I am a member of a SMB IT firm that often runs into this issue. In my past encounters we have always managed to come up with a way to resolve gaining administrative access to the tenant.
In this case I am coming up short. Here's the situation:
Tl;dr - tenant is being held hostage for an unpaid debt related to a failed SOW completion.
Details are:
- One of our clients has an MSP that failed to perform the SOW requested by our client in common
- SOW was to migrate a NAS and individual cloud file containers into a federated Sharepoint site under the client's domain xxxx.com
- MSP failed to perform this task to satisfactory completion but billed client ~$4k.
- Client disputed and is not paying the $4k bill
- The client has access to their domain registrar, can prove they are the owner and has access to DNS records
- The MSP did not give any administrator credentials to the client for self management
- The MSP has not renewed the client's O365 exchange subscription due to non-payment
- MSP says there is a balance owed for exchange services (~$80)
- Client states that the CC on file expired a couple months ago (makes sense)
- MSP says that the action required is to log in as an admin and renew the payment method (but no admin access, doesn't make sense)
- MSP is not following through with assisting the client in gaining access to their tenant to update billing
- MSP is not communicating to resolve the issue.
What we are trying to do is regain access to their tenant while still retaining their domain name. Is there a way to gain administrative access to a Microsoft tenant managed by a "rogue" MSP in order to do the right thing for our client in common? Our client is willing to pay the fees for the O365 subscription service, just not the bill for the incomplete SOW for data migration.
As far as I'm aware, I don't think that there is -- but I would like to gain more info from the tech community to see if we have any recourse. I would consider creating a new tenant on our own on behalf of the client, but we have no way to defederate the existing tenant. If we wipe DNS and start clean, the new tenant would kick back the domain registration during setup since another tenant already has the domain linked.