Tried to change my phone number and I'm MFA looped out. Logging into Authenticator tells me to log into Authenticator.

Question

Single admin locked out MFA - no methods

I'm a shop with one admin user account.

I simply wanted to change my phone number -- Microsoft sent me to 5 different places - I turned off Microsoft security features; I tuned off MFA ahead of time in an effort to NOT get locked out. So, I can't get in at all because logging into Authenticator tells me to log into Authenticator --- and in windows I get forced to a MFA prompt no matter which admin center I go to. I am locked out of my admin console, Azure console... Entra console - locked out of every single console you guy decided to bury MFA and phone number changes. Please help!

I will take responsibility for not having enough alternate methods I suppose. But I'd like to think that several email addresses would be enough - I can't MFA cause your sending to my old phone number -- Whether it's text, call or verify. You give me three ways to MFA all of which require access to my old phone. And this is all after I completely turned off Microsoft security controls. I have access to apps and email apparently - just can't get into any consoles. And still need to change my phone number".

I'm new to Cloud, just got certified. But I'll tell you something, after 30 years of IT Infra engineering and building hundreds of domains from NT4 - 2019 Server - this is by far the most convoluted, confusing self-service Auth I have ever seen in my life! You have people going to 4+ different places to make a single sustainable change for a user. Microsoft need to think more on EUX. I mean 5 changes to a phone number - and still not the right one. After following all documentation, I can find. An old washed-up Infrastructure Engineer like me?

Now that happened to ME... What kind of experience do you think betty down at the flower shop is having with the authentication system?

Answer 1

Because all existing multifactor authentication (MFA) methods point to the old phone and there is only one admin in the tenant, self-service recovery is no longer possible and the account is effectively locked at the tenant-admin level.

For a work or school (Microsoft 365 business) account in this situation, the only supported path is escalation to Microsoft support via the Data Protection team so that admin access and MFA can be reset from the service side:

1. Contact Microsoft support using the regional customer service phone numbers listed under Customer service phone numbers - Microsoft Support.
2. When prompted by the automated system, clearly indicate that the issue is with Authenticator and Office 365 for business / company account, and that this is an admin account lockout due to MFA with no other admins available.
3. Ask specifically for a service request and involvement of the Microsoft Data Protection team to restore access to the locked tenant and reset MFA.
4. Be prepared to provide:
   • The admin username and domain for the locked tenant.
   • Business and tenant details for identity verification.
   • Error messages seen when attempting to sign in.

If the Microsoft 365 subscription was purchased through a partner or reseller and the global admin cannot open a ticket, the reseller’s support organization can open a service request with Microsoft on behalf of the tenant.

Once the Data Protection team verifies identity, they can reset MFA on the admin account so that sign-in works again and new authentication methods (including the new phone number) can be configured.

If this were a non-admin end user in a business tenant, an available admin could instead reset MFA in Microsoft Entra ID by using Require re-register multifactor authentication on the user. However, with a single-admin tenant and that admin locked out, only Microsoft support/Data Protection can perform the necessary reset.

---

References:

• Common problems with two-step verification for a work or school account
• Use a screen reader to set up and troubleshoot multifactor authentication
• Can't use Azure Multi-Factor Authentication to sign in to cloud services after you lose your phone or the phone number changes
• I have a Micrsoft business account and I am the admin and the only user registered under this account. I can't log in because i have replaced my phone and the authenticator doesn't work. - Microsoft Q&A
• Microsoft authenticator sending me into a spiral - Microsoft Q&A
• I need to reset my mfa methods - Microsoft Q&A
• Severity A Situation - Locked out of global admin account (MFA) - business down - Microsoft Q&A
• Azure has blocked myphone number for SMS verification due to a “bad reputation” flag - Microsoft Q&A

Answer 2

Dear @Herb Holder,

Good day! Welcome to Microsoft Q&A forum!

Based on your description, I understand that you tried to update your phone number and are now stuck in an MFA loop that prevents you from accessing any admin portals. Even though you disabled security features ahead of time, every sign-in still forces MFA to your old phone, leaving you completely locked out of your admin, Azure, and Entra consoles.

I sincerely apologize for the inconvenience caused by this issue.

If you're the only admin, in this situation, the Microsoft Data Protection Team has tools and processes in place to verify identity and regain access to administrator accounts. 

Please note that we have no control over user accounts, especially when it comes to logging in to your account, resetting your password, changing your access, etc. 

Therefore, if you are the only administrator in your organization, then you need to involve Microsoft Data Protection Team. Please try to find the related hotline number to call the frontline let them raise a ticket for you: Customer service phone numbers - Microsoft Support (Scroll down for Business users) 

In some countries, this is an automated conversation: First, when you call the hotline, they will ask you what kind of problem you are struggling with. 

Answer: Authenticator. 

A: What products do you use? 

B: Office 365 for business. 

Verification: Education or company account? 

B: For companies 

A: Are you an administrator? 

B: Yes. 

A: Are there any other administrators in your organization? 

B: No. 

A: I need one.... Service request? 

B: Yes 

(Important Note: Sometimes, you would hear the computer-generated voice at first, please kindly wait for it to end, and if an agent is available, you would be directed to them and get your support. Depending on your country or region, when you call the support number, you may hear an introduction of about 30 seconds such as "You can visit the link...". You can ignore this introduction and wait until you are presented with the options. Then press "1" as a business email user, and again "1" for technical help.) 

As an alternative, you can create a new tenant account and submit your request from there.    

To set up a new tenant, please follow these steps: 

• Visit Compare Office 365 Enterprise Pricing and Plans | Microsoft 365, choose any plan and click try for free to start a free trial.    
• Follow the guided setup process to create a new account for a new tenant. 

Once your tenant is created, you should be able to access the support portal and submit your ticket referencing your locked account without further issues.

In the ticket's description, you could refer to this message "Hello,

I am currently locked out of my Microsoft 365 tenant because multi-factor authentication is enforced, and I am unable to complete the verification process. I am the only global administrator for this tenant, which means I cannot access my account or the Microsoft 365 Admin Center.

To resolve this, I have created a new tenant and would like to be connected with the Data Protection Team to verify my identity and assist with regaining access. I am available to provide any required documentation or verification to support the recovery process."

Ticket Support: Log in the Microsoft 365 Admin Center using the newly created trial admin account > Support > Help & Support. You can raise support ticket at: https://admin.microsoft.com/#/support/requests   

• After clicking on "Help & Support" button like this image, you can type "I need agent support via phone or email". After that, you can click on "Contact support" 
• Choose contact method: "Phone" 
• Fill all the information in this contact support details, please describe your situation carefully so they will have enough information to help you. 
• Finally, click on "Contact me" As an alternative, you can create a new tenant account and submit your request from there. 
• 
• 
• 
• 
• After completing them, you will receive an email appointment for a meeting to review this issue professionally together. 
• For more details, you could refer to this article: Get support for Microsoft 365 for business 

Please remember to cancel the trial subscription once your issue is resolved to avoid any unintended charges.

Note: After creating the support ticket, please kindly let me know the ticket number so I could also track its process to help you regain access to your account/tenant.

Kindly let me know when there are updates or if you need further assistance. Any updates you’re able to share would be really helpful.

I'm here and happy to help! Thank you for your kindness and patience!

---

If you have extra questions about this answer, please click "Comment". 

Note: Please follow the steps in [our documentation] to enable e-mail notifications if you want to receive the related email notification for this thread.