Locked out of Microsoft 365 as sole global admin – MFA reset needed

Question

I am the sole global admin of my Microsoft 365 tenant and I am completely locked out because I no longer have access to my Microsoft Authenticator app. I cannot log in to my business email at all.

I need a manual MFA reset to regain access. I am the original creator of this tenant and domain and can provide proof of ownership, including domain registration, billing info, or other required verification.

Please escalate this to a Microsoft 365 support engineer who can manually reset MFA, as I cannot access the automated or phone support options.

---

Moved from: Microsoft Security | Microsoft Authenticator

Answer 1

Dear @Silverio Onorato,

I’m really sorry to hear about the trouble you’re experiencing signing in to your Microsoft 365 tenant.

Please understand that this is a user‑to‑user support forum, and I don’t have the ability to access accounts, reset MFA, escalate cases internally, or act on your behalf with Microsoft Support. For security and privacy reasons, those actions can only be handled by Microsoft’s official support teams.

Based on your description, this is a tenant lockout scenario involving the only Global Administrator, the correct and required path is to involve Microsoft’s Data Protection team. They are the only team authorized to manually reset MFA after verifying tenant ownership.

I kindly recommend that you try contacting Microsoft Support one more time, following the guidance below, which has helped other customers in similar situations:

Please try to find the related hotline number to call the frontline let them raise a ticket for you: Customer service phone numbers - Microsoft Support 

In some countries, this is an automated conversation: First, when you call the hotline, they will ask you what kind of problem you are struggling with. 

Answer: Authenticator. 

A: What products do you use? 

B: Office 365 for business. 

Verification: Education or company account? 

B: For companies 

A: Are you an administrator? 

B: Yes. 

A: Are there any other administrators in your organization? 

B: No. 

A: I need one.... Service request? 

B: Yes 

  If your organization's Office 365 Business subscription is from a partner or reseller, contact the reseller's support provider to help open a service request on behalf of you instead. 

 

If you still cannot reach to agent, there is still a workaround, you might consider registering for a new tenant by signing up for a trial subscription via this link Compare All Microsoft 365 Plans | Microsoft. This would allow you to create a new tenant following the provided prompts. Once set up, you can access the admin console of the new tenant and submit a support ticket requesting to speak with the Data Protection team on behalf of your previous tenant.  

Please remember to cancel the trial subscription once your issue is resolved to avoid any unintended charges.  

I understand that this entire process can feel long and complicated, and I truly appreciate your patience while working through it. These steps are in place to protect the security of your account, so I hope you can understand why they are required. I sincerely hope you’ll be able to regain access to your account soon. If you need help at any point, or if you have any questions during the process, please feel free to reach out, I’m always here and happy to assist.  

Thank you again for your understanding and patience.

Warm regards, 

---

If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".    

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.   

Answer 2

A manual MFA reset for a sole global admin can only be performed by Microsoft’s Data Protection / Tenant Recovery teams after identity and tenant ownership are verified. Community, forums, or tools here cannot directly escalate or perform the reset.

To regain access as the only global admin, use one of these supported paths:

1. Contact Microsoft Data Protection / Tenant Recovery by phone
   This is the primary and supported method when the only global admin is locked out due to MFA:
   • Call Microsoft global customer service using the regional numbers listed at Customer service phone numbers - Microsoft Support.
   • When navigating the IVR, clearly indicate:
     • The issue is with Authenticator / MFA.
     • The product is Office 365 for business / Microsoft 365 for business.
     • It is a company account (not personal).
     • Confirm being an administrator and that there are no other administrators.
     • Request creation of a service request and ask to be routed to the Microsoft 365 Data Protection team or Data Protection / Tenant Recovery for an admin MFA reset / tenant lockout.
   • Be prepared to provide proof of ownership (domain, billing, registration, etc.) as requested.
2. If phone routing fails, create a temporary trial tenant to open a support ticket
   If support cannot be reached or properly routed from the locked tenant:
   • Sign up for a new Microsoft 365 trial tenant (a separate environment).
   • Sign in to the Microsoft 365 Admin Center of this new tenant.
   • Go to Support → Help & support and open a ticket.
   • In the ticket, clearly state that:
     • There is an existing tenant (csospecialized.com) where you are the sole global admin.
     • You are locked out due to MFA (lost access to Microsoft Authenticator and no other methods).
     • You need the Data Protection team to perform MFA reset / admin recovery on the original tenant.
     • Provide the locked tenant’s admin UPN, domain, and any error messages.
   • This trial tenant is only a channel to reach support; it will not give access to the locked tenant’s data.
3. If your subscription is through a partner (CSP)
   If a Microsoft partner or CSP manages the tenant:
   • Contact the partner and ask them to open a Data Protection / tenant lockout ticket with Microsoft on your behalf.

Key points based on Microsoft guidance:

• When there is another global admin, that admin can use “Require re-register multifactor authentication” in Microsoft Entra ID to reset MFA. In your case, being the only global admin, this is not possible, so Data Protection must handle it.
• Microsoft for Nonprofits, forums, or community moderators cannot bypass identity verification or directly grant access; all tenant access decisions and MFA resets for locked-out sole admins go through Microsoft 365 support / Data Protection.

Follow one of the above support paths, explicitly request the Data Protection team, and be ready with domain and billing proof so they can verify ownership and reset your MFA registration.

---

References:

• Tenant access recovery
• You don't receive a text or voice call that contains the verification code for Microsoft Entra multifactor authentication
• Preventing tenant lockouts
• Troubleshoot sign-in issues and account access problems
• Global Admin Locked out - Microsoft Q&A
• Severity A Situation - Locked out of global admin account (MFA) - business down - Microsoft Q&A
• I have a Micrsoft business account and I am the admin and the only user registered under this account. I can't log in because i have replaced my phone and the authenticator doesn't work. - Microsoft Q&A
• Requesting a Tenant Admin MFA Reset - Microsoft Q&A
• I need to reset my mfa methods - Microsoft Q&A