Admins Accounts got locked out due to a Conditional Access


Hi All,

I am having the worst experience with the Microsoft data protection team. On Sunday, the tenant admins’ accounts got locked out due to conditional access. We went through the verification, sent the error message email and called everyone, and the problem still hasn’t been resolved. Today is Wednesday, and everything has been on hold, I have explained the urgency several times with nothing done at all! Is this normal ?????????
And when can I get my access back, or is this the end?

Posted by Emad Akl in HTMD FB Group

Answer ( 1 )

  1. Replied by Sanjay Mittal

    How on earth can you lock yourself out? The first rule for using CA is having a breakglass account in the exclusion list. Microsoft is not to blame. CA warns you to exclude admin every time you make changes. Microsoft needs to ensure you are not pretending to be an admin. Good luck

    Replied by Billy Cross

    Sorry to hear this. I would take this situation to be a lesson learned on why break glass accounts are so important. In reality, it will take you about a week of being up your CSP’s butt to get this taken care of. The best lessons are always learned the hard way.

    Replied by Keyur Shah

    Well, before you apply Conditional access, it warns you. Also, you should have 2 to 3 global admins.
    Also, all admins are defaulted to MFA.
    You should have a break glass account as well.
    Not sure where it went wrong.
    It is really hard to lock out of a tenant.

Leave an answer

Sorry, you do not have permission to answer to this question .