![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(124.80000000000001, 71%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EHP%3C/text%3E%3C/svg%3E)
Microsoft Security | Microsoft Authenticator
A Microsoft app for iOS and Android devices that enables authentication with two-factor verification, phone sign-in, and code generation
To set up Microsoft Authenticator on a new phone when the old phone is unavailable, the authentication method on the old device must be removed or MFA must be reset, then a different verification method used to sign in and reconfigure Authenticator.
Follow the path that matches the type of account:
- Personal Microsoft account (Outlook.com, Hotmail, etc.)
- Go to the Microsoft account dashboard and sign in with username and password.
- When prompted for verification and the Authenticator option appears, choose “Sign in another way” (or equivalent) and select an alternative method such as SMS, email, or another phone if available.
- After signing in, go to Security → Advanced security options.
- Under Ways to prove who you are, find the entry that sends notifications to the old device (for example, Send sign-in notification with the old phone name) and select Remove.
- Then add Microsoft Authenticator again as a new sign-in method on the new phone.
- If no alternative method is configured and sign-in is impossible, use the account recovery options presented on the sign-in page and follow the prompts until access is restored, then remove the old Authenticator method and re-add it on the new phone.
- Work or school (Microsoft 365 / Entra ID) account
- If there is another sign-in method (office phone, SMS, etc.):
- On the sign-in screen, when asked for a code from Authenticator, choose “Sign in another way” and select the alternative method.
- After signing in, contact the organization’s IT/admin and ask them to reset MFA for the account in the Microsoft Entra admin center (they can use Require re-register multifactor authentication on the user).
- Sign in again and complete the new Authenticator setup on the new phone.
- If Authenticator is the only method and sign-in is impossible:
- Contact the organization’s IT help desk or Microsoft 365 administrator and request an MFA reset for the account.
- If the account is the only global admin on the tenant and no one can reset MFA, the Microsoft Data Protection team must be engaged via Microsoft support. The standard process is:
- Call the Microsoft customer service phone number for the region.
- When prompted, clearly indicate the issue is with Authenticator and Office 365 for business, that it is a company account, and that there is no other administrator.
- Ask to create a service request and route it to the Data Protection team to verify identity and reset the admin’s MFA methods.
- In some cases where direct support access is blocked, a temporary trial tenant can be created solely to open a support ticket and request Data Protection assistance for the original tenant, as described in the Q&A guidance.
- If there is another sign-in method (office phone, SMS, etc.):
- If the old phone still exists but is not nearby
- A push notification may still be going to the old device because that is where Authenticator was last used. If possible:
- Access the old phone, open Authenticator, and approve the pending sign-in.
- Sign in to the account’s security settings and remove the old device’s Authenticator method.
- Add Authenticator on the new phone as a fresh method.
- A push notification may still be going to the old device because that is where Authenticator was last used. If possible:
- General precautions for the new phone
- After regaining access and setting up Authenticator on the new device:
- Add at least one alternative verification method (SMS, email, office phone, etc.) so that future device changes do not cause lockout.
- For iOS, ensure backup features (iCloud Drive/Keychain/Backup) are enabled before any future phone switch if using Authenticator backup/restore.
- After regaining access and setting up Authenticator on the new device:
If none of the above paths allow sign-in (no alternative methods, no admin, no old device), recovery requires working with Microsoft support/Data Protection as outlined in the Q&A references; self-service reset is not possible when Authenticator is the only proof and the device is lost.
References:
- Microsoft Authenticator FAQs
- How to go passwordless with your Microsoft account
- Download Microsoft Authenticator
- Use a screen reader to set up and troubleshoot multifactor authentication
- How Do I Regain Access to My Account After Losing Access to Microsoft Authenticator? (Urgent Request). - Microsoft Q&A
- I have a Micrsoft business account and I am the admin and the only user registered under this account. I can't log in because i have replaced my phone and the authenticator doesn't work. - Microsoft Q&A
- Cannot authenticate with E-mail when logging into Microsoft Authenticator(iOS). - Microsoft Q&A
- Microsoft authenticator sending me into a spiral - Microsoft Q&A
- Requesting a Tenant Admin MFA Reset - Microsoft Q&A