![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(28.799999999999997, 63%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ENC%3C/text%3E%3C/svg%3E)
Microsoft Security | Microsoft Authenticator
A Microsoft app for iOS and Android devices that enables authentication with two-factor verification, phone sign-in, and code generation
Because the administrator account is already protected by Microsoft Authenticator and the app is no longer set up, this is a tenant lockout scenario. Adding the account back into Authenticator requires an MFA approval that cannot be completed, so self-service recovery is not possible.
Use the following options based on the type of account and admin situation:
- If there is another admin in the tenant
- Ask another Global Administrator to reset the MFA registration:
- Go to Microsoft Entra admin center (https://entra.microsoft.com).
- Navigate to Users → All users.
- Select the locked-out admin account.
- Open Authentication methods.
- Select Require re-register multifactor authentication.
- The next sign-in for that admin will prompt a fresh Microsoft Authenticator setup using a QR code.
- Ask another Global Administrator to reset the MFA registration:
- If there is no other admin and this is a business/organization tenant
- This requires Microsoft’s Data Protection team to reset MFA from the backend.
- Call Microsoft’s global customer service and have a support ticket raised specifically to the Data Protection team for an admin MFA reset:
- Use the numbers listed under Customer service phone numbers - Microsoft Support.
- When the IVR or agent asks for details, clearly state:
- The issue is with Microsoft Authenticator / MFA.
- The product is Office 365 / Microsoft 365 for business.
- The account is a company/organization account.
- Confirm being the only administrator on the tenant and that you are locked out.
- Request a service request and escalation to the Data Protection team for tenant admin MFA reset.
- If frontline support misroutes the call, insist that this is a tenant admin lockout and only the Data Protection team can reset MFA.
- If support keeps ending the call
- As an alternative path, create a temporary trial tenant only to open a support ticket:
- Sign up for a Microsoft 365 trial tenant (e.g., from the Microsoft 365 Business/Enterprise trial page).
- After setup, sign in to the new tenant’s Microsoft 365 admin center (https://admin.microsoft.com).
- Go to Support → Help & support.
- Open a ticket explaining:
- You are locked out of a different existing tenant where you are the only Global Admin.
- Provide the locked tenant’s domain and admin UPN, and describe the MFA/Authenticator issue.
- Ask for escalation to the Data Protection team to reset MFA on the original tenant.
- After the original tenant issue is resolved, cancel the trial subscription on the temporary tenant to avoid charges.
- As an alternative path, create a temporary trial tenant only to open a support ticket:
- If this is a personal Microsoft account (Outlook.com, Hotmail, etc.)
- The above Data Protection process in the context is specifically for business/organization tenants. For personal accounts, use the standard Microsoft account recovery and security options instead; if those fail, only Microsoft account support can assist.
Until Microsoft support/Data Protection resets MFA, the account cannot be added back into Microsoft Authenticator, and sign-in will remain blocked.
References:
- How to add your accounts to Microsoft Authenticator
- Sign in using Microsoft Authenticator
- Common problems with two-step verification for a work or school account
- I have a Micrsoft business account and I am the admin and the only user registered under this account. I can't log in because i have replaced my phone and the authenticator doesn't work. - Microsoft Q&A
- Microsoft authenticator sending me into a spiral - Microsoft Q&A
- Microsoft Authenticator app doesn't show 6-digit OTP code - Microsoft Q&A
- Requesting a Tenant Admin MFA Reset - Microsoft Q&A
- Severity A Situation - Locked out of global admin account (MFA) - business down - Microsoft Q&A