Partner lockout of Microsoft 365 tenant – looking for advice on next steps

Thanks for the responses so far. I realise I may not have explained myself properly earlier, and I probably also posted in the wrong forum — I understand this space is mainly for partners. I’m a customer, not a partner, but I was hoping to find the right expertise here.

To clarify the situation:

• Our entire organisation (30 Microsoft 365 licences, ~£100m turnover, 10,000+ customers) has been locked out of our tenant by our CSP/MSP.
• They used their delegated Global Admin account to disable access for everyone else — including our own Global Admins.
• All staff and directors are locked out of Exchange, Teams, SharePoint/OneDrive, and even Azure AD–authenticated workstations.
• The partner is explicitly conditioning restoration of access on payment of disputed invoices unrelated to Microsoft licence pass-through.

This is not a standard “CSP suspension”: in a suspension, customer Global Admins normally retain tenant access. In our case, the MSP is the only remaining Global Admin.

What I’ve done so far:

• Raised a ticket with Microsoft Support via phone and spoke with the Data Protection Team. They refused to help or initiate Tenant Ownership / Domain Verification, even though we still control DNS. Their position was that Microsoft policy does not allow intervention in disputes “between global admins.”
• I explained repeatedly this is not a dispute between admins within our organisation — it’s a dispute between our organisation and a Microsoft Partner who has hijacked the tenant. That distinction seems to have been ignored.
• I also contacted the Microsoft Partner Conduct / Business Conduct department with full details and evidence. It has now been 7 days with no human response.

The current situation is that the data processor (our MSP) is denying the data controller (us) access to very sensitive data, including corporate records, bank account details, ID documents, and financial transactions for thousands of customers. The case has already been reported to the UK Information Commissioner (ICO) as a personal data breach. But regulatory channels are not the quickest route to restore service.

My key questions:

1. From a customer perspective, who at Microsoft can actually initiate Tenant Ownership / Domain Verification so we can reassert Global Admin control?
2. Are there official Partner Code of Conduct rules that directly cover this misuse of delegated admin privileges?
3. Has anyone seen a similar case where access restoration was conditioned on disputed, non-Microsoft payments?
4. Any practical advice on balancing the technical fix (regaining tenant control) with the legal/regulatory side (ICO notification, Computer Misuse Act, possible injunction)?

My focus is simply on regaining secure access, protecting data/IP, and meeting compliance obligations. Any guidance or experiences from others would be very welcome.

Hi ​ Ermserg​ 

This is a really serious (and unfortunately not unheard of) situation. Thanks for sharing the full context.

I have a couple of questions which would help me understand the situation a bit clearer. How do you currently purchase your M365 licenses, is it under an agreement like EA or CSP? Secondly, do admins still have access to data?

To answer your questions:

1. From a Microsoft tenancy perspective – what’s the fastest/most effective way to remove a partner’s delegated admin access if they refuse to release it voluntarily?

You can manage rights and permissions to your Microsoft 365 accounts on the Partner relationships page in the Microsoft 365 Admin Center. On this page, you can:

• See which partners you have a relationship with, and which partners have GDAP.
• Remove a partner's GDAP from your tenant.

1. Has anyone experienced or seen a similar scenario where access was conditioned on disputed payments?

Yes, when purchasing via CSP, Partners can suspend a subscription to temporarily disable the services to customers. The Suspend state is designed to help in dunning scenarios since users cannot access files and services, although customer administrators can still access data. Partners continue to be billed when a subscription is suspended.

1. Are there formal Microsoft Partner Code of Conduct provisions that directly address this type of misuse of delegated admin rights?

Yes, there is a partner code of conduct which outlines protection of information and ethical business practices. However, going back to the previous question, I suspect that your subscription have been suspended rather than using any admin privileges to to block access. The GDAP framework itself, which replaced the less secure Delegated Admin Privileges (DAP), was designed specifically to minimize potential for misuse.

1. Any practical lessons on balancing the technical fix (regaining control of the tenant) with the legal approach (injunction, regulatory notifications)?

This is not something I could advise on however the Microsoft Customer Agreements does have wording around subscription suspensions for non payments.

Something else to note is that you do also have the option to transfer your subscriptions to a different partner. You have outlined that your invoice dispute does not relate to your licenses so could this potentially be an option?

Ermserg​ are you a customer of a Microsoft partner? I don't know anything about what you are asking and I don't think this is the appropriate area to post about it, so I am actively looking for some resources for you to scope out.  Also tagging some super users in case they have any ideas, thanks so much in advance guys! 

Also moving this to our Partner-led tech topics board until I can figure out a better place for your inquiry. 

nick_Anag​ MartijnElfers​ ahart3​ sansbacher​ RobertHemsley​