25,081 questions
To unregister the device,
Open Authenticator app -> hamburger menu -> Settings -> Device Registration -> Unregister device
Passwordless: Unregister a device so that it can be used in another tenant
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(6.4, 10%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPB%3C/text%3E%3C/svg%3E)
Phillip Baker
46
Reputation points
It is a pre-requisite for passwordless that a device 'be registered' with 'the organization' which presumably means it is added to the user's profile / directly to Azure AD somewhere.
It was not clear from the messaging in the setup flow on Authenticator iOS that it is not currently supported to use passwordless with more than one Microsoft tenant even though this is a constraint that gave rise to a feature request in 2018.
The device is now registered with a tenant, but - having discovered that I can only have it registered to one tenant - not the one I would choose.
I have 'deactivated' phone authentication in the Authenticator app for the tenant it was activated against, but the device still seems to show as already registered with that tenant - if I go into enable phone authentication for the tenant I want it enabled on, it tells me it's already registered elsewhere, and if I go to enable it on the tenant I no longer want it on, there is already a green check mark next to the requirement to register the device.
I can find no documentation explaining where/how these devices are 'registered'. I did notice that the iPhone was showing in AAD devices and have tried deleting the entire device from Azure AD already, to no effect.
Is it just a matter of waiting for the deactivation/deletion to take effect, or are 'passwordless devices' managed somewhere else?
Microsoft Security Microsoft Entra Microsoft Entra ID
Microsoft Security Microsoft Authenticator
9,253 questions
Accepted answer
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(9.6, 77%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESH%3C/text%3E%3C/svg%3E)
Svante Hugh 91 Reputation points2021-06-19T01:00:01.253+00:00 -
Phillip Baker 46 Reputation points
2021-09-17T16:41:33.443+00:00 This appears to be it - thanks!
Why you can (currently?) only have your device registered to one tenant at a time, however, (which I guess is why this is an 'app level' rather than 'account level' setting) is completely beyond me. Seems like a totally bone-headed design choice.
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(64, 78%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EM%3C/text%3E%3C/svg%3E)
MEP 0 Reputation points2023-01-27T15:33:18.1133333+00:00 When I press the blue unregistered button, nothing happens. The device still seems to be registered to the old account, even after completely removing the app and reinstalling. Any thoughts @Svante Hugh
Sign in to comment -
2 additional answers
Sort by: Most helpful
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(195.2, 0%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EVM%3C/text%3E%3C/svg%3E)
VipulSparsh-MSFT 16,311 Reputation points Microsoft Employee2021-03-26T07:53:04.07+00:00 @Phillip Baker It should be a matter of waiting for deactivation as if you remove/delete the device from azure AD Device portal. We remove it permanently from your account.
Do confirm that you are not able to see the device in this portal :
Are you still having issues ?
-
Phillip Baker 46 Reputation points
2021-03-27T04:46:50.797+00:00 Hi @VipulSparsh-MSFT - the device has now been deleted from the azure devices list for over 24 hours, but it still shows in the iOS Authenticator app that it is not possible to activate passwordless login for any other tenant (other than the one I previously activated it on).
I have tried force-quitting and re-opening the authenticator app thinking that might force it to refresh, but that isn't working.
Is it necessary to remove the tenant that was previously activated from the Authenticator app and to re-enroll to get the app to forget this state, perhaps?
Sign in to comment -
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(272, 75%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EO%3C/text%3E%3C/svg%3E)
OG 1 Reputation point2021-06-08T14:10:55.137+00:00 Hi, I have the exact same issue.
In Authenticator, how do I unregister my phone in one account, so I can use this phone for 'sign-in with phone' function for the other account?