365, the only admin, locked out
Posted by DontSeekTheTreasure@reddit | sysadmin | View on Reddit | 56 comments
Hi there, I’m locked out of my 365 business account, I’m the only admin. Any support I can find, redirect me to the password reset page, which will authenticate my email, but won’t authenticate my phone number. I don’t know why this is.
I managed to get a support ticket, but have not managed to get escalated.
Is there someone here, who could escalate my ticket through their admin portal, if I gave them a ticket number?
SuperScott500@reddit
Whoops. I’ve actually been proofing against this the last few weeks along with pulling permissions from my licensed account.
flsingleguy@reddit
Use the break glass account
chesser45@reddit
Nope. Will take the time it takes unless you have an AM or CSP you can reach out to.
DontSeekTheTreasure@reddit (OP)
Thanks. I’m not a sysadmin– what is an AM or CSP? I can look up a brake glass account myself.
chesser45@reddit
Account manager if you were a larger customer or CSP if you worked through a reseller or Managed Services Provider.
SquizzOC@reddit
Just a side note, we submit tickets and “escalate” but it does absolutely nothing sadly. When every ticket is escalated, no ticket is :/
czj420@reddit
Do the needful
My_Non_Throwaway@reddit
Oh you mean run sfc /scannow
chesser45@reddit
It depends on how much pull you have. We moved from Premier to CSP because of the stupid pricing model of unified support and while the support is generally the same middling quality, not having a dedicated support account exec has hurt a couple times. Not worth the hundreds of thousands or so that unified is.
Microsoft really were playing 4d chess when they scaled unified pricing to customer spend. 🫠
SquizzOC@reddit
I’m a VAR, that has a whole practice and escalation does nothing. I mean it’s marked escalated, but Microsoft doesn’t care.
chesser45@reddit
Fair. We’ve been able to pull on our Exec in the past for resources but idk what that looks like on the backend.
redvodkandpinkgin@reddit
AFAIK it's business as usual at the cheap contractors' offices, they are trying to integrate copilot from the top but it's not really been too successful so far. Documentation is not good enough to train it I assume, I left a couple years ago and 90% of the answers were hallucinations.
Prophage7@reddit
Pretty sure Microsoft's entire support team is now just 5 guys running a CoPilot call center.
catherder9000@reddit
Call 1-800-642-7676 and ask them to transfer you to Data Protection support. As long as you can provide all the correct information for your account(s), they will have you back online in minutes. (Usually)
These guys deal with identity whereas support does not.
AheadEmu@reddit
call microsoft support directly and tell them youre locked out of your only admin account theyll escalate faster than the ticket system and yeah youre gonna need a break glass account once this gets sorted
DontSeekTheTreasure@reddit (OP)
Thanks, but the support line in my region as an automated response, that simply redirect me back to the password reset page. I found the US1 800 support number, but I can’t dial it from NZ.
AheadEmu@reddit
that sucks the regional lines are useless for this stuff but you can use skype or google voice to call the us number from nz and theyll actually pick up faster than waiting for a callback
Adam_Kearn@reddit
Google voice is a good option for this. You could even order a UK/US PAYG SIM and just have it shipped to your location.
Then call out on that number after loading some credit on it
Tr1pline@reddit
How is this a weekly post.
Break2FixIT@reddit
Because orgs pay people who do not sysadmin to be sysadmin and when it finally hits the fan it is a way to push blame.
krilu@reddit
To be fair, that is how everyone becomes a sysadmin
AntonOlsen@reddit
Hey you, you know computers, right? Great you're now our IT guy.
35 years later...
Raymich@reddit
Cowboys
krilu@reddit
Indians
cryonova@reddit
We bought into the Microsoft Dart Agreement just for this
music2myear@reddit
Lots of good advice here already, here's my two cents: For your account phone number do NOT use any sort of VOIP number, this includes Google Voice numbers.
