This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(201.6, 87%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJP%3C/text%3E%3C/svg%3E)
Hi Microsoft,
I hope this email finds you well.
Please help us disabled the MFA enabled on my Global Admin account due to locked me out with my own GLOBAL ADMIN, i am the admin person to perform those configuration of my tenant, but unfortunately due to neglection i did not setup the security of my Global Admin and it set my account Global Admin into default MFA enabled that i do not have access.
Thank you
Hi @john paul centeno ,
to disable MFA per user you can do this in the Azure Portal: Change the status for a user
a second option is the exclude the user from the conditional access policy: Conditional Access: Users, groups, and workload identities
(If the reply was helpful please don't forget to upvote and/or accept as answer, thank you)
Regards
Andreas Baumgarten
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(281.6, 80%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETB%3C/text%3E%3C/svg%3E)
It's recommended to exclude at least two account (emergency account or/and Break-Glass) , to prevent lock all your tenant.
Some other accounts need to be excluded as mentioned in the following linkUser exclusion in Entra ID
By default Microsoft create a conditional access to enable MFA on admin accounts and activate it after 90 days of creation : Common Conditional Access policy: Require multifactor authentication for admins accessing Microsoft admin portals
In your case you can edit this Conditional Access and exclude your account:
Please don't forget to accept helpful answer
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(44.800000000000004, 78%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESG%3C/text%3E%3C/svg%3E)
Thank you for posting this in Microsoft Q&A.
In this situation, if you are the only global admin on the account and are blocked entirely, you can reach out to our support team. You can look into below article to get support numbers depending on your country.
or creating a ticket through a different account: https://learn.microsoft.com/en-us/microsoft-365/admin/get-help-support?view=o365-worldwide#phone-support
Create a ticket with Microsoft support team. Give them the tenant ID which is locked out in your description. Tell them that no admin account has access anymore and your partners also have no access anymore.
Once you create a ticket with support team you will have to work with our data protection team. You will have to first prove your identity against your tenant for security purpose. Post that this team will help you with help you in getting access to your tenant or unlock your account depending on your scenario.
Also, for the future, you can create an emergency access account (break glass) in Azure AD. This account will help prevent being accidentally locked out of your Azure Active Directory (Azure AD) organization because you can't sign in for any reason.
https://docs.microsoft.com/en-us/azure/active-directory/roles/security-emergency-access
Let me know if you have any further questions.
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.