Share via

locked out of my tenant due to conditional access

Harsh 0 Reputation points
2025-01-31T08:38:17.28+00:00

Global admin lockout scenario via Conditional Access.

Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
12,954 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
23,104 questions
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Rajat Vashistha-MSFT 285 Reputation points Microsoft Vendor
    2025-01-31T08:49:17.7966667+00:00

    Hi Harsh,

    Thank you for reaching out to Microsoft!

    You can get the Global admin role assigned to some other account only if you can login with account which has Privileged Role Administrator

    This role has an ability to assign Global admin role to any other account within Entra ID.

    If you do not have any other account with Privileged Role Administrator, then the only option is to contact support and data protection team to unblock your Global admin account.

    If you are the only global admin on the account and are blocked entirely, you can reach out to our support team. You can look into below article to get support numbers depending on your country.

    https://support.microsoft.com/en-us/topic/global-customer-service-phone-numbers-c0389ade-5640-e588-8b0e-28de8afeb3f2

    or creating a ticket through a different account:  https://learn.microsoft.com/en-us/microsoft-365/admin/get-help-support?view=o365-worldwide#phone-support

    similar post: https://learn.microsoft.com/en-us/answers/questions/2129090/how-can-i-assign-the-global-administrator-role-if

    Hope this helps.

    If the answer is helpful, please click Accept Answer and kindly upvote it. If you have any further questions about this answer, please click Comment.

    0 comments
  2. Sandeep G-MSFT 20,466 Reputation points Microsoft Employee
    2025-02-04T10:15:15.73+00:00

    @Harsh

    Thank you for posting this in Microsoft Q&A.

    As I understand you had created a conditional access policy due to which your account is blocked to access Azure portal.

    When it comes to all of your Admins being locked out due to an incorrect setting in a Conditional Access policy, you'll have to:

    • Check if there are other administrators in your organization that aren't blocked yet. An administrator with access to the Azure portal can disable the policy that is impacting your sign-in.
    • If none of the administrators in your organization can update the policy, submit a support request. Microsoft support can review and upon confirmation update the Conditional Access policies that are preventing access.
    • If you're unable to access your tenant with any users, you'll have to reach out to our Global Customer Service phone number(s) so their team can look into your issue and potentially give you access to your tenant. Optionally, you can try reaching out to our Azure Data Protection team for further assistance - (866-807-5850).

    Note: For future reference, I'd also recommend creating and managing an emergency access account in Azure AD, this will help prevent being accidentally locked out of your Azure Active Directory (Azure AD) organization because you can't sign in or activate another user's account as an administrator.

    Additional Links: What to do if you're locked out of the Azure portal? Troubleshooting sign-in problems with Conditional Access

    If you have any other questions, please let me know.

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.