![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(208, 83%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESM%3C/text%3E%3C/svg%3E)
Microsoft Security | Microsoft Authenticator
A Microsoft app for iOS and Android devices that enables authentication with two-factor verification, phone sign-in, and code generation
To restore access to the Microsoft 365 admin center when Microsoft Authenticator/MFA is blocking sign-in, the recovery path depends on whether there are other admins in the tenant.
- Try any alternative MFA method
- On the MFA prompt, select options like “Use a different verification option” or “I can’t use my authenticator app right now” if available.
- Use SMS, phone call, or another registered method if one is configured.
- If there is another Global Administrator Ask another Global Administrator in the tenant to reset MFA for the affected admin account:
- Sign in to the Microsoft Entra admin center.
- Go to Identity → Users → All users.
- Select the locked-out admin account.
- Open Authentication methods.
- Select Require re-register multifactor authentication.
- Sign out and sign in again with the affected admin account; it will be prompted to set up MFA (Authenticator, SMS, etc.) from scratch.
- If there is no other admin (only one admin in the tenant) When the only admin is locked out by MFA, the Microsoft Data Protection team must reset the authentication methods:
- Call Microsoft using the Customer service phone numbers - Microsoft Support page.
- In the IVR/automated system, clearly indicate:
- Issue: Authenticator / MFA sign-in problem.
- Product: Office 365 for business / Microsoft 365 for business.
- Account type: Company account.
- Role: Global administrator.
- Clarify: There are no other admins in the organization and MFA is blocking access to the admin center and billing.
- Ask to create a service request with the Data Protection team to reset the admin’s MFA.
- Be prepared to verify identity and tenant ownership as requested.
If support routing is difficult, a workaround used in similar cases is:
- Create a temporary trial Microsoft 365 tenant (separate from the locked one).
- In that new tenant’s admin center → Support → Help & support, open a ticket explaining that the request is for MFA reset on a different existing tenant where the admin is locked out and is the only administrator.
- While waiting for resolution
- Do not delete or change the existing Microsoft Authenticator app registration unless instructed by support.
- Keep any proof of ownership (billing info, domain details, etc.) ready for the Data Protection team.
Only Microsoft support/Data Protection can reset MFA when the sole admin is locked out; forum moderators and standard support channels cannot bypass MFA or send verification codes.
References:
- Common problems with two-step verification for a work or school account
- "Account verification system is having trouble" error message when you try to sign in by using a work or school account
- I have a Micrsoft business account and I am the admin and the only user registered under this account. I can't log in because i have replaced my phone and the authenticator doesn't work. - Microsoft Q&A
- Reset Personal Azure MFA - Microsoft Q&A
- Requesting a Tenant Admin MFA Reset - Microsoft Q&A
- Microsoft authenticator sending me into a spiral - Microsoft Q&A
- Microsoft Authenticator app doesn't show 6-digit OTP code - Microsoft Q&A
- Troubleshoot Microsoft verification code issues