Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,630 questions
Azure locked out after enabled CA with Authenticator for all users
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(281.6, 90%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EL%3C/text%3E%3C/svg%3E)
Loop
0
Reputation points
Hello,
We have created an Azure tenant to test conditional access. I registered a new policy that enables the authentication strength of conditional access with Authenticator for all cloud applications but when I try to connect, I get this message “Additional connection methods are required to access this resource. Contact your administrator to enable these methods". The problem is that I've enabled this policy for all users, including the administrator. So we're blocked, but I don't understand why when I ask to connect, the page doesn't ask me to open Authenticator, why this method isn't activated by default when we choose it, it's weird. Have I forgotten to configure something? And what's my solution for reconnecting? (We forgot to create an break glass account).
{count} votes
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(83.2, 9%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EP%3C/text%3E%3C/svg%3E)
Paroksh 0 Reputation points2024-06-06T09:11:18.1266667+00:00 If you're locked out of your Azure environment after enabling Conditional Access with Authenticator for all users, follow these steps:
Global Administrator Account: Use a Global Administrator account not affected by the policy to modify or disable it.
Break Glass Account: Log in with a break glass account (Global Administrator excluded from Conditional Access policies) to make changes.
PowerShell or Azure CLI: If the portal is inaccessible, use PowerShell or Azure CLI to disable the Conditional Access policy.
Sign in to comment