Unable to Log In Due to Microsoft Authenticator App Issue and Need Entra ID for Support. Can you help?

Question

Service: Azure Active Directory (AAD)

Scenario: I'm experiencing login issues with my Azure account due to a problem with the Microsoft Authenticator app. After uninstalling and reinstalling the app to fix an issue, all my added accounts were lost and did not recover. Now, when I try to log in, I am prompted to approve from the Authenticator app after entering my correct password. However, since the app was reinstalled, there are no accounts in it to provide codes or approvals.

Result: I am unable to log in to my admin account, which is crucial for maintaining my daily work. I had turned off SMS and email services this morning, so these options are not useful either.

Environment:

• Admin Account: [Admin account email not included for privacy reasons]

Troubleshooting Efforts:

Reinstalled the Microsoft Authenticator app, but lost all added accounts.

Attempted to log in using the Authenticator app, but no accounts are available to provide approval codes.

Emailed azcommunity@microsoft.com for help, but they requested my Entra ID.

Unable to access the account to retrieve the Entra ID.

Reproducible Steps:

Attempt to log in to Azure with my admin account.

Follow the MFA prompt to use the Microsoft Authenticator app.

Encounter the issue of no available accounts in the app to provide approval.

Additional Information: I need to regain access to my admin account to maintain the flow of my work. All information related to my account, including ID and others, is stored in a document in OneDrive. Since I cannot access my account, I am unable to provide the Entra ID, but I can give the associated email and phone number upon request.

Thanks for your patience. Can anyone help?

Answer 1

Hello @Ashiqur Zaman Arshad,

Thank you for sharing your details over email.

The issue relates to a tenant lockout situation where no other global admin in the tenant has the necessary admin rights to re-register MFA.

To resolve this, we engaged our Data Protection team through a support ticket. Please connect with our support team via the ticket, and they will assist you in resolving the issue.

I hope this information is helpful. Please feel free to reach out if you have any further questions.

If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

Answer 2

Update: My problem has been fixed and here is how it was resolved.

How to Escape a Tenant Lockout Situation (with a Dash of Humor)

First off, a massive shoutout to the legends Mr. Pothuraju and Mr. Mohammad from the data protection team. They were my heroes in shining armor!

Step 1: Assemble Your Details and Compose an Epic Email Get your details in order and craft a detailed email to azcommunity@microsoft.com. Include your contact numbers (with country codes), Gmail address, and the alternate email of your admin account. The alternate email is crucial because it will receive verification emails from the data protection team.

Step 2: Swift Response (Faster than Lightning) Surprise! You'll receive a response sooner than you expect. They will ask you to create a Q&A post with a specific tag to get your support ticket. Reply to the email with the link to your Q&A post.

Step 3: Q&A Post and Support Ticket Creation The person handling your email will post an answer in your Q&A post, and you need to accept it. In my case, Mr. Pothuraju provided the answer and also communicated with me via email. After this, a support ticket will be created on your behalf.

Step 4: Await Contact from the Data Protection Team (Patience is Key) Once your support ticket is created, expect a call from the data protection team within 1-2 hours. If not, channel your inner Zen master and patiently wait for the time frame mentioned in your email.

Step 5: Explain Your Situation Like a Pro When someone from the data protection team calls, answer all their questions and explain your situation clearly. Don’t forget to mention your domain name.

Step 6: Verification Email and Response (Time to Shine) After hearing you out, they will send a verification email for the MFA reset request to your alternate email. You need to reply with a specific sentence they will mention in the email.

Step 7: Patience is Key (Again) Once they receive your reply, they need about 24 hours to reset your MFA. They will inform you of the expected completion time. Maintain your professionalism and avoid bombarding them with follow-up emails. Just sit tight and wait.

Once your request is approved, they will call you and you’ll be able to log into your account without MFA.

Key Takeaways:

Always maintain professionalism and patience.

Data protection teams are very helpful and friendly.

The process requires emailing, not phone calls.