Forum Discussion
Conditional Access Lockout
Due to my own error in setting up Conditional Access. I proceeded to Lock out all my global admins as well as users.
Step 1. Acceptance, I made the mistake, I thought I had excluded one Global admin from the Require phishing-resistant multifactor authentication for administrators policy. Like the Big Red Box on the KB had said apparently I did not. I accept my ignorance on that.
Step 2. Call support, here is where things get worse. Opened a ticket with the Data Validation team calling the number given by the first tech I spoke to. The DV team said I needed to validate a few things to ensure I was a global admin. Acceptable account management validation procedures. Then radio silence for 24 hours so I call back again. I was informed that they needed to reset MFA on the account. I advised that was fine but it was not an MFA issue it was a Conditional Access issue but I sent the required emails and did everything they told me to. Also at this point I have had three Quick Assist sessions with all techs that I had delt with to this point and they screenshot the error every time. They seem shocked that the MFA reset did not work. Techs keep saying they need to collaborate with higher tier support but as of now it has not escalated. Error 53003 is well documented as a Condition Access issue. At this point I have not been able to get into the admin centers for 7 days and I find that there is no recourse to escalate on my own. How is this an acceptable SLA? Why continue to pay for this level of "customer service"?