Share via

[Microsoft Entra] - I accidentally change my only user type to 'internal'

HoangGiang 20 Reputation points
2025-06-09T03:35:10.4266667+00:00

I accidentally change my only user type to 'internal' ,

After that I cannot undo, and not able to access Microsoft Entra ID menu at all.

Even if I call the support center in my country, Vietnam (1800400470). It seems the guider didn't know what the technical issue is.

Could I have another way to resolve my issue?

Many thanks

Microsoft Security | Microsoft Entra | Microsoft Entra ID
0 comments
Accepted answer
  1. SUNOJ KUMAR YELURU 15,491 Reputation points MVP Volunteer Moderator
    2025-06-09T06:27:00.4966667+00:00

    Hello @HoangGiang

    Changing a user's type to "internal" likely altered their permissions within the Entra ID environment. If the only administrator account was modified in this way, it could remove the necessary privileges to manage Entra ID settings, effectively locking you out. Access control in Entra ID is role-based, and incorrect role assignments can lead to loss of administrative privileges.

    Since the standard support channel in your country was unable to resolve the issue, here are alternative steps you can try:

    • Escalate through Microsoft Support: Even though the initial support call wasn't helpful, try escalating the issue. Request to speak with a Tier 2 or higher support engineer who specializes in Microsoft Entra ID administration. Clearly explain the situation: you accidentally changed the only admin account to "internal" and are now locked out.

    support numbers depending on country

    1. Simillar error

    The selected user account does not exist in the "Microsoft Services" tenant and cannot access the application "...26e160ff0fc6". First, the account needs to be added as an external user in the tenant. Use a different account.

    Could you try logging in with a private browsing session if you've been able to login before?

    1. Error AADSTS50020 - User account from identity provider does not exist in tenant

    If this answers your query, do click Accept Answer and Up-Vote for the same. And, if you have any further query do let us know.

    0 comments

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Jade-T 1,565 Reputation points Microsoft External Staff Moderator
    2025-06-09T06:53:04.1266667+00:00

    Hi @HoangGiang

    Thank you for your message. Based on your description, it appears that your only user in Microsoft Entra ID was mistakenly changed to type "Internal", resulting in the loss of administrator access to the Entra ID portal. Unfortunately, this change cannot be reversed manually through the portal when no admin access remains. 

    To help us guide you to the most effective support channel, please first try logging into the Microsoft 365 Admin Center and please attempt to sign in using the affected account

    Once you try, please let me know your result: 

    • Can you successfully sign in to the Microsoft 365 Admin Center (even if you're restricted from certain menus)? 
    • Or are you completely unable to sign in (e.g., you get an error message immediately)? 

    Your ability to log in will determine the fastest path to getting your admin access restored. 

    If you can sign in to the Microsoft 365 Admin Center (even if restricted): 

    This is the most direct way to get help. Please follow these steps to raise a support ticket: 

    1. Once signed in to Microsoft 365 Admin Center, click Help & support  
    2. In the search bar, enter: “Lost global admin access” 
    3. Select “Contact Support” and submit a request. Clearly state your Global Admin account type changed to 'internal' locking you out and ask for Global Admin access to be restored. 

    If you cannot sign in to the Microsoft 365 Admin Center at all: 

    If you are completely locked out, you have two options to contact Microsoft Support: 

    1. From a Different Microsoft 365 Tenant (if available): 

    If you have access to another Microsoft 365 tenant (e.g., a different organization), raise a support ticket from there. Explain you're contacting for a different tenant (provide its domain name) about the admin lockout issue (Global Admin changed to 'internal'). You'll still need to verify ownership of the locked-out tenant. 

    2. Call Microsoft Support Again (If no other tenant is available): 

    We understand it’s frustrating to call support again — especially after a previous attempt didn’t resolve the issue. However, if you are completely locked out and have no access to another tenant, this remains a necessary step to initiate the recovery process. 

    When you call Microsoft Support, please be persistent and clearly explain the following: 

    • You have a Microsoft Entra ID (Azure AD) admin lockout. 
    • Your Global Administrator account was accidentally changed to ‘Internal,’ and you cannot sign in or manage anything. 
    • You need to speak with an Entra ID / Azure AD / IAM specialist who handles admin account recovery or tenant takeover. 

    If you need help preparing this information or would like assistance navigating the support process, please don’t hesitate to reach out. We’re here to support you every step of the way. 

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".   

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread 

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.