Share via

lost b2c tenant access due to misconfigured authenticator app

Abel Garcia 0 Reputation points
2024-01-05T12:40:18.83+00:00

This is the issue: I have a tenancy for which I have a local global admin account and also the account of another user who is a guest user and is also a global admin. 

The guest user has commissioned 2 resource groups (resources for the same solution one for production env and one for staging) each of these resource groups have a b2c tenancy created by the guest user who is the sole administrator. 

Said guest user has though lost the phone and has no longer access to the Authenticator app registration from before and is currently not receiving MFA requests, but for one of the b2c tenancies only, the other has had no issues.

For the production tenancy after attempting to log in, this guest account got a request to re-configure the Authenticator app (the qr flow and all that) and now it can be access without any issues. However for the staging tenancy the guest user is not getting that chance and therefore we are currently incapable to access it. 

Microsoft Security | Microsoft Entra | Microsoft Entra ID
Microsoft Security | Microsoft Authenticator

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Sandeep G-MSFT 20,926 Reputation points Microsoft Employee Moderator
    2024-01-08T11:54:33.82+00:00

    @Abel Garcia

    Thank you for posting this in Microsoft Q&A.

    If you are the only global admin on the account and are blocked entirely, you can reach out to our support team. You can look into below article to get support numbers depending on your country.

    https://support.microsoft.com/en-us/topic/global-customer-service-phone-numbers-c0389ade-5640-e588-8b0e-28de8afeb3f2

    or creating a ticket through a different account:  https://learn.microsoft.com/en-us/microsoft-365/admin/get-help-support?view=o365-worldwide#phone-support

    Create a ticket with Microsoft support team. Give them the tenant ID which is locked out in your description. Tell them that no admin account has access anymore and your partners also have no access anymore.

    Once you create a ticket with support team you will have to work with our data protection team. You will have to first prove your identity against your tenant for security purpose. Post that this team will help you with help you in getting access to your tenant or unlock your account depending on your scenario.

    Also, for the future, you can create an emergency access account (break glass) in Azure AD. This account will help prevent being accidentally locked out of your Azure Active Directory (Azure AD) organization because you can't sign in for any reason.

    https://docs.microsoft.com/en-us/azure/active-directory/roles/security-emergency-access

    Let me know if you have any further questions.

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

     

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.