![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(96, 44%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EL%3C/text%3E%3C/svg%3E)
Microsoft Security | Microsoft Authenticator
A Microsoft app for iOS and Android devices that enables authentication with two-factor verification, phone sign-in, and code generation
Bypassing Microsoft 365 MFA for a locked-out sole Global Administrator is not possible. MFA cannot be skipped or disabled from the sign-in page, and support agents or community moderators cannot turn it off for an account on request.
To regain access when the only Global Admin has lost Microsoft Authenticator and has no alternative MFA methods, the supported recovery path is through Microsoft’s Data Protection / Tenant Recovery process.
Use the following approach:
- Try any alternative verification methods (if they exist)
- If any other security verification options were ever configured (SMS, voice call, alternate phone, etc.), select “Other verification options” at sign-in and use those instead.
- If none exist or they also fail, proceed to step 2.
- If there is another Global Admin (not in this case)
- A different Global Admin could reset MFA by:
- Going to Microsoft Entra ID in the Azure portal → Users → select the locked-out user → Authentication methods → Require re-register multifactor authentication.
- This does not apply here because there are no other Global Admins.
- A different Global Admin could reset MFA by:
- As the only Global Admin: contact Microsoft Data Protection team
- This is the required route when the sole Global Admin is locked out and cannot complete MFA.
- Call the regional support number listed under Customer service phone numbers - Microsoft Support or Support for Business Products (from the context). Ask to open a ticket with the Microsoft 365 / Microsoft Entra Data Protection team for tenant admin account recovery.
- Clearly state:
- This is a work/company Microsoft 365 tenant.
- The caller is the only Global Administrator.
- MFA is enforced and the only method was Microsoft Authenticator on a lost/reset phone.
- The admin can still provide username and password but cannot complete MFA.
- Follow their identity and tenant ownership verification process. They have internal tools and procedures to reset the MFA registration for a locked-out sole Global Admin.
- If frontline support misroutes the call
- If told to “contact your admin” or that the account is “commercial” and they cannot help, insist that this is a tenant lockout of the only Global Admin and request escalation to the Data Protection team.
- Optional workaround to open a ticket if phone support is difficult
- Create a new trial Microsoft 365 tenant (separate from the locked tenant).
- In the new tenant’s Microsoft 365 Admin Center, go to Support → Help & support and open a ticket.
- In the ticket, explain that the issue is with a different existing tenant where the only Global Admin is locked out due to lost Authenticator and no other MFA methods.
- Provide the locked tenant’s domain and admin UPN so support can route the case to the Data Protection team.
There is no supported way to temporarily bypass or disable MFA on the locked account from the outside. Recovery must go through Microsoft support (Data Protection / Tenant Recovery) so they can reset the MFA registration after verifying identity.
References:
- Troubleshoot sign-in issues and account access problems
- You don't receive a text or voice call that contains the verification code for Microsoft Entra multifactor authentication
- Global Admin Locked out - Microsoft Q&A
- Severity A Situation - Locked out of global admin account (MFA) - business down - Microsoft Q&A
- I have a Micrsoft business account and I am the admin and the only user registered under this account. I can't log in because i have replaced my phone and the authenticator doesn't work. - Microsoft Q&A
- Requesting a Tenant Admin MFA Reset - Microsoft Q&A
- Microsoft authenticator sending me into a spiral - Microsoft Q&A
- Use a screen reader to set up and troubleshoot multifactor authentication
- Common problems with two-step verification for a work or school account