Regain Access to B2C Tenant with Orphaned MFA Device

Justin Trout 20 Reputation points
2024-03-12T15:19:04.6366667+00:00

I have a B2C tenant linked to my subscription that I lost access to, as it only had one administrator and that administrator's MFA device died and had to be replaced. I no longer need the B2C tenant, but I can't delete it because it has custom flows defined. There are two local users on that tenant, and I can still log in as one of them, but even making that account an owner on the Subscription doesn't provide me any access to the B2C tenant itself (I get the error: User Authorization: Access is denied. You must have one of the following user roles for access...).

Is there any way I can regain access to the tenant to clear it out so I can remove it?

Microsoft Entra External ID
Microsoft Entra External ID
A modern identity solution for securing access to customer, citizen and partner-facing apps and services. It is the converged platform of Azure AD External Identities B2B and B2C. Replaces Azure Active Directory External Identities.
2,636 questions
0 comments No comments
{count} votes

Accepted answer
  1. Akhilesh 4,690 Reputation points Microsoft Vendor
    2024-03-13T08:14:52.72+00:00

    Hi @Justin Trout

    Thank you for reaching out to the community forum!

    I’m sorry to hear that you are unable to access B2C tenant as the exclusive administrator had issue with the MFA access device.

    If you have one account with admin role and if you are blocked entirely, you can reach out to our support team. please refer the below article to get support numbers depending on your country.

    Global Customer Service phone numbers

    or creating a ticket through a different account with the tenant ID by inform them stating as that you are unable to access the B2C tenant due to loss of MFA device.

    Once the ticket is created with support team you will have to work with our data protection team and validate your identity against your tenant for security purpose, post which this team will help you on your issue.

    For the future, you can create an emergency access account (break glass) in Azure AD. This account will help prevent being accidentally locked out of your Azure Active Directory (Azure AD) organization because you can't sign in for any reason.

    Hope this helps. Do let us know if you any further queries.

    Reference: Microsoft support team

    Manage emergency access accounts in Microsoft Entra ID

    Thanks,

    Akhilesh.

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.


0 additional answers

Sort by: Most helpful