Response Times for Data Protection Team on MFA Lockout

Peter Buck 35 Reputation points
2024-01-08T23:28:52.0566667+00:00

We have a small customer Azure tenant that relies on email for all their business $. The admin lost their iphone and did not have a backup of Authenticator. The only admin account is MFA protected. At this point they cannot login to view email or to turn off MFA.

A ticket was submitted 8 days ago, that was escalated to Data protection team to turn-off MFA on the tenant. No response for 8 days and no access to email for the customer. Any suggestions on how to get a fire lit under the data protection team to just turn off MFA so we can recovery the tenant and move on?

Microsoft Security | Microsoft Entra | Microsoft Entra ID
{count} votes

Accepted answer
  1. Sandeep G-MSFT 20,911 Reputation points Microsoft Employee Moderator
    2024-01-09T12:04:16.16+00:00

    @Peter Buck

    If you are the only global admin on the account and are blocked entirely, you can reach out to our support team. You can look into below article to get support numbers depending on your country.

    https://support.microsoft.com/en-us/topic/global-customer-service-phone-numbers-c0389ade-5640-e588-8b0e-28de8afeb3f2

    or creating a ticket through a different account:  https://learn.microsoft.com/en-us/microsoft-365/admin/get-help-support?view=o365-worldwide#phone-support

    You can also try to contact them through phone via #866-807-5850

    Create a ticket with Microsoft support team. Give them the tenant ID which is locked out in your description. Tell them that no admin account has access anymore and your partners also have no access anymore.

    Once you create a ticket with support team you will have to work with our data protection team. You will have to first prove your identity against your tenant for security purpose. Post that this team will help you with help you in getting access to your tenant or unlock your account depending on your scenario. 

    Also, for the future, you can create an emergency access account (break glass) in Azure AD. This account will help prevent being accidentally locked out of your Azure Active Directory (Azure AD) organization because you can't sign in for any reason.

    https://docs.microsoft.com/en-us/azure/active-directory/roles/security-emergency-access

    Let me know if you have any further questions.

     Please "Accept the answer" if the information helped you. This will help us and others in the community as well.


0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.