Share via

Global Admin Account Issue

Omega Dispatching Ops 0 Reputation points
2026-04-09T13:04:08.5433333+00:00

My global admin account for Outlook is locked behind a broken two‑step authentication loop. I need to transfer global admin rights to<pii removed>. I am the owner of this company and these accounts. Please give me a call. Thank you

Microsoft Security | Microsoft Entra | Microsoft Entra ID
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Q&A Assist
    2026-04-09T13:04:28.2566667+00:00
    AI generated content. This question contains an answer created with AI from Q&A Assist. Learn more

    A call cannot be placed, but there are supported ways to regain access and then transfer Global Administrator rights.

    Because the current Global Admin account is locked behind a broken two‑step verification loop and there is no other admin available, this is treated as a tenant lockout scenario. In this case, only Microsoft’s Data Protection team can restore access or reset the admin’s authentication methods.

    Follow these steps:

    1. Contact Microsoft support and reach the Data Protection team
      • Use the regional phone number listed under Customer service phone numbers - Microsoft Support.
      • When the automated system asks what the problem is, answer along these lines (based on the documented flow):
        • Problem: say “Authenticator” or “two-step verification”.
        • Product: “Office 365 for business” or “Microsoft 365 for business”.
        • Account type: “Company account”.
        • Are you an administrator?: “Yes”.
        • Are there any other administrators?: “No”.
        • When asked if a service request is needed: “Yes, I need to create a ticket and speak with the Data Protection team.”
      • Clearly state that:
        • You are the only Global Administrator.
        • You are locked out due to two‑step verification / Microsoft Authenticator.
        • You need admin access restored so you can manage the tenant and transfer Global Admin rights.
      • The Data Protection team has specific tools and processes to verify identity and restore access when the sole Global Admin is locked out.
    2. Alternative path if phone support is difficult to reach
      • If support cannot be reached directly from the locked tenant, create a temporary trial tenant as documented in the Q&A guidance:
        1. Sign up for a Microsoft 365 trial (business/enterprise) to create a new tenant.
        2. Sign in to the new tenant’s Microsoft 365 admin center.
        3. Go to Support → Help & support and open a ticket.
        4. In the ticket, clearly state that:
          • You are contacting support from a temporary trial tenant.
          • You are locked out of a different, existing Microsoft 365 tenant where you are the only Global Admin.
          • Provide the locked tenant’s domain and admin UPN, and describe the MFA/two‑step issue.
          • Request escalation to the Data Protection team to restore access to the original tenant.
      • This trial tenant is only a channel to reach support; it does not give access to the original tenant’s data.
    3. After access is restored Once the Data Protection team has helped you sign back in as Global Admin on the original tenant:
      1. Sign in to the Microsoft 365 admin center for the original tenant.
      2. Add the new account (for example, the @OmegaDispatchingOps.com user) as a user if it does not already exist.
      3. Assign the Global Administrator role to that user:
        • Follow the steps in Add an administrator from the admin roles documentation.
      4. Verify that the new Global Admin can sign in and has access.
      5. Optionally, reduce privileges on the original account if desired, following the least privilege principle.
    4. Prevent future lockouts
      • Create at least two emergency access (“break glass”) accounts that:
        • Are assigned the Global Administrator role.
        • Are not tied to specific individuals and are used only in emergencies.
        • Are excluded from MFA policies and protected with long, complex passwords.
      • This ensures that if a primary Global Admin is locked out by MFA again, emergency accounts can be used to recover access.

    If the organization already has another Global Admin, that admin can instead sign in and reset the locked admin’s password or MFA methods directly, without needing Data Protection.

    References:

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.