![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(16, 44%, 11%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDJ%3C/text%3E%3C/svg%3E)
Microsoft Security | Microsoft Authenticator
A Microsoft app for iOS and Android devices that enables authentication with two-factor verification, phone sign-in, and code generation
Based on the described behavior (unable to turn on cloud backup anymore, restore failing, and sign-in to the Authenticator backup account failing while other Microsoft services still work), the situation most likely involves either:
- A sign-in / security issue on the account used for Authenticator backup, or
- A protection/block specific to Authenticator on the device(s).
From the available guidance, the following steps are supported:
- Verify device and app prerequisites
- Ensure both Android devices have:
- Latest Microsoft Authenticator version installed. Microsoft does not support app versions older than 12 months. Use the in-app Settings → App updates and make sure it is turned on, or reinstall from the store.
- Correct Date & time set to automatic, then restart the device.
- No VPN active while testing (disconnect VPN and try again).
- Battery optimization turned off for Authenticator (Settings → Turn off battery optimization) so sync/backup can work reliably.
- Notifications enabled (Settings → Notification Settings → Show notifications on) because some flows depend on push.
- Ensure both Android devices have:
- Check for platform/service blocks
- On Android, Authenticator features (including passwordless and push) require Google Play Services and Google Play Store to be installed and enabled. If these are disabled or missing, certain Authenticator operations fail. Confirm both are present and enabled.
- If using Android for Work / Work Profile, ensure the work profile has its own PIN/biometric configured and that Authenticator in that profile is allowed to use it.
- Re-register the device and account for Authenticator features
If the backup/restore or passwordless setup is partially broken, follow the supported reset path:
- Open Authenticator → Settings → Device Registration.
- Confirm the work/school account (if applicable) is shown as registered and joined to the organization. If not, sign in on the Device Registration page and complete registration.
- After registration, try enabling the relevant advanced features again (such as passwordless sign-in) and then retry backup/restore.
- Handle common Authenticator errors during setup/restore
If any of these specific messages appear while trying to restore or re-add accounts, use the corresponding actions:
- “Google Play services are currently unavailable on this device” or “Sorry, only part of the set up completed successfully”:
- Ensure push notifications are enabled for Authenticator.
- Confirm Google Play Services and Google Play Store are downloaded and enabled.
- Ensure the device requires a PIN or biometric to unlock, and that hardware encryption is enabled (see Encrypt your Android device).
- Reboot the device and try again.
- “Please ensure push notifications are enabled in Settings” or “We could not complete the sign-in at this time”:
- Go to Android Settings → Notifications and confirm push is enabled for Authenticator and the device has network connectivity.
- If still failing, remove the affected account from Authenticator and attempt to add it again.
- “Google Play services are currently unavailable on this device” or “Sorry, only part of the set up completed successfully”:
- If the Microsoft account itself may be compromised
Since there is concern that Authenticator is “hacked,” and there are unexplained changes (backup disabled, restore blocked), treat the Microsoft account as potentially compromised:
- Follow the official “How to recover a hacked or compromised Microsoft account” flow and the account recovery web form to secure the account (change password, review security info, remove unknown aliases, and add safer verification methods such as Microsoft Authenticator or passkeys once access is restored).
- If security info (alternate email/phone) was changed by an attacker and recovery fails, the documented guidance is that there is no additional backend method for consumer accounts beyond the recovery form.
- When still unable to restore Authenticator data
- If backup cannot be re-enabled and the cloud backup cannot be restored, the stored Authenticator configuration cannot be recovered from the app side.
- For each site or service that used Authenticator for 2FA, use that site’s own recovery options (backup codes, alternate email/phone, or their support) to remove the old 2FA registration and add a new one on a fresh Authenticator instance.
- For work/school tenants where the only global admin is locked out due to Authenticator/MFA issues, the supported path is to contact Microsoft Support (Data Protection team) via phone or a support ticket from another tenant to request an admin MFA reset.
If, after these steps, Authenticator still cannot sign in or restore while other Microsoft services work, the next supported actions are:
- For personal Microsoft accounts: continue using the account recovery form and, if needed, contact Microsoft Support via the consumer support portal to report the issue.
- For work/school accounts: contact the organization’s IT admin or open a support ticket so Microsoft can assist with tenant-level recovery.
References:
- Troubleshoot problems with Microsoft Authenticator
- My account got hacked. - Microsoft Q&A
- My personal hotmail account hacked by hacker with authentication app enabled. - Microsoft Q&A
- My account got hacked - Microsoft Q&A
- Severity A Situation - Locked out of global admin account (MFA) - business down - Microsoft Q&A
- Requesting a Tenant Admin MFA Reset - Microsoft Q&A