![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(48, 4%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESM%3C/text%3E%3C/svg%3E)
Microsoft Security | Microsoft Authenticator
A Microsoft app for iOS and Android devices that enables authentication with two-factor verification, phone sign-in, and code generation
Because the old phone is wiped and there is no access to Microsoft Authenticator on it, the only supported options are:
- Try alternative verification methods
- On the sign-in screen, choose “Use a different verification option” (such as SMS or email) if they were previously configured.
- If SMS or phone is available but failing intermittently, retry later or switch networks as suggested in the “Authentication did not complete” guidance.
- If still signed in anywhere
- If the account is still signed in on a Windows PC or browser, go to the account’s security info / additional security verification page and:
- Remove the old phone/Authenticator as a method.
- Add a new phone number and/or re-register Microsoft Authenticator on the new device.
- If the account is still signed in on a Windows PC or browser, go to the account’s security info / additional security verification page and:
- If completely locked out and this is a work/school (Entra ID / Microsoft 365) account
- If there is another global admin, that admin can reset MFA for the locked-out account so it can be re-registered on the new phone.
- If there is only one global admin and that admin is locked out, Microsoft must perform a tenant admin MFA reset via the Data Protection team:
- Call the regional Customer service phone numbers - Microsoft Support line and clearly state that this is an Authenticator / MFA lockout for an Office 365 for business / company account, and that there is no other administrator.
- Ask the agent to create a service request and escalate to the Data Protection team to reset the admin’s authentication methods.
- Be prepared to provide business and identity verification details.
- If direct phone support cannot be reached, create a temporary trial Microsoft 365 tenant, go to the new tenant’s admin center → Support → Help & support, and open a ticket explaining that access is needed to a different locked tenant where the caller is the only admin. The support engineer can then involve the Data Protection team for the original tenant.
- If this is a personal Microsoft account
- Use the account recovery and alternative verification options (SMS/email) presented during sign-in.
- If a passkey was used and is no longer valid on the new device, delete any obsolete passkeys from the account and set up a new passkey on the new device.
Once access is restored, add multiple sign-in methods (Authenticator on the new phone, SMS, possibly a second admin for work tenants) to avoid future lockouts when changing or wiping devices.
References:
- Troubleshoot problems with Microsoft Authenticator
- Authentication did not complete
- Use a screen reader to set up and troubleshoot multifactor authentication
- Troubleshoot signing in with a passkey
- How Do I Regain Access to My Account After Losing Access to Microsoft Authenticator? (Urgent Request). - Microsoft Q&A
- I have a Micrsoft business account and I am the admin and the only user registered under this account. I can't log in because i have replaced my phone and the authenticator doesn't work. - Microsoft Q&A
- Cannot authenticate with E-mail when logging into Microsoft Authenticator(iOS). - Microsoft Q&A
- Severity A Situation - Locked out of global admin account (MFA) - business down - Microsoft Q&A
- Requesting a Tenant Admin MFA Reset - Microsoft Q&A
- Microsoft Authenticator FAQs
- Back up your accounts in Microsoft Authenticator