Everyone locked out of tenant due to a faulty Conditional Access Policy

Question

Everyone locked out of tenant due to a faulty Conditional Access Policy

Nick Bobak 65

We have been locked out of our tenant for almost 2 weeks now due to a faulty Conditional Access policy. During this week, there have been several conversations with a number of Microsoft support technicians, none of which seemed to have an understanding of the actual issue at hand or able to resolve the issue and all ended up assigning the case to a different team. We know exactly what is wrong and how to fix it. But we need the help of the Data protection team. Since this is a high impact incident and things are moving too slow via the regular support channels, we are trying to get in touch with them through this channel. We came across similar incidents on this forum and saw that they responded quickly. Our current support case number is 2404140040001624.

Akhilesh Vallamkonda 15,355 Reputation points Moderator

2024-04-30T10:38:45.24+00:00

Hi @Nick Bobak
Following up to see if the below suggestion was helpful. And, if you have any further query do let us know.
Nick Bobak 65 Reputation points

2024-04-30T16:17:10.9733333+00:00

It was not as I have not gotten any response after utilizing the email recommended and I am still locked out of my accounts as the rest of my users are. It’s been 19 days. This is absurd.
Nick Bobak 65 Reputation points

2024-04-30T21:50:49.67+00:00
Nick Bobak 65 Reputation points

2024-05-01T16:37:53.3533333+00:00

IS THERE ANYBODY AT THIS $3 TRILLION ORGANIZATION THAT CARES ABOUT ITS CUSTOMERS??? ANYBODY? PLEADING FOR HELP.

<PII image was removed by mod>
daniel rau 0 Reputation points

2026-03-11T04:12:52.3833333+00:00

Also have the same issue. Team got phished and we revoked all user access, legacy synced auth, and implemented new MFA. However, all global admin accounts are still locked out.

SEVERITY A, super urgent. Been locked out for 12 hours now without any help from support.

Have tenant ID and open ticket number on-hand.

I am mid contract negotiation, this is venture backed start-up.

Pls for the love of god hop on the phone, I will fly to Redmond or Bay Area tomorrow morning.

Answer accepted by question author

Givary-MSFT 35,786 Microsoft Employee Moderator

@Nick Bobak Apologies for the delayed response. As per the last update which I have got from my engineering team, we have excluded one of the Global admin accounts from the conditional access policy which caused this lockout.

This exclusion would be valid for next 24 hrs, would request you to login to your tenant at earliest, make changes to the policy so that others can login/access resources.

From next time onwards try to have emergency accounts - https://learn.microsoft.com/en-us/entra/identity/role-based-access-control/security-emergency-access

Let me know if you have any further questions, feel free to post back.

Edward Galante 0 Reputation points

2024-11-11T17:40:04.9+00:00

Hello. My team has the exact same problem. Are you able assist? case # 2411080040013455 We have not heard back from anyone. Business has halted. We cannot invoice and half of our company no longer has access to email.
Deleted

This comment has been deleted due to a violation of our Code of Conduct. The comment was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.
Deleted

This comment has been deleted due to a violation of our Code of Conduct. The comment was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.
daniel rau 0 Reputation points

2026-03-11T04:12:57.6633333+00:00

Also have the same issue. Team got phished and we revoked all user access, legacy synced auth, and implemented new MFA. However, all global admin accounts are still locked out.

SEVERITY A, super urgent. Been locked out for 12 hours now without any help from support.

Have tenant ID and open ticket number on-hand.

I am mid contract negotiation, this is venture backed start-up.

Pls for the love of god hop on the phone, I will fly to Redmond or Bay Area tomorrow morning.
Givary-MSFT 35,786 Reputation points Microsoft Employee Moderator

2026-03-12T03:54:37.4966667+00:00

@Daniel Rau If the issue still exists, open a new QnA post and tag me, so that we can communicate over the private message to assist you further. After creating the post, please tag me and Raja Pothuraju.
drau 0 Reputation points

2026-03-12T14:08:27.42+00:00

Tagged you. NEED HELP ASAP

1 additional answer

Your answer

Akhilesh Vallamkonda 15,355 Reputation points Moderator

2024-04-30T10:38:45.24+00:00

Hi @Nick Bobak
Following up to see if the below suggestion was helpful. And, if you have any further query do let us know.
Nick Bobak 65 Reputation points

2024-04-30T16:17:10.9733333+00:00

It was not as I have not gotten any response after utilizing the email recommended and I am still locked out of my accounts as the rest of my users are. It’s been 19 days. This is absurd.
Nick Bobak 65 Reputation points

2024-04-30T21:50:49.67+00:00
Nick Bobak 65 Reputation points

2024-05-01T16:37:53.3533333+00:00

IS THERE ANYBODY AT THIS $3 TRILLION ORGANIZATION THAT CARES ABOUT ITS CUSTOMERS??? ANYBODY? PLEADING FOR HELP.

