only Global Administrator Microsoft Authenticator is registered but does not receive push notifications

Question

I am the only Global Administrator using my .onmicrosoft.com account and Microsoft Authenticator is registered but does not receive push notifications for my .onmicrosoft.com admin account diabling me from loggin in as Global Admin.

My bestcase.com.au domain account has no problems but was not set up as an admin effectly preventing me making admin changes.

Answer 1

Please understand that as forum moderators, we do not have the tools or sufficient access to make changes to user accounts, including logging in, resetting passwords, or modifying access rights. For your security, only Microsoft Support can assist with these requests.  

Hello @John,

Thank you for reaching out.

Since you are the only admin, you will need to contact Microsoft’s Data Protection team. This team has the authority and the specific security procedures to verify your identity as the legitimate owner of the account and then reset your MFA settings from their end. Please try to find the related hotline number to call the frontline and let them raise a ticket for you: Customer service phone numbers - Microsoft Support   

Here are some tips and an example of a prompt to help you navigate the IVR more effectively:   

(When you call the support number, you may hear an introduction of about 30 seconds such as "you can visit the link...". You can ignore this introduction and wait until you are presented with the options. Then press "1" as a business email user, and again "1" for technical help)        

In some regions you may initially interact with an automated system, so here is an example of how you can answer the prompts to reach the right team more quickly:   

• What kind of problem are you experiencing?           
• Answer: Authenticator           
• What products do you use?           
• Answer: Office 365 for business           
• Is this for an education or company account?           
• Answer: For companies           
• Are you an administrator?           
• Answer: Yes           
• Are there any other administrators in your organization?           
• Answer: No. I am the only admin in my tenant            
• Do you need a... Service request?            
• Answer: Yes. I need to create a ticket. Please send me direct to the Data Protection Teams.        

During the call, you will be asked to provide information that verifies your identity and proves ownership of the tenant, such as your organization name, billing information, contact email, phone number, or other subscription‑related details.

---

If you are unable to reach support via the phone numbers, there is a workaround you might consider: You can register for a new Microsoft 365 tenant by signing up for a trial subscription here: Microsoft 365 Business Plans and Pricing | Microsoft 365    

Once the new tenant is created, you can access the admin center and submit a support ticket from there, requesting to speak with the Data Protection Team on behalf of your original tenant.    

Important notes:     

• This new trial tenant will not give you access to any of the data or settings in your original locked tenant. It is solely a temporary means to contact Microsoft support.    
• The resolution time might be longer as you are contacting support from a different tenant.    
• Remember to cancel the trial subscription for the new tenant once your issue with the original account is resolved to avoid any unintended charges.  

I hope the information provided helps guide you in the right direction. Although I’m unable to take direct action, I sincerely hope that the steps and recommendations I’ve shared can support you through the process.  

  

Warm regards, 

---

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Answer 2

Because the .onmicrosoft.com Global Administrator account is the only admin and its Microsoft Authenticator push notifications are not working, recovery depends on whether there is any other Global Admin or not.

1. If there is another Global Administrator Since the bestcase.com.au account is not an admin, check whether any other account in the tenant has Global Administrator rights. If such an account exists, that admin can:
   1. Sign in to the Azure portal and open Microsoft Entra ID.
   2. Go to Users → select the .onmicrosoft.com Global Admin account.
   3. Open Authentication methods.
   4. Select Require re-register multifactor authentication.
   5. Sign in again with the .onmicrosoft.com Global Admin; it will prompt to set up MFA from scratch and re‑register Microsoft Authenticator.
2. If the .onmicrosoft.com account is the only Global Administrator When there is no other Global Admin who can reset MFA, the issue becomes a tenant lockout. In this case, only Microsoft Support (Data Protection / Tenant Recovery) can help:
   1. Contact Microsoft Support by phone using the Customer service phone numbers - Microsoft Support page.
   2. In the automated system, clearly indicate:
      • The product: Office 365 / Microsoft 365 for business.
      • That this is a company (work) account.
      • That this is an administrator account.
      • That there is no other administrator in the organization.
      • That help is needed to reset or clear MFA for the tenant admin.
   3. Ask to open a service request and be routed to the Data Protection team (or Tenant Recovery). They have processes to verify identity and ownership of the tenant and can reset the MFA registration for the locked Global Admin.
   If reaching a live agent is difficult, an alternative is to:
   1. Create a new temporary Microsoft 365 trial tenant.
   2. Sign in to the new tenant’s admin center.
   3. Open Support → Help & support.
   4. Create a support ticket explaining that access is needed to a different existing tenant where the .onmicrosoft.com account is the only Global Admin and is locked out due to Microsoft Authenticator not working.
   5. Provide the locked tenant’s domain and admin UPN and request escalation to the Data Protection team.

Once Microsoft Support/Data Protection verifies ownership, they can reset the MFA methods for the .onmicrosoft.com Global Admin so that Microsoft Authenticator can be re‑registered and admin access restored.

---

References:

• Troubleshoot problems with Microsoft Authenticator
• Microsoft Authenticator FAQs
• How to add your accounts to Microsoft Authenticator
• Admin account security in Microsoft 365 for business
• Global Admin Locked out - Microsoft Q&A
• I have a Micrsoft business account and I am the admin and the only user registered under this account. I can't log in because i have replaced my phone and the authenticator doesn't work. - Microsoft Q&A
• Severity A Situation - Locked out of global admin account (MFA) - business down - Microsoft Q&A
• I need to reset my mfa methods - Microsoft Q&A