I defederated my owner account with GoDaddy and forgot to set the password, and now I cannot login

Question

As the title suggests, originally I was using the federated services for my domain blakehwang.com, which was registered through GoDaddy with the office365 subscription package.

However, I wanted to create accounts through the Azure portal that does not use the onmicrosoft.com domain, but rather, use my custom domain. So I decided to defederate it in order to use it as my Primary domain.

I should've set the password for the account and provider/provision licensing to have a landing page to login to, however, I forgot to do so.

Now I can't login to my Owner account, and can't even reset my password because self-password service isn't configured.

Also this is my only account for the azure portal, meaning I do not have any other admin accounts I can login through in order to set passwords and such.

Is there a way to solve this issue?

The Powershell cmdlet I used was as follows:

Write-Host "Checking for MSGraph module..."

$Module = Get-Module -Name "Microsoft.Graph.Identity.DirectoryManagement" -ListAvailable

if ($Module -eq $null) {
    
        Write-Host "MSGraph module not found, installing MSGraph"
        Install-Module -name Microsoft.Graph.Identity.DirectoryManagement
    
    }
Connect-MgGraph -Scopes "Directory.Read.All","Domain.Read.All","Domain.ReadWrite.All","Directory.AccessAsUser.All"
#Enter the Admin credentials from "Become a tenant Admin in GoDaddy"
 
Get-MgDomain
#See that the domain is “federated”#

Update-MgDomain -DomainId "<InsertFederatedDomain>" -Authentication Managed

Answer 1

@Blake Hwang

In this situation since you only have one admin account or If you are the only global admin on the account and are blocked entirely, you can reach out to our support team. You can look into below article to get support numbers depending on your country.

https://support.microsoft.com/en-us/topic/global-customer-service-phone-numbers-c0389ade-5640-e588-8b0e-28de8afeb3f2

or creating a ticket through a different account:  https://learn.microsoft.com/en-us/microsoft-365/admin/get-help-support?view=o365-worldwide#phone-support

Create a ticket with Microsoft support team. Give them the tenant ID which is locked out in your description. Tell them that no admin account has access anymore and your partners also have no access anymore.

Once you create a ticket with support team you will have to work with our data protection team. You will have to first prove your identity against your tenant for security purpose. Post that this team will help you with help you in getting access to your tenant or unlock your account depending on your scenario.

Also, for the future, you can create an emergency access account (break glass) in Azure AD. This account will help prevent being accidentally locked out of your Azure Active Directory (Azure AD) organization because you can't sign in for any reason.

https://docs.microsoft.com/en-us/azure/active-directory/roles/security-emergency-access

Problems with two-step verification for Azure B2C accounts - Microsoft Q&A

Let me know if you have any further questions.

Please "Accept the answer" if the information helped you. This will help us and others in the community as well.