Lost Owner and Contributor Access - Can not open a support request

Question

Lost Owner and Contributor Access - Can not open a support request

Arron Washington 40 Microsoft Employee

We lost our owner and contributor access, and we don't have anyone that can add our RBAC roles back or update or PIM enabled security group to have ownership access. I tried opening a ticket, but because I don't have "Support Request Contributor" access, I am not able to get the support I need to have the ownership access added.
User's image

Arron Washington 40 Reputation points Microsoft Employee

2026-05-22T02:02:18.38+00:00

I was not able to get any help as the internal help desk tried to have me open a ticket, but that is not possible as I do not have the Support Request Contributor role. Still 100% blocked. I would need a Global Admin to assist on this.
Sina Salam 29,846 Reputation points Volunteer Moderator

2026-05-22T15:00:08.4366667+00:00
Hello Arron Washington,

Welcome to the Microsoft Q&A and thank you for posting your questions here.

I understand that you are experiencing a loss of administrative access to your Azure subscription, preventing RBAC recovery and blocking support request creation.

The issue is not primarily a support-role problem, but rather a loss of subscription-level RBAC authority (Owner/User Access Administrator).

The most supported recovery approach in your scenario is to:

Use a Global Administrator in the same Microsoft Entra tenant to elevate access (root scope)

Reassign the Owner role at the subscription level

Repair any PIM-enabled security group used for access governance

Grant Support Request Contributor (or Owner/Contributor) at subscription scope

A Global Administrator does not automatically have Azure access, but can temporarily elevate access to assign roles and recover ownership. - https://learn.microsoft.com/en-us/azure/role-based-access-control/elevate-access-global-admin

Once RBAC control is restored:

Ensure at least one permanent Owner (break-glass account) exists

Fix the PIM group governance path (ownership, eligibility, activation)

Assign Support Request Contributor to prevent future support lockout

Azure requires Owner, Contributor, or Support Request Contributor at the subscription level to create or manage support tickets. - https://learn.microsoft.com/en-us/azure/azure-portal/supportability/how-to-manage-azure-support-request If no Global Administrator exists, recovery cannot be completed from Azure RBAC alone. In that case, escalation must go through the correct billing administrator (MOSP, MCA, or EA) to regain governance.

NOTE:

Do not focus on assigning Support Request Contributor first. Instead:

Restore RBAC authority (Owner role) using Global Admin elevation

Repair governance (PIM group or direct role assignments)

Then enable support access at subscription scope

This sequence is the only supported resolution path for this scenario.

I hope this is helpful! Do not hesitate to let me know if you have any other questions, steps or clarifications.

Please don't forget to close up the thread here by upvoting and accept it as an answer if it is helpful.

Answer accepted by question author

0 additional answers

Your answer

Arron Washington 40 Reputation points Microsoft Employee

2026-05-22T02:02:18.38+00:00

I was not able to get any help as the internal help desk tried to have me open a ticket, but that is not possible as I do not have the Support Request Contributor role. Still 100% blocked. I would need a Global Admin to assist on this.

Answer 1

Hello Arron Washington,

As discussed offline, since this involves a Microsoft corporate tenant and there are no remaining users with Owner/Contributor access or eligible PIM assignments, the recommended approach is to engage your internal tenant administrators or privileged access administrators so they can elevate access and restore the required RBAC roles on the affected subscriptions.

A Global Administrator can temporarily elevate access at the root scope and reassign Owner access on the impacted subscriptions. Microsoft documents the process here:

Elevate access to manage all Azure subscriptions and management groups

Once elevated access is enabled, the tenant administrator can:

Restore Owner access on the subscriptions
Reassign Contributor access if needed
Restore ownership or membership for the PIM-enabled security group

After RBAC access is restored, you should be able to manage the subscriptions and create support requests normally.

Share via

Lost Owner and Contributor Access - Can not open a support request

0 additional answers

Your answer