Azure login issue tenant lockout situation

Question

Azure login issue - tenant lockout situation where no other global admin in the tenant has the necessary admin rights to re-register MFA. I only get 2 options - get a notification on authenticator or enter the code. I do not get any notifications and the authenticator code is too long. I am completly locked out of my azure directory with my services.

Answer 1

Dear @sriharsh boddapati,

Good day! Welcome to Microsoft Q&A forum!

Based on your description, I understand that you’re experiencing an Azure login issue where you’ve become locked out of your tenant, and no other global admin has the required permissions to help re‑register your MFA. You’re only being offered two sign‑in options: receiving a notification through Microsoft Authenticator or entering a code, but you’re not receiving notifications, and the code provided is too long to use. As a result, you’re completely locked out of your Azure directory and the services tied to it.

I sincerely apologize for the inconvenience caused by this issue.

If you're the only admin, in this situation, the Microsoft Data Protection Team has tools and processes in place to verify identity and regain access to administrator accounts. 

Please note that we have no control over user accounts, especially when it comes to logging in to your account, resetting your password, changing your access, etc. 

Therefore, if you are the only administrator in your organization, then you need to involve Microsoft Data Protection Team. Please try to find the related hotline number to call the frontline let them raise a ticket for you: Customer service phone numbers - Microsoft Support (Scroll down for Business users) 

In some countries, this is an automated conversation: First, when you call the hotline, they will ask you what kind of problem you are struggling with. 

Answer: Authenticator. 

A: What products do you use? 

B: Office 365 for business. 

Verification: Education or company account? 

B: For companies 

A: Are you an administrator? 

B: Yes. 

A: Are there any other administrators in your organization? 

B: No. 

A: I need one.... Service request? 

B: Yes 

(Important Note: Sometimes, you would hear the computer-generated voice at first, please kindly wait for it to end, and if an agent is available, you would be directed to them and get your support. Depending on your country or region, when you call the support number, you may hear an introduction of about 30 seconds such as "You can visit the link...". You can ignore this introduction and wait until you are presented with the options. Then press "1" as a business email user, and again "1" for technical help.) 

As an alternative, you can create a new tenant account and submit your request from there.    

To set up a new tenant, please follow these steps: 

• Visit Compare Office 365 Enterprise Pricing and Plans | Microsoft 365, choose any plan and click try for free to start a free trial.    
• Follow the guided setup process to create a new account for a new tenant. 

Once your tenant is created, you should be able to access the support portal and submit your ticket referencing your locked account without further issues.

In the ticket's description, you could refer to this message "Hello,

I am currently locked out of my Microsoft 365 tenant because multi-factor authentication is enforced, and I am unable to complete the verification process. I am the only global administrator for this tenant, which means I cannot access my account or the Microsoft 365 Admin Center.

To resolve this, I have created a new tenant and would like to be connected with the Data Protection Team to verify my identity and assist with regaining access. I am available to provide any required documentation or verification to support the recovery process."

Ticket Support: Log in the Microsoft 365 Admin Center using the newly created trial admin account > Support > Help & Support. You can raise support ticket at: https://admin.microsoft.com/#/support/requests   

• After clicking on "Help & Support" button like this image, you can type "I need agent support via phone or email". After that, you can click on "Contact support" 
• Choose contact method: "Phone" 
• Fill all the information in this contact support details, please describe your situation carefully so they will have enough information to help you. 
• Finally, click on "Contact me" As an alternative, you can create a new tenant account and submit your request from there. 
• 
• 
• 
• 
• After completing them, you will receive an email appointment for a meeting to review this issue professionally together. 
• For more details, you could refer to this article: Get support for Microsoft 365 for business 

Please remember to cancel the trial subscription once your issue is resolved to avoid any unintended charges.

Note: After creating the support ticket, please kindly let me know the ticket number so I could also track its process to help you regain access to your account/tenant.

Kindly let me know when there are updates or if you need further assistance. Any updates you’re able to share would be really helpful.

I'm here and happy to help! Thank you for your kindness and patience!

---

If you have extra questions about this answer, please click "Comment". 

Note: Please follow the steps in [our documentation] to enable e-mail notifications if you want to receive the related email notification for this thread. 

Answer 2

This is a tenant lockout scenario where the only global admin is blocked by MFA and no other admin can reset it. In this situation, self-service options are no longer sufficient and recovery must go through Microsoft support (Data Protection / Tenant Recovery).

Use these steps depending on whether there is any other global admin:

1. If there is another global admin in the tenant
   • That admin signs in to the Azure portal and opens Microsoft Entra ID.
   • Go to Users → select the locked-out admin account.
   • Open Authentication methods and select Require re-register multifactor authentication.
   • Next time the locked-out admin signs in, the portal will prompt to set up MFA again, allowing registration of a new Authenticator instance or another method.
2. If there is no other global admin (only one global admin and it is locked out)
   • This is a tenant lockout. Microsoft must work directly with the global administrator to restore access.
   • Contact Microsoft support by phone and request escalation to the Data Protection or Tenant Recovery team. Use the regional phone numbers listed at Customer service phone numbers - Microsoft Support / Find Microsoft 365 for business support phone numbers by country or region.
   • When interacting with the automated system or first-line agent, clearly state:
     • The issue is Authenticator / MFA lockout.
     • The product is Office 365 / Azure for business.
     • It is a company/organization account.
     • You are the only global administrator and cannot access the admin portal to open a ticket.
     • You need a service request with the Data Protection team to reset MFA for the tenant admin.
   • Be prepared to provide tenant details (admin UPN, domain name, business information) so the Data Protection team can verify identity and ownership and then reset MFA registration on the admin account.
3. If the tenant is managed through a partner (GDAP / CSP)
   • If a partner has a GDAP relationship with appropriate roles (for example, Privileged Authentication Administrator or Global Administrator), they can reset passwords and MFA for users and help restore access without Microsoft needing to intervene.
   • If the partner does not have the necessary roles, they should still assist in contacting Microsoft support and opening a ticket on behalf of the tenant.
4. Preventing future lockouts once access is restored
   • Ensure the tenant has at least two global admin accounts with different credentials and MFA methods.
   • Create break-glass emergency accounts that are excluded from Conditional Access policies and have strong passwords, used only for emergencies.
   • Configure and test Self-Service Password Reset (SSPR) and keep recovery methods up to date.
   • Review GDAP roles and relationships so a partner can assist with MFA resets and password issues when needed.

In the current state (no other admin and only Authenticator options that no longer work), the only supported path is escalation through Microsoft support to the Data Protection/Tenant Recovery team to reset MFA on the locked-out global admin account.

---

References:

• Preventing tenant lockouts
• Mandatory multifactor authentication for Azure and admin portals
• You don't receive a text or voice call that contains the verification code for Microsoft Entra multifactor authentication
• "Activation failed" error when you try to set up Azure Multi-Factor Authentication
• "Account verification system is having trouble" error message when you try to sign in by using a work or school account
• Severity A Situation - Locked out of global admin account (MFA) - business down - Microsoft Q&A
• Global Admin Locked out - Microsoft Q&A
• I have a Micrsoft business account and I am the admin and the only user registered under this account. I can't log in because i have replaced my phone and the authenticator doesn't work. - Microsoft Q&A
• Requesting a Tenant Admin MFA Reset - Microsoft Q&A
• How Do I Regain Access to My Account After Losing Access to Microsoft Authenticator? (Urgent Request). - Microsoft Q&A