![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(240, 55.00000000000001%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPM%3C/text%3E%3C/svg%3E)
Microsoft Security | Microsoft Authenticator
A Microsoft app for iOS and Android devices that enables authentication with two-factor verification, phone sign-in, and code generation
Because the phones were replaced, the existing Microsoft Authenticator registrations no longer work and the MFA methods must be reset by an administrator or support.
Use the appropriate path based on the type of account:
- If this is a work/school (Microsoft Entra / Microsoft 365) account and there is an admin for the tenant
Ask the client’s Microsoft 365/Microsoft Entra administrator to reset MFA for the affected users:- Admin signs in to the Microsoft Entra admin center (
https://entra.microsoft.com). - Go to Users → All users and select the affected user.
- Open Authentication methods.
- Choose Require re-register multifactor authentication.
After this, the next sign-in will prompt to set up Microsoft Authenticator again on the new phone.
- Admin signs in to the Microsoft Entra admin center (
- If the affected users are end users in a client’s tenant
Because the portal belongs to the client, only the client’s own IT/admin team can reset MFA for those accounts. Ask the client to have their IT admin follow the same “Require re-register multifactor authentication” process for each impacted user. - If the locked-out user is the only global admin in the tenant
When there is no other admin who can reset MFA, the Microsoft Data Protection team must be involved:- Call Microsoft using the appropriate number from Customer service phone numbers - Microsoft Support.
- In the IVR/with the agent, clearly state that this is a tenant admin locked out due to Authenticator/MFA and that there is no other global admin.
- Ask them to open a ticket with the Data Protection team to reset the admin’s authentication methods.
- If this is a personal Microsoft account
The tenant/Entra admin steps do not apply; use the standard account recovery and password reset flows instead. If MFA is enforced only via Authenticator and the device is lost, recovery must be handled through Microsoft’s account recovery process.
Until MFA is reset, new phones will not receive prompts and sign-in to the client’s portal will remain blocked.
References:
- Troubleshoot problems with Microsoft Authenticator
- Common problems with two-step verification for a work or school account
- Use a screen reader to set up and troubleshoot multifactor authentication
- Microsoft authenticator sending me into a spiral - Microsoft Q&A
- I need to reset my mfa methods - Microsoft Q&A
- I have a Micrsoft business account and I am the admin and the only user registered under this account. I can't log in because i have replaced my phone and the authenticator doesn't work. - Microsoft Q&A
- Requesting a Tenant Admin MFA Reset - Microsoft Q&A
- Severity A Situation - Locked out of global admin account (MFA) - business down - Microsoft Q&A
- Microsoft Invest - Troubleshoot Multi-Factor Authentication (MFA)
- Microsoft Monetize - Troubleshooting MFA
- Microsoft Curate - Troubleshoot Multi-Factor Authentication (MFA)