![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(284.8, 3%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EG%3C/text%3E%3C/svg%3E)
Microsoft Security | Microsoft Authenticator
A Microsoft app for iOS and Android devices that enables authentication with two-factor verification, phone sign-in, and code generation
Because two-step verification is enabled and the only configured methods are Microsoft Authenticator and a code sent via the same mechanism, access can only be restored by either:
- Using another existing verification method
- If any other security info was added previously (another phone number, alternate email, or a different authenticator app/device), use that method to sign in.
- For personal Microsoft accounts, sign in at the Microsoft account Security page and choose Manage how I sign in → use an alternate method under Ways to prove who you are if one is available.
- If sign-in succeeds, remove the old Authenticator registration and add the new phone as a fresh method.
- Using the account recovery flow (personal Microsoft account)
- If two-step verification is turned on, password reset and recovery require two contact methods (for example, a code from an authenticator app and a code sent to a backup email or phone).
- Follow the steps in How to reset your Microsoft account password (linked from the two-step verification article). When prompted, select the available alternate contact methods (backup email, phone) to receive codes.
- After regaining access, go to Security → Advanced security options and remove the old Authenticator entry under Ways to prove who you are, then add the new Authenticator app.
- If no alternate method exists and only Authenticator is configured
- With two-step verification enabled and no other security info, the account cannot be recovered self-service; the password alone is not sufficient.
- For a work or school (Microsoft 365 business/education) account:
- Contact the organization’s help desk or Microsoft 365 administrator and ask them to reset the multifactor authentication settings for the account in the Microsoft Entra admin center. After they clear the MFA methods, the next sign-in will prompt to re-register Authenticator on the new phone.
- If this is the only global admin account in the tenant, the Microsoft Data Protection team must be involved. Use the regional Microsoft customer service phone number and request a service ticket for an admin MFA reset, stating clearly that this is the only administrator account and that access to Authenticator was lost.
- For a personal Microsoft account with no alternate security info and two-step verification turned on, recovery may not be possible; the documentation warns that access can be permanently lost if both the password and security methods are unavailable.
Going forward, always keep at least two or three different security methods configured (for example, Authenticator on a primary phone, SMS to a mobile number, and an alternate email) so that losing one device does not lock out the account.
References:
- How to go passwordless with your Microsoft account
- How to use two-step verification with your Microsoft account
- Common problems with two-step verification for a work or school account
- Microsoft Authenticator FAQs
- How Do I Regain Access to My Account After Losing Access to Microsoft Authenticator? (Urgent Request). - Microsoft Q&A
- I have a Micrsoft business account and I am the admin and the only user registered under this account. I can't log in because i have replaced my phone and the authenticator doesn't work. - Microsoft Q&A
- Microsoft authenticator sending me into a spiral - Microsoft Q&A
- Requesting a Tenant Admin MFA Reset - Microsoft Q&A