![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(44.800000000000004, 28.999999999999996%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EYG%3C/text%3E%3C/svg%3E)
Microsoft Security | Microsoft Authenticator
A Microsoft app for iOS and Android devices that enables authentication with two-factor verification, phone sign-in, and code generation
Because sign-in is blocked by Microsoft Authenticator and there is no working alternative MFA method, the account must be recovered through an administrator or Microsoft support, depending on whether there are other admins in the tenant.
- If there is another Global Administrator in the tenant
- Ask that admin to sign in to the Azure portal → Microsoft Entra ID → Users → select the locked-out account → Authentication methods → Require re-register multifactor authentication.
- After this is done, sign in again; the account will be prompted to set up MFA from scratch on the new phone.
- If there is no other Global Administrator (sole admin scenario)
- This is a tenant lockout. Recovery must be handled by Microsoft’s Data Protection team.
- Call Microsoft’s global customer service phone numbers for business support (see Customer service phone numbers - Microsoft Support in the references).
- When the IVR/bot asks questions, respond along these lines to reach the right team:
- Problem type: “Authenticator” or “lost account / can’t pass MFA”
- Product: “Office 365 for business” / “Microsoft 365 for business”
- Account type: “For companies”
- Are you an administrator?: “Yes”
- Any other administrators?: “No”
- Do you need a service request?: “Yes” (ask to create a ticket with the Data Protection team for tenant admin MFA reset / tenant recovery).
- If the call drops or errors, keep trying periodically; phone support is the only path when locked out as sole admin.
- Workaround if phone support cannot be reached
- Create a temporary trial Microsoft 365 tenant using a different account, as described in the referenced Q&A:
- Sign up for a Microsoft 365 Business/Enterprise trial and complete tenant setup.
- Go to the new tenant’s Microsoft 365 Admin Center → Help & support.
- Open a support ticket requesting contact with the Data Protection team to reset MFA for the original (locked) tenant.
- Provide:
- Admin email address of the locked tenant
- Locked tenant’s domain name
- Error messages and description that MFA (Authenticator) is the only method and is no longer accessible
- Confirmation that this is the only Global Admin account.
- After the issue is resolved and access to the original tenant is restored, cancel the trial subscription on the temporary tenant to avoid charges.
- Create a temporary trial Microsoft 365 tenant using a different account, as described in the referenced Q&A:
Until Microsoft support or another admin resets MFA, the sign-in block cannot be bypassed. The email access on the phone does not replace the need to complete MFA for admin and portal access.
References:
- You don't receive a text or voice call that contains the verification code for Microsoft Entra multifactor authentication
- Common problems with two-step verification for a work or school account
- I have a Micrsoft business account and I am the admin and the only user registered under this account. I can't log in because i have replaced my phone and the authenticator doesn't work. - Microsoft Q&A
- I cant log in to my business account because it is requiring Authenticator app which I do not have - Microsoft Q&A
- Requesting a Tenant Admin MFA Reset - Microsoft Q&A
- Severity A Situation - Locked out of global admin account (MFA) - business down - Microsoft Q&A