Big issues with Microsoft

Question

I am posting this because I want to see if others have faced anything similar.

I was locked out of my Microsoft 365 for Business Admin account. When I tried to log back in it asked for a code from my authenticator app. The authenticator app is also logged out and when I tried logging in it asked for the code from my authenticator app, which I was logged out from. The same with iphone and ipad apps.

I rang support and after four hours (yes 4) and after a chat bot cut me off many times, I got through to a real person. They gave me a case number and as I missed one call, I am waiting to hear back.

I tried using the odd .onmicrosoft.com email address and no luck. I also found I have duplicate .onmicrosoft.com emails.

To top it off, my business email is the back up for my personal family 365 account and whenever I try to log on it logs onto to my family email.

This so confusing and has now cost me time and money for my business.

Has anyone else had a similar experience. I find it so frustrating that there is no support email.

Answer 1

The lockout and looping back to Microsoft Authenticator is a known type of issue when:

• The only MFA method registered is Microsoft Authenticator, and
• The device/app is signed out, reset, or replaced, and
• There is no second admin who can reset MFA.

In this situation, normal self-service recovery (codes, alternate methods) often fails, and support has to involve the Microsoft Data Protection / Tenant Recovery team to verify identity and reset MFA for the global admin.

From similar cases:

1. If there is another global admin in the tenant
   • That admin can sign in to the Azure portal → Microsoft Entra ID → Users → select the locked-out account → Authentication methods → Require re-register multifactor authentication.
   • After this, the locked-out admin signs in again and is prompted to set up MFA (Authenticator, phone, etc.) from scratch.
2. If there is only one global admin (the locked-out account)
   • Frontline support must escalate to the Data Protection team. They have specific tools and processes to verify identity and reset access for the sole admin.
   • When calling the support number, clearly state that this is a tenant admin MFA lockout, that this is a business/Office 365 for business account, and that there is no other global admin.
   • In some regions the phone system is automated; responses like “Authenticator”, “Office 365 for business”, “company account”, “yes, I’m the administrator”, “no, there is no other administrator”, and “yes, I need a service request” help route to the right team.
3. If support is hard to reach
   • One documented workaround is to create a temporary trial tenant (e.g., a Microsoft 365 Business/Enterprise trial), then use that new tenant’s admin center to open a support ticket.
   • In that ticket, specify that the problem is with a different existing tenant where the only global admin is locked out due to MFA/Authenticator and cannot open a ticket from that tenant.
   • Provide: the locked tenant’s domain, the admin UPN, error messages, and that MFA is stuck on Authenticator only.
4. About verification codes and blocks
   • Repeated sign-in attempts and unusual activity can trigger temporary blocks or “try another verification method” messages. In those cases, guidance is to:
     • Try another verification method if available (alternate email/phone).
     • Try another network (switch Wi‑Fi/cellular).
     • Wait (up to 24 hours or longer) without repeated attempts, as repeated retries can reset the time lock.
5. About the personal vs business account confusion
   • When a work account is used as backup for a personal Microsoft account, browsers often auto-sign in to one account and sign out of the other. To get codes from one while signing in to the other, use InPrivate/Incognito windows so both sessions can be open at once.

Given the description (only admin, Authenticator-only MFA, business tenant), the practical path is:

1. Continue with the existing support case and explicitly request escalation to the Data Protection / Tenant Recovery team for an admin MFA reset.
2. If that stalls, use the trial-tenant method to open a new support ticket from an admin portal and again request Data Protection involvement.

Once MFA is reset and access is restored, it is important to:

• Add at least one more MFA method (phone, alternate email, security key).
• Add a second global admin account so that one admin can recover the other in future.

---

References:

• Troubleshoot Microsoft verification code issues
• Common problems with two-step verification for a work or school account
• I have a Micrsoft business account and I am the admin and the only user registered under this account. I can't log in because i have replaced my phone and the authenticator doesn't work. - Microsoft Q&A
• Global Admin Locked out - Microsoft Q&A
• I need to speak with a real person and it seems impossible. - Microsoft Q&A
• Requesting a Tenant Admin MFA Reset - Microsoft Q&A
• Severity A Situation - Locked out of global admin account (MFA) - business down - Microsoft Q&A