A normal mobile phone number or landline is your best bet. I've had a Google Voice number since before Google owned it (Grandcentral, very early 2000s). It has been demonstrably mine (used in accounts and online stuff) for all that time, well more than 20 years now. But most online services will not allow this number for account validation, especially the big sites and brands.
peoplepersonmanguy@reddit
If you're in Australia I can help.
DontSeekTheTreasure@reddit (OP)
Thanks, but I’m in NZ
ElevatorFar102@reddit
Take a big breath and think clearly and with logic before you give any amount of access to a random person on the internet.
peoplepersonmanguy@reddit
I could potentially still help, feel free to DM me. I can log a ticket as a partner and advise I'm trying to help recover your domain.
You will need access to make changes to your DNS.
LazyTech8315@reddit
That sounds like abandoning the 365 tenant and all data. This should be a last resort.
peoplepersonmanguy@reddit
No, Microsoft will want a specific text record added for proof of domain ownership.
Maybe just don't comment if you have no idea?
LazyTech8315@reddit
I didn't come here for rude people, but thanks.
peoplepersonmanguy@reddit
You just came to comment where you have no clue.
LazyTech8315@reddit
Yes, of course. /s 🤦♂️
You said you could help recover the DOMAIN, not the TENANT. My bad, I took you at face value.
Assuming you intended a different approach than a direct read of your comment suggests, it sounds like you are correct. Technical expertise can be had by unkind people. By the same token, being kind doesn't mean you suddenly lose all technical literacy.
Regardless, thank you for introducing this as a recovery idea in case it's ever needed.
isbBBQ@reddit
No he didn’t?
Can’t you read?
And then you go on to say that he is rude lol
LazyTech8315@reddit
...
isbBBQ@reddit
Have you heard about context?
peoplepersonmanguy@reddit
Receiving technical support from this guy would be a puuuunish.
BlackV@reddit
Recover your 365 domain
Given that's the subject of the whole post
peoplepersonmanguy@reddit
I said no such thing.
Cheers.
BlackV@reddit
No that's not it, the DNS is to prove you are admin of the domain, identical to when you setup a tenant
DontSeekTheTreasure@reddit (OP)
How do I make sure I don’t lose all my data?
disclosure5@reddit
Noone who says they can make any quicker than you can should be listened to.
redvodkandpinkgin@reddit
So the plan is to take the domain away from the locked out tenant to a new one and abandon all data left behind? Why do this? Admins get locked out of tenants all the time, it's a pretty straight-forward case in MS support and it can be easily recovered.
DontSeekTheTreasure@reddit (OP)
Have sent you a DM.
Degenerate_Game@reddit
Whenever you regain access. Please make a break glass account.
Lord-Raikage@reddit
If you have MFA turned on then the self service password reset link unlocks accounts. The 2nd option, I think it says "I know my password but I cannot get into my account"
Spraggle@reddit
And if you've only got MFA turned on with SMS, here's your reminder to go and change that.
iloveScotch21@reddit
Top comment in this thread. You will need to call support and ask them to transfer you to data protection
https://www.reddit.com/r/Office365/s/wxzxexqZGd
redvodkandpinkgin@reddit
Absolutely right, as long as you can get them the documents they ask for this should be a relatively quick process.
Have seen it get resolved in just a few hours, if the agent is competent most of the time will be spent waiting on you to send the info needed.
meatychub@reddit
Try checking if you have a cached session at admin.microsoft.com on your device. Had this happen recently with a client and his session was luckily still active.
From there, we were able to create a second admin account, sign into it, and restore the original one. Otherwise, you have to call Microsoft support, no way around it. Also, don't trust anyone here to help you hands-on... That's a cyber incident waiting to happen.
DontSeekTheTreasure@reddit (OP)
It’s great advice, thanks heaps
BlakeSoundTech@reddit
Please create a second break glass admin in the future so you save yourself a world of hurt
perth_girl-V@reddit
If you use a whole saler to purchase licenses they can reset it for you
DontSeekTheTreasure@reddit (OP)
Thanks, but I subscribed online