Disabling MFA for Admin Users without logging in

Question

We’re experiencing an issue on our tenant where all the administrator accounts are unable to log into their accounts for all the Office365 apps.

The issue is that once the username and password are put in, it prompts the users to approve request on the Authenticator App. But no approval prompts are coming to the Authenticator App and when you try to use alternative sign ins based on the prompts, no codes are being generated.

We are thus stuck in an infinite verification loop. Our desired solution is for the MFA to be deactivated on one or all of the admin accounts so that we can set up the Authenticator App again for the MFA to work correctly so we can regain access to our accounts. 

Authenticator is not generating codes, sign in on all admin accounts is currently not possible.

Basically need to know if there is workaround for when the Global Admins cant access Azure or AD to solve the problem because Authenticator is not giving us verification codes.

Answer 1

Generally speaking, you should have at least one break-glass account for such scenarios, excluded from MFA and other controls. Otherwise, your only option is to contact Microsoft support and work with them to regain access: https://learn.microsoft.com/en-us/microsoft-365/admin/support-contact-info?view=o365-worldwide

Answer 2

Had a similar problem and I found this step-by-step solution:

Microsoft 365 – Disable MFA on admin account using PowerShell when locked out
https://blog.campodoro.org/?p=2360