URGENT: Full tenant lockout - Conditional Access "Require MFA All Users" enabled before MFA registration - Error 53003 - 10-person company completely down

I am the Global Administrator of a 10-person startup. Today (March 10, 2026) my account was compromised via an AiTM (Adversary-in-the-Middle) session token theft attack. An attacker used my account to send phishing emails to all my external contacts.                                                                    

While scraping azure logs to identify the breach I had another GA do the following countermeasures:

  1. Changed all passwords

  2. Revoked all sign-in sessions via Microsoft Graph API

  3. Disabled Security Defaults to enable Conditional Access

  4. Created CA policy "Block Attacker IPs" blocking the attacker's IP range

  5. Created CA policy "Require MFA All Users" All Users, All Cloud Apps, Grant: R

  6. Created CA policy "Block Legacy Auth" blocking Exchange ActiveSync and Other clients

The "Require MFA All Users" policy was activated BEFORE any user in my tenant had registered MFA methods. Now every sign-in across the entire tenant is blocked with error 53003. No user can sign in to any Microsoft service.

I tried:

  - Signing in via browser, InPrivate, Azure CLI, PowerShell device code flow, but all blocked with 53003

  - Creating new user accounts, resetting passwords, etc... via Graph API back-end using a secret key stored locally using claude code

  - Called multiple Microsoft support numbers, but could not reach a live agent

  - Emailed existing Microsoft support case contacts through an old thread (could not start a new thread)

We are in the middle of contract negotiation and would appreciate escalation and someone to help us on the backend.

Have tenant ID and support ticket # on hand. Will be monitoring this actively.

Thank you!