![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(246.4, 18%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERR%3C/text%3E%3C/svg%3E)
Microsoft Security | Microsoft Entra | Microsoft Entra ID
A cloud-based identity and access management service for securing user authentication and resource access
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(201.6, 99%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ER%3C/text%3E%3C/svg%3E)
Because the phone changed, the Microsoft Authenticator app on the new device is no longer registered for the account, so sign-in to the GM catalog (which uses Entra ID/MFA) fails. The account must be reconfigured for MFA on the new phone.
Try the following, depending on what access is still available:
- If there is still access to the account in a browser
- Sign in to the account in a desktop browser (where it still works, if possible).
- Go to the Security info / Additional security verification page for the account.
- Remove the existing Microsoft Authenticator method.
- Add a new sign-in method and choose Authenticator app.
- On the new phone, install and open Microsoft Authenticator, then scan the QR code shown in the browser to complete setup.
- If completely locked out and this is a personal Microsoft account
- In a browser, go to https://account.microsoft.com and sign in if possible.
- Open Security info.
- Remove the existing Authenticator app entry.
- Add Authenticator app again and set it up on the new phone as above.
- If completely locked out and this is a work/school (Entra ID) account
- Contact the organization’s IT admin and request an MFA reset for the account so the Authenticator app can be re-registered on the new phone.
- If the locked account is the only global admin for the tenant, a support ticket with Microsoft Data Protection is required (opened by phone or via another tenant, as described in the referenced Q&A) so they can verify identity and reset MFA.
If none of the above is possible and no other admin exists, the tenant-level recovery via Microsoft support is required before access to GM catalog can be restored.
References:
- Use a screen reader to set up and troubleshoot multifactor authentication
- Authenticator locked and cannot access at all after replacing phone - Microsoft Q&A
- Cannot authenticate with E-mail when logging into Microsoft Authenticator(iOS). - Microsoft Q&A
- I have a Micrsoft business account and I am the admin and the only user registered under this account. I can't log in because i have replaced my phone and the authenticator doesn't work. - Microsoft Q&A
- Severity A Situation - Locked out of global admin account (MFA) - business down - Microsoft Q&A
- Requesting a Tenant Admin MFA Reset - Microsoft Q&A