Authenticator Loop

Question

Hi,

I am trying to access my outlook through a web browser (does not work on the app either). Although I have access to my email on my phone, when I try to access my email with the correct username and password it says I need to enter a code from the authenticator app on my phone. However I have been logged out of the authenticator app on my phone and so when I try to access the authenticator app it says I need to enter a code from my authenticator app. When I say to try another way it gives me the option to open my authenticator app and approve a sign in request, which I can't because I am on the authenticator app. There is a option to say "I can't use the authenticator app right now" but that brings me back to square one. No option for a recovery email or anything. How do I get out of this loop?

Answer 1

Hello Holden,

You’re stuck in a classic Microsoft Authenticator MFA lockout loop: your account requires Authenticator for sign-in, but Authenticator itself requires you to sign in, leaving you with no usable second factor. Unfortunately, there is no self-service bypass for this when no backup methods (SMS, email, security key) were configured. The only supported way out is an account recovery reset: if this is a work or school account, an administrator must reset your MFA or issue a Temporary Access Pass (TAP), which temporarily bypasses MFA so you can sign in and re‑register Authenticator (https://learn.microsoft.com/en-us/entra/identity/authentication/howto-authentication-temporary-access-pass). If you are the only admin, you must contact Microsoft Support to prove tenant ownership and have MFA reset. If this is a personal Microsoft account, use the recovery flow at https://account.live.com/acsr and complete the security info replacement process, which may include a mandatory waiting period. Microsoft documents this behavior as expected when no alternate verification methods exist, and confirms admin or support intervention is required (https://learn.microsoft.com/en-us/answers/questions/1661573/stuck-in-a-verification-loop-using-microsoft-authe).

Answer 2

The loop occurs because the account has Microsoft Authenticator configured as the only verification method, and access to that method has been lost. To break the loop, another verification method or an admin/Data Protection reset is required.

Use the path that matches the account type:

1. Work or school (Microsoft 365 business/education)

• If there is another sign-in method configured (SMS, alternate email, FIDO key, etc.), select that method on the “I can’t use my Microsoft Authenticator app right now” screen and complete verification.
• If no other method is available and this is a business account:
  • If an IT/admin team exists, request that an admin reset MFA for the user:
    • Admin goes to Microsoft Entra admin center → Users → All users → select the user → Authentication methods → “Require re-register multifactor authentication”. This forces MFA re-setup on next sign-in, allowing the Authenticator app to be re-enrolled.
  • If the user is the only admin and locked out, the tenant’s Data Protection team involvement is required via Microsoft support. The recommended pattern from similar cases is:
    • Call the regional Microsoft customer service phone number from the “Customer service phone numbers” page.
    • When prompted by the IVR, indicate that this is an Office 365 for business/company account, that the caller is the administrator, there is no other admin, and that a service request with the Data Protection team is needed to reset MFA for the tenant admin account.
    • If frontline support cannot help directly, ask for escalation to a duty manager and explicitly request Data Protection team review to reset the authentication methods. This is how prior cases with single-admin tenants have been resolved.

2. Personal Microsoft account (Outlook.com, Hotmail, Live)

• If another verification method (alternate email, SMS) is configured, use that instead of the Authenticator prompt when the “I can’t use my Microsoft Authenticator app right now” option appears.
• If no other method works and the sign-in flow never offers anything except Authenticator, recovery must be handled through Microsoft’s account recovery/sign-in helper and, if necessary, support escalation. Forum moderators and community cannot directly reset MFA or bypass the loop.

3. General guidance to avoid the loop in future

• Always configure at least one backup method (SMS, alternate email, or another app) in the security info for the account so that if Authenticator is lost or reset, another method can be used.
• For business tenants, ensure more than one global admin exists and that each has multiple MFA methods configured, so one admin can reset another’s MFA if needed.

Because the current configuration only allows Authenticator and that app is inaccessible, self-service options are exhausted; an admin (for work/school) or Microsoft support/Data Protection (for single-admin or some personal-account cases) must reset the MFA methods to break the loop.

---

References:

• How Do I Regain Access to My Account After Losing Access to Microsoft Authenticator? (Urgent Request). - Microsoft Q&A
• Microsoft authenticator sending me into a spiral - Microsoft Q&A
• Requesting a Tenant Admin MFA Reset - Microsoft Q&A