I can't get my authenticator recovered.

michelle mcgillvary 0 Reputation points
2024-05-09T23:38:07.25+00:00

I feel so stupid. I was extremely frantic because of what was going on. I had to change my phone number and I had to delete my main Hotmail address and now I can't log into my accounts and I can't recover my authenticator. I'm literally in tears. Can anyone reset my multifactor authentication settings??

Microsoft Authenticator
Microsoft Authenticator
A Microsoft app for iOS and Android devices that enables authentication with two-factor verification, phone sign-in, and code generation.
5,646 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Q&A Assist
    2024-05-09T23:38:07.2666667+00:00
    AI generated content. This question contains an answer created with AI from Q&A Assist. Learn more

    I'm sorry to hear that you're having trouble recovering your authenticator after changing your phone number and deleting your main Hotmail address. In this situation, you will need to ask another cloud services admin to reset your Multi-Factor Authentication settings. They can follow the steps outlined in the "Resolution" section of the article "Can't use Azure Multi-Factor Authentication to sign in to cloud services after you lose your phone or the phone number changes" to reset your settings. Once your settings have been reset, you should be able to set up your authenticator again with your new phone number. I hope this helps!


    References:

    0 comments No comments

  2. Sandeep G-MSFT 15,086 Reputation points Microsoft Employee
    2024-05-14T06:17:48.4266667+00:00

    @michelle mcgillvary

    Thank you for posting this in Microsoft Q&A.

    In this situation you have only couple of options.

    If you have multiple admin in your tenant then you can try to follow below steps,

    You can re-register for MFA.

    To perform this there is no option where you can reset your MFA by your own. You will have to contact Azure AD administrator in your organization to get MFA reset for your account.

    If you don’t know who are the admins then you can follow below steps to know who are the admin in your tenant. There is a PowerShell way to find global admin in your Azure AD. However, to use PowerShell as well you will have to authenticate yourself first. For authentication again it will prompt for MFA to be completed.

    I would suggest you ask one of your colleague to perform below steps and share the global admin details with you so that you can contact admin and get your MFA registerd.

    • Open Windows PowerShell as administrator.

    • Run command “Install-Module azuread”

    • Once installed you can run command “Connect-AzureAD” and enter user credentials once it asks for.

    • Once you login, you can run command “Get-AzureADDirectoryRole”.

    • From the output you can copy the object ID of Global administrator

    • Run command “Get-AzureADDirectoryRoleMember -ObjectId "Paste the object ID of global admin that was copied earlier"

    • You will get the list of users with global admin role assigned.

     

    Now you can contact any global admin from the list and ask him to perform below steps to reset your MFA so that you can re-register for authenticator app.

    • Admin has to login to Azure portal and access Azure active directory.

    • Once done they have to go to users blade on the left.

    • Click on Authentication methods and click on “Require re-register multifactor authentication”.

    • Now when you try to login to Azure services it will prompt you to register for MFA again.

    If you are the only global admin on the account and are blocked entirely, then only option is you can reach out to our support team. You can look into below article to get support numbers depending on your country.

    https://support.microsoft.com/en-us/topic/global-customer-service-phone-numbers-c0389ade-5640-e588-8b0e-28de8afeb3f2

    or creating a ticket through a different account:  https://learn.microsoft.com/en-us/microsoft-365/admin/get-help-support?view=o365-worldwide#phone-support

    Create a ticket with Microsoft support team. Give them the tenant ID which is locked out in your description. Tell them that no admin account has access anymore and your partners also have no access anymore.

    Once you create a ticket with support team you will have to work with our data protection team. You will have to first prove your identity against your tenant for security purpose. Post that this team will help you with help you in getting access to your tenant or unlock your account depending on your scenario.

    Also, for the future, you can create an emergency access account (break glass) in Azure AD. This account will help prevent being accidentally locked out of your Azure Active Directory (Azure AD) organization because you can't sign in for any reason.

    https://docs.microsoft.com/en-us/azure/active-directory/roles/security-emergency-access

    Problems with two-step verification for Azure B2C accounts - Microsoft Q&A

    Let me know if you have any further questions.

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.