URGENT: Cannot access Global Admin account – MFA device unavailable

Question

Dear Microsoft Support / Community,

I am writing to ask for guidance on how to regain access to my Microsoft 365 tenant as a single Global Administrator who is currently locked out due to MFA on a lost/replaced iPhone.

I am the only Global Administrator for my tenant, and my admin account is protected with Microsoft Authenticator (MFA) on my iPhone. Recently, I sent my iPhone for repair and I have been informed that it will be replaced with a new device. The Microsoft Authenticator app and all related certificates are installed only on the old iPhone.

Because of this, I am currently unable to complete the MFA step for my admin account and I am effectively locked out of the Microsoft 365 Admin Center. There is no secondary admin account in my tenant, so I cannot use another admin to reset my MFA.

I would like to know what is the correct procedure to reset the MFA settings for my global admin account so that I can register Microsoft Authenticator on my new iPhone, given that I am the only Global Administrator.

For privacy reasons, I am not posting my exact tenant name or email addresses here, but I can provide the following information directly to Microsoft Support through a secure channel if required:

• Admin account email (work account)
• Tenant domain (onmicrosoft.com)
• User Principal Name (UPN)
• Company / organization name
• Subscription type (for example: Microsoft 365 Business Standard)
• Alternate email address for contact
• Contact phone number

Additional information about my situation:

• My previous iPhone, which had Microsoft Authenticator installed, has been sent to Apple for repair and will be replaced with a new device.
• I do not have another device or backup that I can use to approve the MFA request.
• I have access to the tenant’s billing email and can provide additional proof of ownership or billing information if required.

I understand the security implications of resetting MFA and I am willing to complete any additional verification steps needed to prove ownership of this tenant and admin account.

My questions are:

1. What is the recommended process for a single Global Admin who is locked out due to a lost/replaced phone with Microsoft Authenticator?
2. How can I contact Microsoft Support so that they can verify my ownership and help reset my MFA in this situation?

Thank you in advance for your guidance.

---

Moved from: Microsoft Security | Microsoft Authenticator

Answer 1

Hello @65444053,

I'm sorry to hear about your locked out issue.

If you are the only administrator in your organization, you will need to contact the Microsoft Data Protection team, as they are the only group authorized and equipped with the necessary tools and verification procedures to confirm your identity and restore administrator access. 

Please try to find the related hotline number to call the frontline and let them raise a ticket for you: Customer service phone numbers - Microsoft Support 

Please carefully follow this instruction to ask for Microsoft Data Protection team support:   

Depending on your country or region. For some countries, when calling the support number, although there are about 30 seconds opening as something "you can visit the link...." But you can ignore this opening and wait until the option, then "1" as a business email user, "1" again for technical help.   

For some countries, it will be an automated conversation like:    

• First, when you call the hotline, it asks what kind of problem you are worried about.   
• Answered: authenticator.   
• A: What kind of product are you using?   
• B: Microsoft 365 for business.   
• A confirmation: education or company account?   
• B: For companies   
• A: Are you an administrator?   
• B: Yes.   
• A: Do you have the other admin in your organization?   
• B: No.   
• A: You need one.... Service request?   
• B: Yes   

If calling the support line in your region is difficult, you may try another regional support number that offers service in your language, or contact the English support line if you’re comfortable speaking English. 

If your organization's subscription is from a partner or reseller, contact the reseller's support provider to help open a service request on behalf of you instead.   

Please understand that forum moderators have no control over user accounts, especially when it comes to logging in to your account, resetting your password, changing your access, etc.   

If you encounter any difficulties in contacting the frontline support, please feel free to let me know. Thank you and I wish you a great day!  

---

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Answer 2

1. For a single Global Administrator who is locked out because the Microsoft Authenticator app is no longer available and no other MFA methods are configured, the only supported path is tenant recovery through Microsoft Support (Data Protection). Forum moderators and the Microsoft for Nonprofits team cannot bypass identity verification, reset MFA directly, or grant access without going through the official process. All tenant ownership and access decisions are handled through Microsoft 365 / Entra ID support. When there is another Global Admin, that admin can fix this by:
   • Signing in to the Azure portal → Microsoft Entra ID → Users → select the locked-out user → Authentication methods → Require re-register multifactor authentication.
   • After this, the affected admin signs in again and is prompted to set up MFA (for example, Microsoft Authenticator on the new phone).
   In the scenario described, there is no second Global Admin, so this self-service admin path is not available. Microsoft’s Data Protection / Tenant Recovery team must verify identity and then reset the MFA registration for the Global Admin account.
2. To contact Microsoft Support so they can verify ownership and reset MFA as a single Global Admin, use one of these supported approaches: Primary method – Call Microsoft global customer service and request Data Protection support
   • Call the regional number listed under Customer service phone numbers - Microsoft Support.
   • When interacting with the IVR/agent, clearly state:
     • The issue is with Microsoft Authenticator / MFA.
     • The product is Office 365 / Microsoft 365 for business.
     • The account is a company / work account, not personal.
     • Confirm being an administrator and that there is no other administrator in the organization.
     • Request to create a service request and be routed to the Data Protection (Tenant Recovery) team to reset the authentication methods for the Global Admin account.
   • Be prepared to provide:
     • Admin UPN and tenant domain (including the .onmicrosoft.com domain).
     • Organization name and subscription type.
     • Billing-related proof (invoices, payment details) and any other documentation requested to prove tenant ownership.
   Alternative method – Create a temporary trial tenant to open a support ticket If reaching a live agent directly is difficult:
   • Sign up for a new Microsoft 365 trial tenant (separate from the locked tenant).
   • In the new tenant, go to the Microsoft 365 Admin Center → Support → Help & support.
   • Open a support ticket explicitly stating:
     • This new tenant is only being used to contact support.
     • The real problem is lockout from a different, existing tenant where you are the only Global Admin.
     • Provide the locked tenant’s domain, admin UPN, error behavior (MFA prompt that cannot be completed), and confirmation that there is no other admin.
   • Ask to be connected to the Data Protection / Tenant Recovery team for the original tenant.
   The Data Protection team has specific tools and processes to verify identity and restore access when a single Global Admin is locked out due to MFA. After verification, they can reset MFA registration so that sign-in will prompt for new MFA setup on the replacement iPhone. Note: Microsoft for Nonprofits and community moderators can help with guidance and escalation paths but cannot themselves reset MFA or grant tenant access without going through these official support channels.

---

References:

• Tenant access recovery
• Frequently asked questions about Microsoft Entra multifactor authentication
• You don't receive a text or voice call that contains the verification code for Microsoft Entra multifactor authentication
• Common problems with two-step verification for a work or school account
• Mandatory multifactor authentication for Azure and admin portals
• Global Admin Locked out - Microsoft Q&A
• Requesting a Tenant Admin MFA Reset - Microsoft Q&A
• Severity A Situation - Locked out of global admin account (MFA) - business down - Microsoft Q&A
• I have a Micrsoft business account and I am the admin and the only user registered under this account. I can't log in because i have replaced my phone and the authenticator doesn't work. - Microsoft Q&A
• I need to reset my mfa methods - Microsoft Q&A