![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(60.8, 66%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESV%3C/text%3E%3C/svg%3E)
Microsoft Security | Microsoft Entra | Microsoft Entra ID
A cloud-based identity and access management service for securing user authentication and resource access
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(220.8, 92%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESM%3C/text%3E%3C/svg%3E)
For a tenant lockout where the only global admin is blocked by MFA and self-service options do not work, the issue must be handled by Microsoft’s Data Protection team through a support ticket. Forum moderators and standard support channels cannot directly reset MFA or unlock the tenant.
Use these steps, based on the documented and recommended process:
- Call Microsoft global customer service for business support
- Use the official regional phone numbers listed here: Customer service phone numbers - Microsoft Support (linked from the context below).
- This route is required because only the Data Protection team can verify identity and reset admin MFA when there is no other admin.
- When interacting with the IVR/AI phone agent
- Clearly state the following to get routed correctly:
- Problem type: “Authenticator” or “Multi-factor authentication”
- Product: “Office 365 for business”
- Account type: “Company account” (not personal, not education)
- Role: “I am the global administrator”
- Other admins: “There are no other administrators in my organization”
- Request: “I need to create a service request and speak with the Data Protection team to reset my MFA / authenticator because I am locked out of my tenant.”
- If the IVR offers options, choose business/technical support and keep repeating that this is a tenant admin MFA lockout and that only Data Protection can help.
- Clearly state the following to get routed correctly:
- If still unable to reach a human agent
- Create a temporary trial tenant and open a support ticket from there, as recommended in the context:
- Sign up for a Microsoft 365 trial tenant (any business/enterprise trial plan).
- Go to
https://admin.microsoft.comfor the new tenant. - In the left navigation, go to Support → Help & support.
- Open a new support request and clearly state:
- This new tenant is only for contacting support.
- The locked tenant’s domain name and admin UPN.
- That this is a tenant lockout and you are the only global admin.
- That you need the Data Protection team to reset MFA / authenticator for the original tenant.
- Be prepared to provide business documentation and verification details when Data Protection contacts you.
- After resolution, cancel the trial subscription on the temporary tenant to avoid charges.
- Create a temporary trial tenant and open a support ticket from there, as recommended in the context:
- What cannot be done
- Public forums, community moderators, and standard front-line agents cannot bypass MFA or directly unlock the tenant.
- MFA reset for the only global admin is not something that can be performed through self-service or normal support escalation; it must go through Data Protection with identity verification.
Following the above path (phone to Data Protection, or trial-tenant ticket to Data Protection) is the supported way to get a human to remove the MFA lock and restore access to the tenant.
References:
- Common problems with two-step verification for a work or school account
- Use a screen reader to set up and troubleshoot multifactor authentication
- "Account verification system is having trouble" error message when you try to sign in by using a work or school account
- Preventing tenant lockouts
- I have a Micrsoft business account and I am the admin and the only user registered under this account. I can't log in because i have replaced my phone and the authenticator doesn't work. - Microsoft Q&A
- Requesting a Tenant Admin MFA Reset - Microsoft Q&A
- Locked out of my Outlook account and recovery options not working - Microsoft Q&A
- Severity A Situation - Locked out of global admin account (MFA) - business down - Microsoft Q&A
- Microsoft Authenticator app doesn't show 6-digit OTP code - Microsoft Q&A