removed myself from admin role & can't access account

Question

I was trying to delete my Azure account & tenant. I think I removed my global admin access & now I can't seem to do anything with the portal at all. I created a new account to be able to sign in & post this. How do I get the original account deleted & start over new?

This is the full notification I receive:

Experiencing authentication issues

The portal is having issues getting an authentication token. The experience rendered may be degraded. Additional information from the call to get a token: Extension: Microsoft_Azure_Support Resource: self Details: The logged in user is not authorized to fetch tokens for extension 'Microsoft_Azure_Support' because the user account is not a member of tenant 'f8cdef31-a31e-4b4a-93e4-5f571e91255a'. Error details: invalid_grant: 50020 - [2024-12-07 01:04:05Z]: AADSTS50020: User account '{EUII Hidden}' from identity provider 'live.com' does not exist in tenant 'Microsoft Services' and cannot access the application 'c44b4083-3bb0-49c1-b47d-974e53cbdf3c'(Azure Portal) in that tenant. The account needs to be added as an external user in the tenant first. Sign out and sign in again with a different Azure Active Directory user account

Answer 1

Check if your organization has a break-glass account set up for emergencies. This account typically has Global Admin access. Always maintain at least two global admin accounts.

1. Visit Azure Support website: Azure Support.
2. Use the new account you created to log in
3. Request to reassign the Global Admin role to your original account.

Answer 2

@Alex Beacon

Thank you for posting this in Microsoft Q&A.

As I understand you have removed your Global admin role from your account and now you are unable to perform any admin action within your tenant.

In this situation you have 2 ways to solve this issue.

• If you have another Global admin of your tenant
• If you are the only Global admin of your tenant

If you have another Global admin of your tenant, you can ask them to login to Entra ID and assign a global admin role to your account.

If you are the only global admin on the account and are blocked entirely, you can reach out to our support team. You can look into below article to get support numbers depending on your country.

https://support.microsoft.com/en-us/topic/global-customer-service-phone-numbers-c0389ade-5640-e588-8b0e-28de8afeb3f2

or creating a ticket through a different account:  https://learn.microsoft.com/en-us/microsoft-365/admin/get-help-support?view=o365-worldwide#phone-support

Create a ticket with Microsoft support team. Give them the tenant ID which is locked out in your description. Tell them that no admin account has access anymore and your partners also have no access anymore.

Once you create a ticket with support team you will have to work with our data protection team. You will have to first prove your identity against your tenant for security purpose. Post that this team will help you with help you in getting access to your tenant or unlock your account depending on your scenario.

Also, for the future, you can create an emergency access account (break glass) in Azure AD. This account will help prevent being accidentally locked out of your Azure Active Directory (Azure AD) organization because you can't sign in for any reason.

https://docs.microsoft.com/en-us/azure/active-directory/roles/security-emergency-access

 

Let me know if you have any further questions.

Please "Accept the answer" if the information helped you. This will help us and others in the community as well.