![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(291.2, 13%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAA%3C/text%3E%3C/svg%3E)
Azure Role-based access control
An Azure service that provides fine-grained access management for Azure resources, enabling you to grant users only the rights they need to perform their jobs.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(44.800000000000004, 78%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESG%3C/text%3E%3C/svg%3E)
Thank you for posting this in Microsoft Q&A.
As I understand you are able to access the Azure tenant subscription. However, you do not have access to the Entra ID to which subscription is linked with.
To access Entra ID you need to have permissions assigned within Entra ID.
There are some of the built in roles in Entra ID and any of those roles should be assigned to you.
https://learn.microsoft.com/en-us/entra/identity/role-based-access-control/permissions-reference
These roles can be assigned to you by any other account who has Global admin role assigned to them.
If you do not know as to who the Global admin in your tenant is, then you can follow below steps to find the same,
• Open Windows PowerShell as administrator.
• Run command “Install-Module azuread”
• Once installed you can run command “Connect-AzureAD” and enter user credentials once it asks for.
• Once you login, you can run command “Get-AzureADDirectoryRole”.
• From the output you can copy the object ID of Global administrator
• Run command “Get-AzureADDirectoryRoleMember -ObjectId "Paste the object ID of global admin that was copied earlier"
• You will get the list of users with global admin role assigned.
You can ask particular person to assign a Global admin role so that you can access Entra ID.
If you are the only global admin on the tenant, then you can reach out to our support team. You can look into below article to get support numbers depending on your country.
or creating a ticket through a different account: https://learn.microsoft.com/en-us/microsoft-365/admin/get-help-support?view=o365-worldwide#phone-support
Create a ticket with Microsoft support team. Give them the tenant ID to which you do not have access. Tell them that no admin account has access anymore and your partners also have no access anymore.
Once you create a ticket with support team you will have to work with our data protection team. You will have to first prove your identity against your tenant for security purpose. Post that this team will help you with help you in getting access to your tenant or unlock your account depending on your scenario.
Also, for the future, you can create an emergency access account (break glass) in Azure AD. This account will help prevent being accidentally locked out of your Azure Active Directory (Azure AD) organization because you can't sign in for any reason.
https://docs.microsoft.com/en-us/azure/active-directory/roles/security-emergency-access
Let us know if you have any further questions.
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(291.2, 38%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMP%3C/text%3E%3C/svg%3E)