![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(169.60000000000002, 84%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EP1%3C/text%3E%3C/svg%3E)
Microsoft Security | Microsoft Authenticator
A Microsoft app for iOS and Android devices that enables authentication with two-factor verification, phone sign-in, and code generation
A new QR code for Microsoft Authenticator is generated only when signing in and re-registering MFA on the account. The exact steps depend on whether there is another way to sign in and whether this is a personal or work/school (Microsoft Entra ID) account.
Use these options:
- If there is another MFA method (SMS, phone call, email, passkey)
- On a browser, go to the Additional security verification / Security info page for the account (for Microsoft 365 this is reached via office.com → account manager → View account → Update info → Security info).
- Sign in using the alternative method (SMS, call, etc.).
- Remove the old phone/Auth app entry.
- Choose Add sign-in method → select Phone or Authenticator app.
- When choosing Authenticator app, the portal will display a new QR code; scan it with Microsoft Authenticator on the new phone to activate.
- If this is a work/school account and there is no alternative method
- If this is a business/education account and an admin is available, the admin must reset MFA:
- Admin goes to Microsoft Entra admin center → Users → All users → select the user → Authentication methods → Require re-register multifactor authentication.
- Next sign-in will prompt for new Authenticator setup and show a new QR code.
- If this is the only admin account on the tenant and there is no access at all, Microsoft’s Data Protection team must reset the authentication methods. This is done by calling Microsoft Support using the country-specific customer service phone number and asking to raise a ticket for an admin locked out due to Authenticator.
- If this is a business/education account and an admin is available, the admin must reset MFA:
- If this is a personal Microsoft account and there is no alternative method
- Follow the account recovery and alternative verification flows (SMS, email, etc.) shown on the sign-in page. If none work and there is truly no access to any configured methods, direct reset from Authenticator alone is not possible; recovery must be done through Microsoft’s account security and support flows.
- If push notifications are going to an old device
- If the old phone still exists and has Authenticator installed, open it and approve the sign-in, then remove the old device from account security settings and re-register Authenticator on the new phone.
- If the old device is gone, use another verification method (SMS, etc.) to sign in, then remove the old device and add the new one as above.
A QR code cannot be generated directly from the app; it is always created by the account’s security/MFA setup page after a successful sign-in or an admin/Data Protection reset.
References:
- Use a screen reader to set up and troubleshoot multifactor authentication
- Microsoft Authenticator FAQs
- I have a Micrsoft business account and I am the admin and the only user registered under this account. I can't log in because i have replaced my phone and the authenticator doesn't work. - Microsoft Q&A
- Microsoft authenticator sending me into a spiral - Microsoft Q&A
- Requesting a Tenant Admin MFA Reset - Microsoft Q&A