		})
+	}), "organizations").Return(azureToken{
+		RefreshToken: "firstRefreshToken",
+		AccessToken:  "firstAccessToken",
+		ExpiresIn:    3600,
+		Foci:         "1",
+	}, nil)
+
+	authBody := `{"value":[]}`
+	suite.mockHelper.On("queryAuthorizationAPI", authorizationURL, "Bearer firstAccessToken").Return([]byte(authBody), 200, nil)
+
+	azureLogin, err := newAzureLoginServiceFromPath(filepath.Join(suite.dir, tokenStoreFilename), suite.mockHelper)
+	Expect(err).To(BeNil())
+
+	err = azureLogin.Login(context.TODO())
+	Expect(err.Error()).To(BeEquivalentTo("could not find azure tenant: login failed"))
+}
+
 func (suite *LoginSuite) TestLoginAuthorizationFailed() {
 	var redirectURL string
 	suite.mockHelper.On("openAzureLoginPage", mock.AnythingOfType("string")).Run(func(args mock.Arguments) {