Locked out of Azure

Question

I have a test tenant that is used mainly for testing.
I disable MFA, even for global admin.

Today when I tried to log in to that test account. MFA is enforced somehow and my authenticator does not have that account signed in. So I don't receive notification to approve MFA.
When I tried to add my test tenant global admin account to the Authenticator app, after I signed in, it is either approve (which obviously does not work) or type in a code (which also does not work).

So I am not sure how to get help anymore.

Answer 1

Hello @Lim Chong Sun ,

Welcome to the MS Q&A forum.

My apologizes for the delayed response. I am posting my answer in case if someone else will come around your post while troubleshooting the locked Global Admin Account in AAD.

Resolution:

• Reset your own password if you've already set up an alternative email address and a mobile phone number.
• Request another administrator in your company to reset your password.
• If you've forgotten the password for your company's administrator account in Azure or Intune, see Quickstart: Self-service password reset.
• If you're the only administrator on your Azure subscription, and you have forgotten the password, contact Azure support.

You can also use the following resources to contact Support:

• Microsoft 365: Get support for Microsoft 365
• Azure: Get support for Azure
• Intune: Get support for Intune

I also noticed you have concern regarding the MFA is being enforced. This is the expecting behavior for some scenarios. MFA could be enforced when you enable Security Defaults, have corresponding configured Conditional Access Policy or trying to SSRP for administrator account.

Almost forgot, from the Admin side you may also want to check if account is not in the block list and force user to Re-register MFA and revoke existing MFA sessions.

Sincerely,
Olga Os