Azure Portal Access Issue for Member Users

When trying to open the Azure Portal (https://portal.azure.com) or clicking the Azure Portal tile in My Apps, two newly added member users receive the error:

App launch failed
App with ID xxxxxxx failed to launch.
Correlation ID: 906ee9a1-8f85-4d54-8617-fa0eab68c29d
Timestamp: 

Tenant / Subscription Details

• Default Directory: created July 2025
• Subscription: one subscription and one resource group in East US 2 for Azure OpenAI work

User Provisioning Flow

• Two employees added as Member users via Users → + New user
• Both accounts show User type: Member and Account enabled: True
• No Microsoft 365 / Entra ID premium licenses assigned (only need Azure access)

RBAC Configuration

• Reader role at subscription scope
• Cognitive Services OpenAI Contributor role on the resource group

Troubleshooting Attempts

1. Enterprise Applications → Azure Portal
   • Enabled for users to sign-in? = Yes
   1. Explicitly assigned both users under Users and groups in the Azure Portal enterprise app → issue persists
   2. Verified no Conditional Access policies exist in the tenant
   3. Removed all filters on Enterprise applications list, refreshed, waited >15 min, and tried in incognito/new browser profiles

Goal

The aim is to allow these Member users to access the Azure Portal so they can deploy GPT-4.1-mini in the resource group. What additional configuration or licensing steps may be needed?

Additional Context

• My account holds Global Administrator and Subscription Owner roles; I can launch the portal without any issues.
• Preference is to maintain a lightweight tenant (no M365, no Entra ID P1/P2) and avoid reverting them back to Guest status unless absolutely necessary.