authenticator asking for code from itself

Question

I got a new phone and am in a new location. I can't log in to my 365 business account, because it wants a code from Authenticator, and I can't log into Authenticator because it is asking for a code from itself.

I am locked out, and I can't seem to find IT support anywhere. I am the IT person. I need help from Microsoft, but it keeps telling me to search online. I see this has happened many times, but the answers are all blocked and and removed because of being against community standards.

HELP!

Answer 1

The account is locked in an MFA loop because the only configured verification method is Microsoft Authenticator on the old device, and there is no accessible alternative method (like SMS or another admin) to break the loop. In this situation, recovery depends on whether this is a work/school (business) tenant and whether there are other admins.

Follow the path that matches the situation:

1. If this is a work/school (Microsoft 365 business) account and there is another admin
   Ask another Global Admin to reset the MFA registration:
   • Go to Microsoft Entra admin center: https://entra.microsoft.com
   • Navigate to Users → All users.
   • Select the locked-out user account.
   • Open Authentication methods.
   • Select Require re-register multifactor authentication.
     After this, sign in again; the sign-in flow will prompt to set up Authenticator from scratch on the new phone.
2. If this is a work/school (Microsoft 365 business) account and there is NO other admin (sole global admin)
   In this case, only Microsoft’s Data Protection team can unlock the tenant and reset MFA. The process is: Option A – Call Microsoft support and ask for Data Protection team
   1. Call the appropriate number from Customer service phone numbers - Microsoft Support.
   2. Ignore any initial message suggesting self-help and wait for menu options.
   3. When prompted by IVR, respond along these lines (wording from the documented flow):
      • Problem type: say “Authenticator” or “Lost account”.
      • Product: “Office 365 for business”.
      • When asked: education or company account? → say “For companies”.
      • When asked: Are you an administrator? → “Yes”.
      • When asked: Do you have another administrator in your organization? → “No”.
      • When asked if a service request is needed → “Yes, I need to create a ticket. Please route me to the Data Protection team.”
   4. When connected to an agent, clearly state:
      • Locked out of the global admin account due to Microsoft Authenticator on a lost/new phone.
      • There is no other admin in the tenant.
      • Need MFA reset / tenant admin recovery.
        The Data Protection team will verify identity and ownership and then reset the admin’s authentication so sign-in can be completed and Authenticator reconfigured on the new phone.
   Option B – If phone support cannot be reached, create a temporary trial tenant to open a ticket
   1. Sign up for a new Microsoft 365 trial tenant (any business/enterprise trial is fine) using the public trial link from the documentation (for example, from Compare Office 365 Enterprise Pricing and Plans | Microsoft 365 or Microsoft 365 Business Plans and Pricing | Microsoft 365 as referenced).
   2. Complete the trial setup; this creates a separate tenant where there is Global Admin access.
   3. Go to Microsoft 365 Admin Center for the new tenant: https://admin.microsoft.com.
   4. Open Support → Help & support.
   5. Create a support ticket with details that it is for another, existing tenant where the sole global admin is locked out by MFA. Include:
      • Admin UPN (email) of the locked tenant.
      • Locked tenant’s domain name.
      • Error behavior (Authenticator loop, no code, new phone).
      • Explicit statement that this is the only global admin.
   6. Ask to be connected to or escalated to the Data Protection team for tenant admin MFA reset.
   7. After the original tenant is recovered, cancel the trial in the new tenant (Admin Center → Billing → Your products) to avoid charges.
3. If this is a work/school account and the user is not an admin
   • Contact the organization’s Microsoft 365/Entra admin and ask them to reset MFA as in step 1 above.
   • If the admin is unknown, use the guidance in How do I find my Microsoft 365 admin? - Microsoft Support (linked in context) to identify the admin and request an MFA reset.
4. If repeated attempts have caused a temporary security block
   If many sign-in attempts or verification requests were made, Microsoft may temporarily block verification to protect the account. In that case:
   • Avoid repeated attempts; do not keep requesting codes.
   • Wait up to 24 hours (or longer, up to a week) before trying again, as documented.
   • When trying again, use any alternative verification method if one exists (SMS, alternate email). If none exists, revert to the Data Protection path above.

This scenario cannot be resolved purely by self-service if there is no alternative MFA method and no second admin; it requires Microsoft support (Data Protection team) to reset the admin’s MFA so Authenticator can be re-enrolled on the new phone.

---

References:

• Common problems with two-step verification for a work or school account
• Troubleshoot Microsoft verification code issues
• I have a Micrsoft business account and I am the admin and the only user registered under this account. I can't log in because i have replaced my phone and the authenticator doesn't work.
• I cant log in to my business account because it is requiring Authenticator app which I do not have
• Microsoft authenticator sending me into a spiral
• Requesting a Tenant Admin MFA Reset
• Severity A Situation - Locked out of global admin account (MFA) - business down