![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(243.2, 64%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ELL%3C/text%3E%3C/svg%3E)
Microsoft Security | Microsoft Authenticator
A Microsoft app for iOS and Android devices that enables authentication with two-factor verification, phone sign-in, and code generation
This happens because the old phone was the only device registered for Microsoft Authenticator, and the new phone is not yet set up as a valid sign-in method. The sign-in flow is looping: it asks for a code/approval from Authenticator, but Authenticator on the new phone has no account configured yet.
Use one of these paths, depending on what is available for the account.
- Try an alternative verification method
- On the sign-in screen where Authenticator is requested, choose I can’t use my Microsoft Authenticator app or Sign in another way (wording may vary).
- If SMS, phone call, or email is listed, select one of those and complete sign-in.
- After signing in successfully, go to the security info page for the account and add the new phone/Authenticator as a method:
- For work/school accounts: follow the wizard described in Set up Security info from a sign-in page to add Microsoft Authenticator and/or Phone as a method.
- For personal Microsoft accounts: use the Security tab at https://account.microsoft.com/security → Manage how I sign in → Add a new way to sign in or verify → Use an app, then scan the QR code with Authenticator on the new phone.
- If the account is a work or school (Microsoft 365/Entra ID) account and there is an admin
- Ask the organization’s Microsoft 365/Entra administrator to reset MFA for the account:
- In Microsoft Entra admin center (https://entra.microsoft.com) → Users → All users → select the user → Authentication methods → choose Require re-register multifactor authentication.
- After this reset, sign in again; the system will prompt to set up Authenticator from scratch on the new phone using a QR code.
- If this is a business account and the locked user is the only admin
- When no other admin can reset MFA and no alternative method works, Microsoft’s Data Protection team must reset MFA:
- Call Microsoft Support using the regional Customer service phone numbers - Microsoft Support page.
- When prompted, clearly state that this is an Office 365 for business/company account, that the caller is the only administrator, and that MFA reset is needed because of a lost/changed phone and Authenticator loop.
- Ask support to open a ticket with the Data Protection team to reset MFA.
- If this is a personal Microsoft account and no alternative method works
- Use the account recovery options presented on the sign-in/security pages (email/SMS verification, recovery form). If those fail, contact Microsoft consumer support using the regional phone numbers and request help with account recovery/MFA reset.
Once access is restored by any of the methods above, immediately:
- Add Microsoft Authenticator on the new phone as a sign-in/verification method.
- Add at least one backup method (SMS, phone call, or another app) so a future phone change does not cause the same loop.
References:
- Authentication methods in Microsoft Entra ID - Microsoft Authenticator app
- Set up Security info from a sign-in page
- Use a screen reader to set up and troubleshoot multifactor authentication
- How to add your accounts to Microsoft Authenticator
- Troubleshoot problems with Microsoft Authenticator
- Authentication did not complete
- Microsoft authenticator sending me into a spiral - Microsoft Q&A
- I have a Micrsoft business account and I am the admin and the only user registered under this account. I can't log in because i have replaced my phone and the authenticator doesn't work. - Microsoft Q&A