Share via

reset authenticator app

Bruce 0 Reputation points
2026-01-25T10:10:20.4233333+00:00

I have a user I am trying to assist access her MS account for the first time. She is stuck in an authenticator security loop - she cannot access the account without use of the authenticator app but the authenticator app is not set up.

Can i change the settings for thsi user to not require authentication at all, so she can access her apps, then after it is all set up, she can set up the authenticator app as required.

We have been trying to rest the authentication but it asks for two questions to b eanswered, one is backup email which works fine but the other uses her phone number in NZ for either a call or text. The phone number is correct but not being recognised as correct.

Microsoft 365 and Office | Subscription, account, billing | For business | MacOS
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Gabriel-N 18,710 Reputation points Microsoft External Staff Moderator
    2026-01-25T13:00:44.33+00:00

    Dear Bruce

    Thank you for posting in the Q&A forum.

    Based on your description (the user is prompted for Microsoft Authenticator but cannot sign in to complete enrollment), a way to break this loop is to issue the user a Temporary Access Pass (TAP). TAP is a time-limited passcode that can be configured for single use or multiple sign-ins, and it is intended to help users gain temporary access so they can register strong authentication methods such as Microsoft Authenticator. Configure Temporary Access Pass to register passwordless authentication methods

    Once TAP is enabled and a Temporary Access Pass (TAP) has been issued for the user, share the TAP with them through a secure channel. The user can then sign in using the TAP and navigate to Security info (My Account) to register the Microsoft Authenticator app. After registration is complete, the user should be able to sign in normally with MFA enabled.

    If the account still appears stuck due to an incomplete or outdated MFA registration, you may also select Require re-register multifactor authentication for the user to force a clean MFA re-enrollment on the next sign-in. This option is covered under user authentication management here: Manage user authentication options

    Regarding the NZ phone number being “correct but not recognized”, please ensure the number is entered in the proper international (E.164) format, typically +64, and the leading 0 is removed (e.g., +6421xxxxxxx). If SMS or voice verification continues to fail, it is reasonable to bypass phone-based methods.

    You can also add or update the user’s phone number directly under the user’s Authentication methods in Entra ID (this is the verification data used by the system). After updating, re‑test the sign-in process. For reference: Add or change authentication methods for a user

    I hope this information helps. If you have any further questions, please feel free to ask.

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    Was this answer helpful?

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.