![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(28.799999999999997, 26%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECB%3C/text%3E%3C/svg%3E)
Microsoft Security | Microsoft Entra | Microsoft Entra ID
A cloud-based identity and access management service for securing user authentication and resource access
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(201.6, 99%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ER%3C/text%3E%3C/svg%3E)
To restore tenant access and reassign the Global Administrator role when the current admin account cannot authenticate, the request must go through Microsoft support and the Data Protection team. Community or forum responders cannot change roles or access.
Use the appropriate path based on the situation:
- If at least one other Global Administrator still has access
- Sign in to the Microsoft 365 or Microsoft Entra admin center with that admin account.
- Assign the Global Administrator role to the newly appointed admin account.
- If the locked-out admin only forgot the password (and SSPR is enabled), they can reset it via the self-service password reset page for work or school accounts: https://passwordreset.microsoftonline.com/.
- If no Global Administrator can sign in (single-admin tenant lockout, MFA or password issue)
- This is a tenant lockout scenario. Only Microsoft’s Data Protection team can restore access.
- Call Microsoft global customer service and ask to open a service request for a tenant admin lockout and MFA/password reset. Use the regional phone number listed under Customer service phone numbers - Microsoft Support.
- When the IVR asks, clearly indicate:
- The problem: “Authenticator” or “lost account / can’t sign in as global admin.”
- Product: “Office 365 for business / Microsoft 365 for business.”
- Account type: “Company account.”
- Role: Confirm being the tenant’s only Global Administrator.
- Request: Creation of a ticket and escalation to the Microsoft Data Protection team to restore admin access and allow reassignment of Global Administrator to the new admin account.
- Be prepared to provide identity and tenant verification as requested by the Data Protection team.
- If support channels are blocked because no one can sign in and phone support is hard to reach
- As a workaround, create a temporary trial Microsoft 365 tenant (separate from the locked tenant).
- Sign in to the new tenant’s Microsoft 365 Admin Center and go to Support → Help & support.
- Open a ticket explaining that the real issue is a lockout from a different existing tenant where the requester is the Global Administrator, and request connection to the Data Protection team to:
- Verify identity and admin rights for the original tenant.
- Reset authentication for the locked admin or directly enable assignment of Global Administrator to the new admin account.
- If the issue is only a forgotten password (no MFA problem)
- For work or school accounts without admin rights: ask an existing admin to reset the password or enable self-service password reset.
- For admins: if an alternate email and phone were configured, use self-service password reset; otherwise, another admin must reset the password, or, if the admin is the only one, contact Azure/Microsoft 365 support as above.
All role changes (including assigning Global Administrator to the new admin account) must be performed either by an existing Global Administrator or by Microsoft support after identity verification. Reference the existing case number 2603270010000453 when speaking with support so they can continue work on the same incident.
References:
- Troubleshoot sign-in issues and account access problems
- Solve account access problems
- Forgot password to sign in to Microsoft 365, Intune, or Azure
- Common problems with two-step verification for a work or school account
- Severity A Situation - Locked out of global admin account (MFA) - business down - Microsoft Q&A
- I have a Micrsoft business account and I am the admin and the only user registered under this account. I can't log in because i have replaced my phone and the authenticator doesn't work. - Microsoft Q&A
- Requesting a Tenant Admin MFA Reset - Microsoft Q&A
- I cant log in to my business account because it is requiring Authenticator app which I do not have - Microsoft Q&A
- Microsoft authenticator sending me into a spiral - Microsoft Q&A