Share via

Authenticator app not functional

Jone Fattnes (Vetco Gray Scandinavia AS) 0 Reputation points
2026-04-22T08:20:31.78+00:00

I'm not able to perform the steps to set up MFA on the authenticator app

Microsoft Security | Microsoft Authenticator
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest

  1. AI answer

    2026-04-22T08:21:03.77+00:00

    If the Microsoft Authenticator app is not functional and MFA setup cannot be completed, the next steps depend on whether there is access to other sign-in methods and whether an administrator can help.

    1. If there is another MFA method available (phone call, SMS, or another app)
      • Go to the security info page at https://aka.ms/mysecurityinfo.
      • Use an existing method (for example, phone or SMS) to sign in.
      • Under Security info, delete the non-working Authenticator method.
      • Select Add sign-in method, choose Authenticator app or Phone, and follow the prompts to set up a new working method.
    2. If there is a new phone and the old phone/Authenticator no longer works
      • In a browser, go to the Additional security verification page (for example, via the Security info link from the account profile as described in the screen-reader guidance).
      • Delete the old phone or Authenticator information.
      • Add the new phone as a sign-in method and then install and configure Microsoft Authenticator on the new device.
    3. If no alternative MFA method works and this is a work or school account
      • Contact the organization’s Microsoft Entra (Azure AD) administrator and ask them to reset MFA:
        • In the Microsoft Entra admin center, the admin goes to Identity → Users → All users.
        • Select the affected user → Authentication methods → select Require re-register multifactor authentication.
      • After this, sign in again and complete MFA setup from scratch (Authenticator app, phone, etc.).
    4. If the account has reached the limit of registered Authenticator devices (maximum 5)
      • Go to https://aka.ms/mysecurityinfo and delete one or more existing Authenticator sign-in methods, then try to add the app again.
      • If that is not possible (for example, due to security defaults or lack of access), a Global Administrator can remove the Authenticator registrations using Microsoft Graph:
        • In Graph Explorer, sign in as Global Administrator.
        • Run a GET request to https://graph.microsoft.com/beta/users/<user-principal-name>/authentication/microsoftAuthenticatorMethods to list Authenticator methods.
        • Copy the id of each method to remove.
        • Run DELETE on https://graph.microsoft.com/beta/users/<user-principal-name>/authentication/microsoftAuthenticatorMethods/<authenticator-id-guid> for each unwanted method.
        • After deletion, attempt MFA setup again.
    5. If locked out and the user is the only admin with no other methods
      • A separate admin account (if available) should reset MFA as above.
      • If there is no other admin, Microsoft’s Data Protection team must be engaged via Microsoft support phone channels to verify identity and reset MFA from the service side, as described in the referenced Q&A resolutions.

    If the admin has set Conditional Access or security policies that block Authenticator registration, those policies must be adjusted by the admin before Authenticator can be set up.

    References:

    AI-generated content may be incorrect. Read our transparency notes for more information.

    Was this answer helpful?

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.