![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(22.400000000000002, 97%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJA%3C/text%3E%3C/svg%3E)
Microsoft Security | Microsoft Authenticator
A Microsoft app for iOS and Android devices that enables authentication with two-factor verification, phone sign-in, and code generation
To reset Multifactor Authentication (MFA) when there is no access to Microsoft Authenticator and no codes, another administrator or support must reset the MFA registration so new methods can be configured.
Use the appropriate option based on the account type and role:
- If this is a work or school account and there is another admin
- Ask an Authentication Administrator or Global Administrator in the tenant to:
- Go to the Microsoft Entra admin center: https://entra.microsoft.com
- Navigate to Entra ID → Users → select the affected user.
- Open Authentication methods.
- Select Require re-register multifactor authentication.
- After this, sign in again; the account will be prompted to set up MFA from scratch (new Authenticator app, phone, etc.).
- Ask an Authentication Administrator or Global Administrator in the tenant to:
- If this is a work or school account and there is no other admin (only admin is locked out)
- This is a tenant admin lockout scenario. The MFA methods cannot be reset from the portal.
- Contact Microsoft support (Data Protection / Tenant Recovery) by phone using the regional number listed under “Customer service phone numbers - Microsoft Support” and request MFA reset for the tenant admin, explaining that this is the only administrator and there is no access to Authenticator or codes.
- If this is a user (non-admin) in a work or school tenant
- Contact the organization’s IT/admin team and ask them to reset MFA as in step 1 (Require re-register multifactor authentication).
- If the account has other sign-in methods configured
- If any alternative method (phone call, SMS, other app) is available, use it to sign in and then update security info at https://aka.ms/mysecurityinfo or https://aka.ms/security-info to add a new Authenticator registration and/or phone methods.
Once MFA is reset and access is restored, ensure at least one additional method (such as phone or email, depending on policy) is configured so that loss of the Authenticator app does not cause lockout again.
References:
- Manage user authentication methods for Microsoft Entra multifactor authentication
- How it works: Microsoft Entra self-service password reset
- Can't use Azure Multi-Factor Authentication to sign in to cloud services after you lose your phone or the phone number changes
- Can't set up MFA because five devices are already registered to use an authenticator app
- Reset-EntraStrongAuthenticationMethodByUpn
- Reset-EntraBetaStrongAuthenticationMethodByUpn
- I need to reset my mfa methods - Microsoft Q&A
- Microsoft authenticator sending me into a spiral - Microsoft Q&A
- Global Admin Locked out - Microsoft Q&A
- Requesting a Tenant Admin MFA Reset - Microsoft Q&A
- Microsoft Authenticator app doesn't show 6-digit OTP code - Microsoft Q&A