![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(67.2, 30%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESR%3C/text%3E%3C/svg%3E)
Microsoft Security | Microsoft Authenticator
A Microsoft app for iOS and Android devices that enables authentication with two-factor verification, phone sign-in, and code generation
To regain access after losing the phone and Microsoft Authenticator, recovery must be done in two parts: the Microsoft account itself, and then the Authenticator configuration.
- Recover the Microsoft account
- If the password is known but verification codes cannot be received because the phone and Authenticator are lost:
- Start sign-in to the Microsoft account.
- At the “Verify your identity” prompt, choose I don't have any of these.
- Follow the steps to replace the security info. Once replacement is complete, there is a 30‑day wait before normal sign-in is allowed. During those 30 days, if old security info is found and used, the update is cancelled.
- If the password is not known:
- Use the account recovery form described in Help with the Microsoft account recovery form.
- Submit the request via the Recover account link and provide as much accurate information as possible.
- If the password is known but verification codes cannot be received because the phone and Authenticator are lost:
- Handle two-step verification and security info
- If some security info (for example, an email or another phone) is still accessible:
- Sign in to the Advanced security options page using the available method.
- Select Add a new way to sign in or verify and configure a new phone or email.
- After confirming the new method with a code, remove the old phone number or method that is no longer available.
- Avoid changing all security info at once to prevent a 30‑day restriction.
- If some security info (for example, an email or another phone) is still accessible:
- Restore or reconfigure Microsoft Authenticator
- If a backup of Authenticator existed on the old phone (same platform type only: iOS→iOS or Android→Android):
- Install Microsoft Authenticator on the new device.
- On Android, select Restore from backup or Begin recovery before signing in. If already signed in, sign out first as described in How to sign out from Authenticator.
- Sign in with the personal Microsoft account used for the Authenticator backup. Accounts will be restored according to the rules in What account information is restored in Authenticator? (for Microsoft personal accounts, passwordless sign-in requires signing in again; for work/school, only account names are restored).
- For any account showing Sign in to restore your account or Action required, tap it and complete sign-in with password and additional verification.
- If no backup exists or it cannot be accessed:
- Authenticator credentials cannot be recovered by support. The accounts must be added again manually after access to each underlying account is restored. Use the guidance in How to add your accounts to Microsoft Authenticator.
- If a backup of Authenticator existed on the old phone (same platform type only: iOS→iOS or Android→Android):
- If locked out of a work or school tenant as the only admin
- If this is a Microsoft 365 business/education tenant and the only global admin is locked out due to Authenticator loss, the Microsoft Data Protection team must assist:
- Call the appropriate Customer service phone numbers - Microsoft Support line.
- In the IVR, clearly indicate this is an Authenticator issue for Office 365 for business, that it is a company account, and that there is no other administrator.
- Ask to open a service request and escalate to the Data Protection team to reset the admin’s MFA methods.
- If a direct call path is not available, a temporary trial tenant can be created and used to open a support ticket to request Data Protection assistance for the original tenant, as described in the tenant-admin MFA reset guidance.
- If this is a Microsoft 365 business/education tenant and the only global admin is locked out due to Authenticator loss, the Microsoft Data Protection team must assist:
- If unable to restore Authenticator backup account
- If the backup account used for Authenticator itself cannot be accessed, support cannot restore Authenticator data. Use the Microsoft account sign-in helper to regain access to that backup account first, then attempt Authenticator restore again.
Once access to the Microsoft account and any work/school accounts is restored, reconfigure Authenticator on the new phone and add multiple security methods (phone, alternate email, possibly a second device) to avoid being locked out again if a device is lost or broken.
References:
- Troubleshoot Microsoft verification code issues
- Restore account credentials from Microsoft Authenticator
- Back up your accounts in Microsoft Authenticator
- I can't sign in to my Microsoft account
- My username and password have stopped working
- How Do I Regain Access to My Account After Losing Access to Microsoft Authenticator? (Urgent Request). - Microsoft Q&A
- I have a Micrsoft business account and I am the admin and the only user registered under this account. I can't log in because i have replaced my phone and the authenticator doesn't work. - Microsoft Q&A
- Requesting a Tenant Admin MFA Reset - Microsoft Q&A