![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(249.60000000000002, 28.000000000000004%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMN%3C/text%3E%3C/svg%3E)
Microsoft Security | Microsoft Entra | Other
Additional Microsoft Entra services and features related to identity, access, and network security
Because access to the Azure portal is blocked by MFA and there is no alternative method (SMS/email) configured, and you are the only Global Administrator, this is a tenant lockout scenario that must be handled by Microsoft’s Data Protection / Identity team via a support ticket.
From the documented and Q&A patterns for similar cases, the path is:
- If there is another Global Administrator in the tenant
- That admin signs in to the Azure portal.
- Goes to Microsoft Entra ID → Users → your user account → Authentication methods.
- Selects Require re-register multifactor authentication.
- Next time you sign in to Azure, you will be prompted to set up MFA again on a new device.
- If you are the only Global Administrator (your case)
- This must be escalated to Microsoft’s Data Protection / Tenant Recovery team through a support request.
- Forum moderators and community cannot reset MFA or access your account; only Microsoft support can do this after verifying identity and tenant ownership.
- Call Microsoft support using the regional customer service phone number and clearly state that:
- This is an Authenticator / MFA lockout issue.
- The account is for Office 365/Azure for business.
- It is a company/organization account.
- You are the only Global Administrator and are locked out due to lost authenticator and no other MFA methods.
- Request a service request and escalation to the Data Protection / Identity team to reset MFA registration for the admin account.
- If direct phone support is difficult to reach, one documented workaround is:
- Create a new, temporary Microsoft 365 trial tenant (separate from your locked tenant).
- Sign in to the Microsoft 365 Admin Center of this new tenant.
- Go to Support → Help & support and open a support ticket.
- In the ticket, clearly explain that:
- You are locked out of a different, existing Azure/M365 tenant where you are the only Global Admin.
- Provide the admin UPN, tenant domain, and error/MFA details.
- Ask for escalation to the Data Protection / Tenant Recovery / Identity Protection team to reset MFA for that admin account.
- After the original tenant issue is resolved, cancel the trial subscription for the temporary tenant to avoid charges.
Once the Data Protection/Identity team verifies your identity and ownership, they can clear or reset the MFA registration, after which you can sign in again and register a new authenticator device.
References:
- I need to reset my mfa methods - Microsoft Q&A
- Global Admin Locked out - Microsoft Q&A
- I have a Micrsoft business account and I am the admin and the only user registered under this account. I can't log in because i have replaced my phone and the authenticator doesn't work. - Microsoft Q&A
- Severity A Situation - Locked out of global admin account (MFA) - business down - Microsoft Q&A
- Can't use Azure Multi-Factor Authentication to sign in to cloud services after you lose your phone or the phone number changes
- Use a screen reader to set up and troubleshoot multifactor authentication
- Common problems with two-step verification for a work or school account
- Troubleshoot Azure Multi-Factor Authentication issues
- You don't receive a text or voice call that contains the verification code for Microsoft Entra multifactor authentication