![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(112.00000000000001, 38%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EME%3C/text%3E%3C/svg%3E)
Microsoft Security | Microsoft Authenticator
A Microsoft app for iOS and Android devices that enables authentication with two-factor verification, phone sign-in, and code generation
Error 50089 indicates a sign-in failure related to multifactor authentication or conditional access, typically when required MFA cannot be successfully completed. In this situation, all admin accounts are effectively locked out because MFA methods were reset and no working method is available.
Because no admin can sign in, this must be treated as an admin lockout scenario.
- Do not keep retrying SMS or Authenticator
- Repeated failed attempts and unusual activity can cause temporary blocks and delays in receiving verification codes or MFA prompts. Waiting and repeatedly trying the same methods can worsen the block.
- If there is another Global Admin in the tenant
- Have that admin sign in and reset MFA for the locked-out admins:
- Go to Microsoft Entra ID in the Azure portal → Users → select the affected admin → Authentication methods → choose Require re-register multifactor authentication.
- The affected admin then signs in again and reconfigures MFA (Authenticator, phone, etc.).
- Have that admin sign in and reset MFA for the locked-out admins:
- If there is only one Global Admin (all admins locked out)
- This is a classic “sole admin locked out by MFA” case. Forum moderators or normal support channels cannot directly change admin MFA.
- Contact Microsoft Data Protection / Customer Support by phone and request an admin MFA reset for the tenant:
- Use the phone numbers listed under Customer service phone numbers - Microsoft Support.
- When navigating the IVR, clearly state:
- The problem is with Authenticator / MFA.
- The product is Office 365 / Microsoft 365 for business.
- It is a company / work account.
- Confirm being an administrator and that there is no other administrator.
- Request to create a service request and be routed to the Data Protection team to regain access and reset admin MFA.
- Be prepared to verify identity and prove admin ownership of the tenant.
- If support cannot be reached from the locked tenant
- As an alternative, create a temporary trial Microsoft 365 tenant:
- Sign up for a trial plan and complete tenant creation.
- In the new tenant’s admin center, open a support ticket.
- In the ticket, clearly state that the issue is with a different existing tenant where the sole admin is locked out by MFA and provide:
- Admin UPN of the locked tenant.
- Tenant domain.
- Error details (including error code 50089 and timestamp).
- Ask to be connected to the Data Protection team to reset MFA for the locked tenant.
- This trial tenant is only a channel to contact support; it does not give access to data in the original tenant.
- As an alternative, create a temporary trial Microsoft 365 tenant:
- After Microsoft resets MFA
- Sign in again to the original tenant.
- Reconfigure MFA methods immediately (Authenticator app on current phone, backup phone/SMS, and possibly additional methods) to avoid future lockouts.
Until Microsoft support/Data Protection resets MFA or restores a working admin, access to email and other services for those admin accounts will remain blocked even if passwords and SMS/call recovery flows appear to work.
References:
- "Account verification system is having trouble" error message when you try to sign in by using a work or school account
- "We didn't receive a response" error message when you try to sign in by using Azure Multi-Factor Authentication
- Common problems with two-step verification for a work or school account
- Can't set up MFA because five devices are already registered to use an authenticator app
- Use a screen reader to set up and troubleshoot multifactor authentication
- I need to reset my mfa methods - Microsoft Q&A
- MFA admin account no longer works - Microsoft Q&A
- I have a Micrsoft business account and I am the admin and the only user registered under this account. I can't log in because i have replaced my phone and the authenticator doesn't work. - Microsoft Q&A
- Requesting a Tenant Admin MFA Reset - Microsoft Q&A
- Microsoft authenticator sending me into a spiral - Microsoft Q&A