<PII image was removed by mod>
daniel rau 0 Reputation points

2026-03-11T04:12:52.3833333+00:00

Also have the same issue. Team got phished and we revoked all user access, legacy synced auth, and implemented new MFA. However, all global admin accounts are still locked out.

SEVERITY A, super urgent. Been locked out for 12 hours now without any help from support.

Have tenant ID and open ticket number on-hand.

I am mid contract negotiation, this is venture backed start-up.

Pls for the love of god hop on the phone, I will fly to Redmond or Bay Area tomorrow morning.
Edward Galante 0 Reputation points

2024-11-11T17:40:04.9+00:00

Hello. My team has the exact same problem. Are you able assist? case # 2411080040013455 We have not heard back from anyone. Business has halted. We cannot invoice and half of our company no longer has access to email.
Deleted

This comment has been deleted due to a violation of our Code of Conduct. The comment was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.
daniel rau 0 Reputation points

2026-03-11T04:12:57.6633333+00:00

Also have the same issue. Team got phished and we revoked all user access, legacy synced auth, and implemented new MFA. However, all global admin accounts are still locked out.

SEVERITY A, super urgent. Been locked out for 12 hours now without any help from support.

Have tenant ID and open ticket number on-hand.

I am mid contract negotiation, this is venture backed start-up.

Pls for the love of god hop on the phone, I will fly to Redmond or Bay Area tomorrow morning.
Givary-MSFT 35,786 Reputation points Microsoft Employee Moderator

2026-03-12T03:54:37.4966667+00:00

@Daniel Rau If the issue still exists, open a new QnA post and tag me, so that we can communicate over the private message to assist you further. After creating the post, please tag me and Raja Pothuraju.
drau 0 Reputation points

2026-03-12T14:08:27.42+00:00

Tagged you. NEED HELP ASAP

Answer 1

Alfredo Revilla - Upwork Top Talent | IAM SWE SWA 27,546 Moderator

Hello, the Data Protection team is usually stacked with several cases related to the same issue.

That said, it would be a nice idea for Microsoft to strongly suggest and offer automatic break-glass/emergency account creation or ensure they won't get locked. Feel free to support ideas like this: https://feedback.azure.com/d365community/idea/42215546-8a90-ed11-a81b-000d3ae5ae95 so that the product team can consider them.

Alfredo Revilla - Upwork Top Talent | IAM SWE SWA 27,546 Reputation points Moderator

2024-04-30T18:15:38.59+00:00

Sad to hear about that Nick Bobak. Could you reach the Community S+I team via email as suggested?
Nick Bobak 65 Reputation points

2024-04-30T20:31:59.93+00:00

Yes i did this now a second time. No progress thus far, though i appreciate the attempted help.
Nick Bobak 65 Reputation points

2024-04-30T21:49:22.8933333+00:00

This organization is useless. The epitome of having you go in circles.
Nick Bobak 65 Reputation points

2024-04-30T21:49:47.2033333+00:00
Nick Bobak 65 Reputation points

2024-04-30T21:50:15.34+00:00

To say I am desperate at this point is a severe understatement. Every time I call (which is 2-4x per day due to not being able to do much else w/o access to my Microsoft tenant), I'm brushed off and assured that the technician or engineer assigned to my case will contact me within 2-3 hours, and sure enough, never does. I'm beyond exhausted when it comes to dealing with this issue. I've spent over 30 hours on the phone with Microsoft agents with literally no sign of progress or anything being done at all, besides "further escalating" (which if I had a dollar for every time I heard that, I'd have enough money to make a Microsoft 2.0 with legit customer service).

If we weren't a professional tax firm with legal and regulatory repercussions, I would have already quit and closed down at this point. Any additional advice/assistance is greatly appreciated.
Deleted

This comment has been deleted due to a violation of our Code of Conduct. The comment was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.

Share via

Everyone locked out of tenant due to a faulty Conditional Access Policy

1 additional answer

Your answer