![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(208, 63%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EEU%3C/text%3E%3C/svg%3E)
Microsoft Security | Microsoft Entra | Microsoft Entra ID
A cloud-based identity and access management service for securing user authentication and resource access
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(201.6, 99%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ER%3C/text%3E%3C/svg%3E)
Two-factor authentication (MFA) itself can’t be turned off by support or by the Authenticator app; it must be changed or reset through the account’s security/MFA settings or by an administrator, depending on the account type.
Given the situation (new phone, lost Authenticator backups, no codes on the new device), the options are:
- If this is a work or school (Microsoft Entra ID) account and there is another admin
- Ask an administrator in the organization to reset the MFA settings:
- Admin signs in to the Microsoft Entra admin center.
- Go to Users → select the affected user.
- Open Authentication methods.
- Select Require re-register multifactor authentication.
- After this, sign in again and reconfigure the Microsoft Authenticator app on the new phone.
- Ask an administrator in the organization to reset the MFA settings:
- If this is a work or school account and you are the only admin
- MFA cannot simply be disabled from your side because you are locked out.
- The Microsoft Data Protection team must reset your MFA after verifying identity. Use the regional Customer service phone numbers - Microsoft Support and request a ticket with the Data Protection team, stating that you are the only administrator and have lost access to the Authenticator app.
- If this is a personal Microsoft account
- If still signed in on a trusted device (for example, Windows PC or browser), go to the account security page and either:
- Remove the old Authenticator registration and add a new one on the new phone, or
- If using passwordless sign-in, turn it off and reconfigure MFA methods.
- If completely locked out and no other methods (SMS, email) work, use the account recovery flow (for example, I don’t have any of these when prompted for security info) and follow the prompts to regain access, then update/remove the old Authenticator method.
- If still signed in on a trusted device (for example, Windows PC or browser), go to the account security page and either:
- If there are other verification methods configured (SMS, phone call, backup email)
- Use one of those methods to sign in.
- Once signed in, go to your security info page (for work/school: https://aka.ms/mysecurityinfo) and:
- Delete the existing Authenticator app sign-in method tied to the old device.
- Add the Authenticator app again from the new device.
- If passwordless is enabled and you try to delete the Authenticator method, first add another two-factor method (SMS/phone call) so it can be used to authorize the deletion.
- If no alternative method works and you are not an admin
- Contact the organization’s IT/admin and ask them to reset your MFA as described above. End users cannot disable MFA themselves when it is enforced by policy.
Disabling MFA entirely is usually only possible by an administrator changing the tenant’s security/MFA policy or, for personal accounts, by turning off two-step verification/passwordless after successfully signing in. In a locked-out scenario, the practical path is an MFA reset (and then re-registering Authenticator), not a direct “turn off” from the app.
References:
- Frequently asked questions about Microsoft Entra multifactor authentication
- Can't set up MFA because five devices are already registered to use an authenticator app
- Can't use Azure Multi-Factor Authentication to sign in to cloud services after you lose your phone or the phone number changes
- How to go passwordless with your Microsoft account
- Common problems with two-step verification for a work or school account
- Microsoft Authenticator FAQs
- Cannot authenticate with E-mail when logging into Microsoft Authenticator(iOS). - Microsoft Q&A
- I have a Micrsoft business account and I am the admin and the only user registered under this account. I can't log in because i have replaced my phone and the authenticator doesn't work. - Microsoft Q&A
- Microsoft Authenticator app doesn't show 6-digit OTP code - Microsoft Q&A
- Microsoft authenticator sending me into a spiral - Microsoft Q&A
- Requesting a Tenant Admin MFA Reset - Microsoft Q&A
- GroupMe two-step verification FAQ