Lost Global admin privilege

Question

Hello there
I'm a global admin of my School, in the morning when i open Microsoft teams I found myself not admin and another account added to our school as a unique global admin, and now he started Changing the default domain
This is not the first time and I wonder when we raise a ticket to Microsoft It takes weeks to be solved How is this account control our school in a minute

Answer 1

Hi @Ashraf ADMIN,

Good day, and thank you for clearly outlining your concern.

The scenario you described - unexpectedly losing Global Administrator privileges, the appearance of an unfamiliar account assigned as the sole Global Administrator, and subsequent changes to the default domain - is a serious matter for any education tenant. The details you’ve provided are important and help indicate a potential security or tenant‑level compromise that requires immediate review.

In this situation, please use one of the options below to contact a Microsoft Support agent so the issue can be investigated promptly:

Option 1: Contact Microsoft Data Protection Support by Phone (Primary Method)  

To regain access to your admin account as you can't access the Admin Portal, you can try reaching out to our Global Customer Service phone to raise a request for resetting your authentication method here: Customer service phone numbers - Microsoft Support. During the call, request to speak to an agent, and share with them every detail related to your query and also mention that you are the only admin lost access to your account. This should allow you to contact the appropriate team so you can solve this incident as soon as possible. 

 

Here are some tips and an example of a prompt to help you navigate the IVR more effectively:  

(When you call the support number, you may hear an introduction of about 30 seconds such as "you can visit the link...". You can ignore this introduction and wait until you are presented with the options. Then press "1" as a business email user, and again "1" for technical help.)        

In some countries, it is an automated conversation like: 

IVR: What kind of problem are you concerned about?       

You: Lost Global admin privilege.   

IVR: What kind of product do you use?       

You: Office 365 for business.       

IVR confirmation: education or company account?       

You: For companies       

IVR: Are you an administrator?       

You: Yes.       

IVR: Do you have another administrator in your organization?       

You: No. 

IVR: Do you need a... Service request?      

You: Yes. I need to create a ticket. Please send me direct to the Data Protection Team.   

  

You will need to complete a tenant ownership verification with Microsoft’s Data Protection Team. This process generally involves submitting the following documentation:

 

• Proof of domain ownership, such as access to manage DNS records
• Billing or subscription information, including payment methods or account history
• The Tenant ID of the affected Microsoft 365 organization
• Official business registration documents
• Documentation confirming you are an authorized signatory for the business

Option 2: Create a Temporary Account (Trial Tenant) to Submit a Support Ticket (Alternative Method) 

If you still cannot reach to a live agent, there is still a workaround, you might consider registering for a new tenant by signing up for a trial subscription via this link Microsoft 365 Business Plans and Pricing | Microsoft 365. This would allow you to create a new tenant following the prompts provided. Once set up, you can access the admin console of the new tenant and submit a support ticket requesting to speak with the Data Protection team on behalf of your previous tenant.       

 

Please note that forum moderators do not have access to user account settings and cannot assist with logging in, resetting passwords, or changing access rights. While we do not have access to internal systems or administrative tools required to resolve account-specific or backend-related issues but we’ll continue doing our best to support you within the scope of our responsibilities.   

 

Please remember to cancel the trial subscription after your issue is resolved, as this will help you avoid any accidental billing. You may prefer the following resource for detailed instructions: Cancel your Microsoft business subscription in the Microsoft 365 admin center | Microsoft Learn

 

I hope this guidance helps you regain access as quickly as possible. Please try the steps and let me know whether they resolve the issue. If the problem persists, we can work together to find a solution.  

As other users will also search for information in this community, your vote can significantly help those with similar inquiries quickly locate the most relevant resources. 

Thank you for your kindness and for contributing to the forum.   

---

If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".       

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread. 

Answer 2

This situation indicates that another account has been granted (or has taken over) the Global Administrator role in the tenant and removed that role from the existing admin. Because global admins have full control, this can be done very quickly once an attacker or unauthorized person gains access.

From the provided information, the supported actions are:

1. Immediately escalate to Microsoft Support / Data Protection
   Because the Global Administrator role has been taken over and you no longer have admin rights, this is effectively a tenant-compromise / lockout scenario. It must be handled by Microsoft’s Data Protection / Tenant Recovery team via a support ticket or phone escalation.
   If you cannot open a ticket from the affected tenant (because you no longer have admin rights), use one of these patterns from similar cases:
   • Call the Microsoft global customer service phone number for your region and clearly state:
     • The issue is with a Microsoft 365 for education / school tenant.
     • You are (or were) the Global Administrator.
     • Another account has become the only Global Administrator and removed your admin role.
     • You suspect compromise or unauthorized changes (default domain being changed, etc.).
     • You need to be routed to the Data Protection / Tenant Recovery team.
   • If your school’s subscription is through a partner or reseller, ask the partner to open a service request with Microsoft on your behalf, explicitly for tenant admin takeover / recovery.
   • As a fallback, you can create a separate trial tenant (as described in similar MFA‑lockout cases) only to get into an admin center and open a support ticket that references your real school tenant and explains that it has been taken over.
2. Explain clearly that this is a security / takeover incident
   When talking to support, emphasize:
   • You previously held Global Administrator rights.
   • A new, unknown or unauthorized account is now the only Global Administrator.
   • The new admin is changing core tenant settings (such as the default domain).
   • This is impacting a school / education environment. This helps ensure the case is treated as a security and data‑protection issue, which is handled by specialized teams (as in the referenced tenant‑lockout and MFA‑loss cases).
3. Expect identity and ownership verification
   The Data Protection team will require proof that the school/tenant belongs to your institution (business documentation, domain ownership, etc.). This is by design and is the same process used when a sole global admin is locked out or when MFA is lost.
4. After recovery, harden admin accounts
   Once Microsoft restores proper control:
   • Ensure there are at least two trusted Global Administrators and/or emergency access accounts, as recommended for admin security, so that one compromised account cannot completely lock out the organization.
   • Apply the principle of least privilege: only assign Global Administrator where strictly necessary; use more limited roles for routine tasks.

Because the ability to “control your school in a minute” comes from the power of the Global Administrator role, the only supported remediation path in this scenario is working with Microsoft Support / Data Protection to recover the tenant and then tightening admin security and role assignments.

---

References:

• Admin account security in Microsoft 365 for business
• Assign admin roles in the Microsoft 365 admin center
• Situation - Locked out of global admin account (MFA) - business down - Microsoft Q&A
• Global Admin Locked out - Microsoft Q&A
• I have a Micrsoft business account and I am the admin and the only user registered under this account. I can't log in because i have replaced my phone and the authenticator doesn't work. - Microsoft Q&A
• Requesting a Tenant Admin MFA Reset - Microsoft Q&A
• Microsoft authenticator sending me into a spiral - Microsoft Q&A
• How do I find my Microsoft 365 admin?
• Find the administrator for your work or school account