Share via

How can I recover access to a Microsoft Tenant that no other administrator has access to because of a conditional access policy?

Anthony K. Simukonda 25 Reputation points
2025-02-04T06:05:00.1233333+00:00

I have lost access to a Microsoft Tenant for one of our subsidiaries. No other administrator has access to the Tenant.

The conditional access policy preventing access is to the tenant requires that I use a managed device. Since I am using either a device managed by the parent tenant or an unmanaged device, I am failing to connect. I am yet to enrol a device to that particular tenant hence my predicament.

How do I recover access to the tenant?

Regards,

Anthony

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
23,151 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Sakshi Devkante 575 Reputation points Microsoft Vendor
    2025-02-04T09:24:12.8133333+00:00

    Hello @Anthony K. Simukonda

    Thank you for posting your query on Microsoft Q&A

    In this situation you have 2 ways to solve this issue.
    1.If you have another Global admin of your tenant

    2.If you are the only Global admin of your tenant or all the global admin of tenant has been locked out.

    If you have another Global admin of your tenant who still have access to tenant, you can ask them to make change in conditional access policy and exclude the global admin from the policy.

    To perform this, you can ask another Global admin to follow below steps,

    1.Admin has to login to Azure portal and access Azure active directory.

    2.Once done they have to go to security blade on the left.

    3.Click on the conditional access policy which was created and blocked all the admins.

    4.Exclude the global admin from the policies and as a precaution measure always exclude at least one admin from the conditional access policy so that this scenario won't cause any lockouts.

    (or)
    If you are the global admin on the account and are blocked entirely, you can reach out to our support team. You can look into below article to get support numbers depending on your country.

    https://support.microsoft.com/en-us/topic/global-customer-service-phone-numbers-c0389ade-5640-e588-8b0e-28de8afeb3f2

     or creating a ticket through a different account:  https://learn.microsoft.com/en-us/microsoft-365/admin/get-help-support?view=o365-worldwide#phone-support

    While creating a ticket with Microsoft support team. Give them the tenant ID which is locked out in your description. Tell them that no admin account has access anymore and your partners also have no access anymore.

    Once you create a ticket with support team you will have to work with our data protection team. You will have to first prove your identity against your tenant for security purpose. Post that this team will help you with help you in getting access to your tenant or unlock your account depending on your scenario.

    Also, for the future, you can create an emergency access account (break glass) in Azure AD. This account will help prevent being accidentally locked out of your Azure Active Directory (Azure AD) organization because you can't sign in for any reason.

    https://docs.microsoft.com/en-us/azure/active-directory/roles/security-emergency-access

    I hope this clarifies things. Please contact us if you have any additional questions.

    If this answers your query, do click Accept Answer and Yes for "Was this answer helpful". And, if you have any further query do let us know.

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    Best regards,

    Sakshi Devkante

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.