Share via

Facing a Microsoft 365 tenant lockout issue

Khaja Gulam Nabi 0 Reputation points
2026-05-04T21:06:43.1066667+00:00

Facing a Microsoft 365 tenant lockout issue:

  • All admin roles are now assigned to a single account that is no longer accessible

No current user has Global/Admin privileges

Unable to access Admin Center, reset passwords, or assign roles

Support options are blocked due to lack of admin access

Questions:

Any way to recover Global Admin access without existing admin credentials?

Best method to reach Microsoft support in a tenant lockout scenario?

Is there any recovery path via Entra ID for non-admin users?

Microsoft 365 and Office | Subscription, account, billing | For business | Windows
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Ruby-N 10,925 Reputation points Microsoft External Staff Moderator
    2026-05-04T21:32:28.7766667+00:00

    Dear @Khaja Gulam Nabi

    Thank you for taking the time to share your experience. I hope this response reaches you in time and helps bring some clarity. 

    I’ve gone through your description, and I’m sorry to hear about the difficulty you are experiencing when trying to access the admin account. Please know that you’re not alone, as many users encounter similar challenges. 

    Unfortunately, forum moderators do not have the ability to access, modify, or recover user accounts. Due to security and privacy requirements, issues such as sign in failures, password recovery, and multi-factor authentication can only be addressed by Microsoft’s dedicated support teams, who have the appropriate tools and authorization to manage account level settings securely. 

    These scenarios require identity validation and tools that are strictly handled by dedicated support teams for security reasons. Since the only administrator account of your tenant is currently unable to sign in, the next essential step is to involve the Microsoft Data Protection team, as they are the only team authorized to help recover an admin account in these circumstances. You can start by calling your regional Microsoft support hotline here: Customer service phone numbers - Microsoft Support    

    During the phone call, you will need to provide the information associated with your subscription, such as your company name, billing details, phone number, and an alternate email address, etc. This information allows the Data Protection team to verify your identity and securely assist you in regaining access to your administrator account.       

    In some regions, the initial interaction may be automated, so here’s a general idea of how the conversation might go to help you prepare:      

    Here are some tips and an example of a prompt to help you reach out the Microsoft Data Protection team support more effectively:   

    (When you call the support number, you may hear an introduction of about 30 seconds such as "you can visit the link...". You can ignore this introduction and wait until you are presented with the options. Then press "1" as a business email user, and again "1" for technical help.)         

    In some countries, it is an automated conversation like:  

    IVR: What kind of problem are you concerned about?        

    You: Authenticator.        

    IVR: What kind of product do you use?        

    You: Office 365 for business.        

    IVR confirmation: education or company account?        

    You: For companies        

    IVR: Are you an administrator?        

    You: Yes.        

    IVR: Do you have another administrator in your organization?        

    You: No.        

    IVR: Do you need a... Service request? 

    You: Yes. I need to create a ticket. Please send me directly to the Data Protection Team. 

    I truly hope this helps you regain access to the admin account quickly. Even though I can't directly intervene, directing you to the correct and specialized support is the most effective help I can provide from my position.  

    Thank you for your kindness and contributions to the forum. 

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have any extra questions about this answer, please click "Comment".            

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread. 

    0 comments
  2. Q&A Assist
    2026-05-04T21:06:58.4133333+00:00
    AI generated content. This question contains an answer created with AI from Q&A Assist. Learn more

    There is no way for end users to self‑restore Global Administrator rights when no working admin account remains. Recovery must go through Microsoft support and formal identity verification.

    1. Recovering Global Admin access without existing admin credentials
    • If there is any other Global Administrator (including a partner with GDAP and appropriate roles), that account must sign in and:
      • Promote a user to Global Administrator, or
      • Reset the locked‑out admin’s password/MFA.
    • If no other Global Administrator exists or is accessible, recovery can’t be done by configuration alone. Microsoft’s Data Protection team must verify tenant ownership and then help reset an admin account or credentials.
    • For standard Microsoft 365 tenants, the documented path is to open a support ticket so the Data Protection team can:
      1. Reset credentials of an administrator account, or
      2. Help claim ownership of the tenant.
    1. Best method to reach Microsoft support in a tenant lockout scenario

    When no admin can sign in to open a ticket from the tenant:

    • Use public Microsoft 365 support channels:
      • Go to the Microsoft 365 support page and choose the “I can’t sign in or access my tenant” path, or
      • Call Microsoft using the regional phone numbers listed on the Microsoft 365 for business support page.
    • Clearly state that this is a tenant lockout and that there is no working Global Administrator.
    • Be prepared to provide identity and ownership proof (for example, business documentation, domain ownership, nonprofit registration if applicable).
    • If the tenant is managed by a Microsoft partner, contact the partner and ask them to open a service request on your behalf (if they have the required GDAP roles such as Service Support Administrator).

    If the tenant is locked due to inactivity (AADSTS5000225), it can only be unblocked if it has been blocked for less than 20 days; after that, the tenant is permanently deleted and cannot be recovered.

    1. Recovery path via Entra ID for non‑admin users
    • Non‑admin users cannot directly promote themselves or others to Global Administrator.
    • Self‑Service Password Reset (SSPR) and Microsoft Entra ID account recovery are designed to restore access to existing accounts, not to grant admin roles where none are available.
    • In scenarios where:
      • All Global Admins are locked out, and
      • No partner with appropriate GDAP roles can help, the only supported path is to contact Microsoft support so the Data Protection team can verify identity and restore an admin account.

    Summary:

    • There is no self‑service way for non‑admins to regain Global Admin when all admin access is lost.
    • Use Microsoft 365 support (web or phone) and clearly indicate a tenant lockout with no Global Admin.
    • If applicable, involve any managing partner with GDAP to open a support request on your behalf.

    References:

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.