Forum Discussion
Global Administrator MFA recovery not possible
Since Microsoft automatically enforced MFA on administrator role in Azure you can end up in the situation where it is no longer possible to recover your tenant. If your only account on that tenant is with Global Administrator role and you accidentally loose your MFA, the only way is to call Microsoft support. Support on the phone is automated where any question regarding Azure is redirected to visit Azure portal. If your only user cannot login then Azure portal is not accessible.
2 Replies
RobertasSimGreetings, agree with MarPas here, also make sure
In Microsoft Entra Privileged Identity Management, you should make the Global Administrator role assignment active permanent rather than eligible for your emergency access accounts. At least for these accounts.
Hi RobertasSim, for best practice, you should have at least 2 global admins and you should also have at least two emergency accounts (break glass).
I suggest you take a look here: https://learn.microsoft.com/en-us/entra/identity/role-based-access-control/security-emergency-access
