Lost Microsoft Authenticator device – cannot access Microsoft 365 Developer E5 admin account (MFA required)

Question

I am using a Microsoft 365 Developer E5 sandbox tenant.

I lost my phone which had the Microsoft Authenticator app installed.

Now when I try to sign in, it always asks for a code from Microsoft Authenticator (TOTP), and I have no other verification methods configured (no SMS, no backup email, no second admin account).

I still have access to the original registration email for the developer program.

I have already tried:

• Signing in via portal.office.com
• Azure Portal
• Azure CLI (az login)
• “Sign in another way” options

But all methods require MFA code from the lost device.

Is there any way to:

1. Reset or bypass MFA for this admin account?
2. Recover access without losing the entire tenant?
3. Use developer program access to regain control?

Or is contacting Microsoft support the only solution in this case?

Any help would be greatly appreciated.

Answer 1

Hi @Thái Nguyễn

From the details you described, I understand that you have lost the phone hosting your Microsoft Authenticator app and are now locked out of your sole admin account for your Developer E5 tenant. You do not have any alternate verification methods configured, and you are wondering if there is a way to bypass this or if contacting support is the only path forward to recover access without losing the tenant.

In this situation, there are two official paths you can take to regain access to the tenant:

1.Please visit the following page and reach out to phone number via: Customer service phone numbers - Microsoft Support

From what I know, you will need to get past the initial AI system to reach the live support team. You can refer to the guide below for tips on how to get through more easily:

2.If method 1 is not working, please follow this link to create a trial tenant: https://www.microsoft.com/en-us/microsoft-365/business/microsoft-365-business-basic?msockid=3eb6980b5c6860e63a588d0c5d1761d6 - after that you will be able to access to Microsoft 365 Admin Center to raise the ticket

Assuming that you have already created an account after registering a free trial and you can go to Microsoft 365 admin center and click "Help & support" icon to raise your ticket. The agent will be able to create a ticket for you under the affected tenant and then transfer this ticket to Data Protection team who could help you to regain access.     

Please mention that you are raising ticket on behalf of the affected tenant that you do not have access to. The support team will help you to create ticket on the affected tenant then later on the Microsoft Data Protection team will assist you.

Note: This process will take more time than usual (7-14 working days) for your account to get access again as Data Protection is always overwhelmed with the number of tickets. As I am forum moderator, I do not have access to Microsoft internal system to assist or push this process to be quicker.

On the other hand, if you do create the trial and it resolves the issue, please remember to cancel the subscription afterward to avoid any related charges. 

I hope my information is helpful. Please give me any updates once you get this resolved.

---

If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".  

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Answer 2

For a Microsoft 365 Developer E5 tenant where the only configured MFA method is Microsoft Authenticator on a lost device, there is no self-service way to bypass or reset MFA if there are no other verification methods and no second admin.

The supported options in this situation are:

1. If there is any other security info still accessible (not your case)
   • For personal Microsoft accounts, security info can be changed from Advanced security options if at least one method still works, and old methods can then be removed.
   • For work/school accounts, another global admin can reset MFA by requiring re-registration of multifactor authentication for the locked-out user in Microsoft Entra ID.
   • In the described scenario, there is no other method and no second admin, so these options do not apply.
2. If all security info/MFA methods are lost and there is no other admin
   • For work/school tenants where the only global admin is locked out and cannot complete MFA, the documented path is to involve Microsoft’s Data Protection / Tenant Recovery team via Microsoft Support.
   • Forum moderators and normal support channels cannot directly change MFA or account details; only the Data Protection team can, after verifying identity and tenant ownership.
3. Practical recovery path for a sole admin (applies to business/Dev tenants)
   • Call Microsoft’s global customer service phone line and request a service ticket specifically for Authenticator / MFA lockout for the only tenant admin. Use the automated prompts to reach a live agent and ask for escalation to the Data Protection team for tenant admin MFA reset. Example flow from the context:
     • Problem: “Authenticator”
     • Product: “Office 365 for business”
     • Account type: “For companies”
     • Are you an administrator?: “Yes”
     • Any other administrators?: “No”
     • Need a service request?: “Yes – need Data Protection team to reset admin MFA.”
   • Be prepared to prove ownership (admin UPN, tenant domain, contact details, etc.). The Data Protection engineer can then reset MFA registration for the admin so that MFA can be set up again on a new device and additional methods (SMS, alternate email, second admin) can be added.
   • If reaching a live agent is difficult, one documented workaround is to create a separate, temporary trial tenant, use it to access the admin center, and open a support ticket from there explicitly about being locked out of a different existing tenant as the only admin. Support can then route the case to Data Protection for the locked tenant.
4. Impact on the tenant
   • The Data Protection / Tenant Recovery process is designed to restore access without deleting or resetting the tenant. The goal is to reset MFA for the admin account, not to remove the tenant.
5. Using Developer Program access
   • Having the original Microsoft 365 Developer Program registration email helps prove identity, but it does not provide a separate self-service MFA reset path. It is supporting evidence when working with Microsoft Support/Data Protection.

Given the constraints described (only one admin, only Authenticator configured, device lost, no other methods), contacting Microsoft Support and having the case escalated to the Data Protection team is the only supported way to regain access without losing the tenant.

---

References:

• Troubleshoot Microsoft verification code issues
• Common problems with two-step verification for a work or school account
• Microsoft Authenticator FAQs
• How Do I Regain Access to My Account After Losing Access to Microsoft Authenticator? (Urgent Request). - Microsoft Q&A
• Global Admin Locked out - Microsoft Q&A
• I have a Micrsoft business account and I am the admin and the only user registered under this account. I can't log in because i have replaced my phone and the authenticator doesn't work. - Microsoft Q&A
• Requesting a Tenant Admin MFA Reset - Microsoft Q&A
• Microsoft Authenticator app doesn't show 6-digit OTP code - Microsoft Q&A
• How to go passwordless with your Microsoft account