![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(281.6, 89%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EC%3C/text%3E%3C/svg%3E)
When all security info on a Microsoft account is removed and replaced (for example, when changing the phone number and removing the old one), the account goes into a restricted state for 30 days. During this 30‑day period, access to sensitive areas like the full security page and actions that require a security code (such as updating password, parental controls, or account aliases) is blocked.
This 30‑day wait cannot be bypassed. It is a built‑in protection in case someone with unauthorized access removed the existing security info. Notifications are sent during this period to the original phone/email to alert about the change and, in some cases, allow canceling the request.
While waiting for the 30 days to pass, it is still possible to:
- Sign in and use most Microsoft services (Xbox, Skype, Outlook.com, OneDrive, etc.)
- View order history
- Make purchases from the Microsoft Store
- Manage subscriptions
- Update billing or mailing address
But it is not possible to:
- Access the OneDrive Personal Vault
- Update payment options (like changing credit card info)
- Update password
- Access parental controls
- Update account aliases
To avoid this situation in the future:
- Avoid changing all security info at once.
- Always keep more than one security option (phone, email, authenticator app) on the account.
- Use an authenticator app where possible.
- Regularly review security info to ensure it is still valid.
After the 30‑day period ends, the new phone number will become active security info and the security page will be fully accessible again.
References: