Conditional Access Lockout

Copper Contributor

Due to my own error in setting up Conditional Access. I proceeded to Lock out all my global admins as well as users.
Step 1. Acceptance, I made the mistake, I thought I had excluded one Global admin from the Require phishing-resistant multifactor authentication for administrators policy. Like the Big Red Box on the KB had said apparently I did not. I accept my ignorance on that.
Step 2. Call support, here is where things get worse. Opened a ticket with the Data Validation team calling the number given by the first tech I spoke to. The DV team said I needed to validate a few things to ensure I was a global admin. Acceptable account management validation procedures. Then radio silence for 24 hours so I call back again. I was informed that they needed to reset MFA on the account. I advised that was fine but it was not an MFA issue it was a Conditional Access issue but I sent the required emails and did everything they told me to. Also at this point I have had three Quick Assist sessions with all techs that I had delt with to this point and they screenshot the error every time. They seem shocked that the MFA reset did not work. Techs keep saying they need to collaborate with higher tier support but as of now it has not escalated. Error 53003 is well documented as a Condition Access issue. At this point I have not been able to get into the admin centers for 7 days and I find that there is no recourse to escalate on my own. How is this an acceptable SLA? Why continue to pay for this level of "customer service"?

3 Replies



The only way is Microsoft support, do you purchase the license through CSP?

@Kidd_Ip Oh, believe me as soon as I am able to get in I will be adding PAX8 as CSP so this will not be an issue moving forward however until I have admin portal access I am unable to add CSP.

@Grolink99  - just out of curiosity - how long did this take to resolve? We are experiencing the EXACT same support issues that you described. We're going on day 6......