How do I reset MFA

Question

I am locked out of my Microsoft 365 Business account due to MFA. I am the only Global Administrator and cannot access my tenant or support portal. I need MFA reset on my admin account. How do i do this, who do i approach?

Answer 1

Because multifactor authentication is blocking access and there is no other Global Administrator in the tenant, MFA cannot be reset self-service. Recovery must go through Microsoft support (Data Protection / Tenant Recovery).

Use these steps:

1. Try any alternative sign-in methods first
   • If any other MFA method was configured (SMS, voice call, alternate authenticator, hardware token), use Other verification options on the sign-in screen and try those methods.
   • If another admin exists in the tenant, that admin can reset MFA for the locked-out account by using Require re-register multifactor authentication in the Microsoft Entra admin center, as described in the Q&A guidance.
2. If you are truly the only Global Administrator and cannot pass MFA
   • You must work with Microsoft’s Data Protection/Tenant Recovery team via support. Frontline support or forum moderators cannot directly change your MFA settings.
3. Contact Microsoft by phone (primary path)
   • Call Microsoft global customer service using the phone numbers listed under Customer service phone numbers - Microsoft Support / Find Microsoft 365 for business support phone numbers by country or region in the context.
   • When the IVR asks what the problem is, clearly state that this is an Office 365/Microsoft 365 for business account, that you are the only Global Administrator, and that you are locked out due to MFA with no other methods.
   • Explicitly request creation of a service request with the Data Protection team (sometimes called Tenant Recovery) to reset the authentication methods for the tenant’s only Global Administrator.
4. If phone support is hard to reach
   • As an alternative, create a temporary trial Microsoft 365 tenant (with a different domain) and use that tenant’s admin center to open a support ticket.
   • In that ticket, explain that the request is on behalf of your original tenant, that you are the only Global Administrator there, and that you need Data Protection to reset MFA on the original tenant’s admin account.
5. After Data Protection verifies ownership
   • The Data Protection team will contact you (email/phone) and perform verification steps.
   • Once they reset MFA/clear methods, sign in again; you will be prompted to re-register MFA (Authenticator, phone, etc.).
   • Configure at least two MFA methods (for example, Authenticator app plus phone) to avoid future lockouts.

If at any point another Global Administrator is identified in the tenant, that admin can:

1. Sign in to the Microsoft Entra admin center.
2. Go to Users > All users, select the locked-out admin account.
3. Open Authentication methods.
4. Select Require re-register multifactor authentication so the account can set up MFA again at next sign-in.

---

References:

• Can't use Azure Multi-Factor Authentication to sign in to cloud services after you lose your phone or the phone number changes
• You don't receive a text or voice call that contains the verification code for Microsoft Entra multifactor authentication
• Common problems with two-step verification for a work or school account
• Preventing tenant lockouts
• Reset passwords in Microsoft 365 for business
• I need to reset my mfa methods - Microsoft Q&A
• Global Admin Locked out - Microsoft Q&A
• Requesting a Tenant Admin MFA Reset - Microsoft Q&A
• Severity A Situation - Locked out of global admin account (MFA) - business down - Microsoft Q&A
• Microsoft authenticator sending me into a spiral - Microsoft Q&A
• Find the administrator for your work or school account
• All about passwords