![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(92.8, 75%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBK%3C/text%3E%3C/svg%3E)
Microsoft Security | Microsoft Entra | Microsoft Entra ID
A cloud-based identity and access management service for securing user authentication and resource access
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(54.400000000000006, 10%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESS%3C/text%3E%3C/svg%3E)
As an admin, use these steps and checks to resolve not receiving MFA verification codes and the change from phone/SMS to app-based MFA:
- Try other verification options (if available)
On the sign-in MFA prompt, select Other verification options or Sign in another way and:- Choose a different method (for example, SMS, phone call, or another registered method) if it is still configured.
- Make sure the phone numbers shown are correct.
- Check if the account is blocked for MFA or sign-in
Ask another global admin in the tenant to:- Go to the Azure portal → Microsoft Entra ID.
- Go to Users → select the admin account that has the problem.
- Verify Block sign in is Disabled. If it is enabled, disable it and save.
This resolves cases where the user is blocked and therefore not receiving MFA codes.
- Avoid repeated or excessive code requests
Repeated sign-in attempts and repeated code requests can trigger protection and cause:- Temporary blocking of code delivery.
- Delays in SMS or call delivery, especially from regions with heavy compromised traffic.
If many attempts were made, wait for a period of time before trying again, or use a different MFA method.
- Check SMS/phone delivery issues
If using SMS/phone:- Ensure the phone doesn’t block texts/calls from unknown numbers.
- Confirm the phone number is a mobile number, not VOIP.
- Check that the SMS inbox is not full and that the messaging app is working properly.
- If using a third‑party security app, temporarily disable it and request a new code.
Users should attempt up to five times in 5 minutes to get a call or text; if this still fails, open a support case.
- Update or add a new phone number (if you can sign in at least once)
If sign-in is possible via any method, update security info so codes go to the correct number:- Go to the Security info / Additional security verification page (for example via View account → Update info from office.com).
- Remove the old phone number.
- Add the new phone number as a sign-in method and complete verification.
- If MFA has been moved to Microsoft Authenticator
If the organization has switched from SMS/phone to app-based MFA:- Sign in using any working method (SMS, call, or backup method) once.
- Go to the Security info page and add Microsoft Authenticator as a method.
- Complete the registration by scanning the QR code with the app.
If the app is already required and SMS no longer works, another admin can reset MFA as below.
- Have another admin reset MFA settings for the account
If another cloud/global admin exists, that admin can:- Sign in to the cloud service portal as admin.
- Go to the MFA user management page (for example
.../multifactorverification.aspx). - Select the affected admin account.
- Choose Manage user settings.
- Select Require selected users to provide contact methods again, then Save.
Next sign-in will force re-registration of MFA methods (Authenticator app, phone, etc.).
- If there is no other admin and you are locked out
If the affected account is the only global admin and cannot pass MFA at all:- Contact Microsoft’s Data Protection team via the regional Customer service phone numbers - Microsoft Support.
- Clearly state that this is a tenant admin MFA lockout and that there is no other admin.
The Data Protection team can verify identity and reset MFA from the service side.
- If repeated attempts cause “I can’t sign in after multiple attempts” behavior
When multiple failed attempts are detected, Microsoft Entra MFA may temporarily block further attempts. In that case:- Wait before trying again.
- Use a different MFA method if one is configured.
- If malicious activity is suspected, have an admin review Microsoft Entra sign-in logs.
These steps allow an admin to either restore SMS/phone-based MFA, complete the move to app-based MFA, or have MFA reset so new methods can be configured.
References:
- You don't receive a text or voice call that contains the verification code for Microsoft Entra multifactor authentication
- Common problems with two-step verification for a work or school account
- Frequently asked questions about Microsoft Entra multifactor authentication
- Use a screen reader to set up and troubleshoot multifactor authentication
- Can't use Azure Multi-Factor Authentication to sign in to cloud services after you lose your phone or the phone number changes