Locked out of my organization due MFA

Question

Hi,
I have this student account that I used for creating an organization to learn more about the tools offered by Azure. At some point I may have turned on Multi-Factor Authentication. Everything continued working correctly until my session expired.

If I go to https://mysignins.microsoft.com/security-info, I can access the security information I use to log into my university's organization because I receive the MFA code through SMS on my phone, but when I try switching to my own organization's information, I get prompted to use the Microsoft Authenticator App, which either I haven't configured yet or my student account is not allowed to use.

I can still access my organization in https://portal.azure.com with a secondary account (which has correctly configured MFA for this organization) but it doesn't have any permissions to change the configuration of it.

Is there any way to reset the MFA configuration of my organization (which I believe is the root of the problem)? and do I need to post here the Tenant Id of the organization?

Thanks

Answer 1

Hi @JamesTran-MSFT , Thanks you for the quick response

I tried changing the security information, but I don't have access,

I am member of these 2 organizations

I am able to configure my security information for the first

but when I try to access my own organization I get prompted with a screen that only has option for Authenticator App (understandably as I haven't configured the security information for my organization yet, only configured it for my university's organization), I tried both options and but aren't working.

Same when I try to access through portal azure, I get prompted with the same login screen when I try to switch directory

Also, this account is the only admin in that directory, and I am the only user in it too as I was only using it to develop some web apps for learning purposes.

Answer 2

@Matias Miraballes
Thank you for your post!

When it comes to the MFA configuration of your Azure AD tenant, I'm assuming that you might've enabled Security Defaults, since Conditional Access Policies would require an Azure AD Premium P1 license. In order to disable Security Defaults, you'll need to be logged into an account with Security administrator, Conditional Access administrator, or Global administrator permissions. For more info - Disabling security defaults.

If you don't have access to a user with those permissions, you can try adding your phone number to your student account, which can be used during sign-in, if you don't have access/haven't set up the Microsoft Authenticator App yet.

Add a phone number using MySign-Ins:

1. Login to https://mysignins.microsoft.com/security-info, and access the security information page.
2. Select Add Method. If you already have a phone number listed, select "Change" as needed, or just confirm it's the correct number.
   
   Note - You can also set up the Authenticator app from this page

Add a phone number using the Azure Portal:

1. Navigate to your Azure Active Directory
2. Select Users.
3. Search for and select the account you need to login to
4. Select Authentication Methods and add your phone number
   Note - You can also reset your password, re-require MFA, or add an additional email to help with the login process.
   

During the login process, you should be able to select the Forgot password? option on the login screen to verify your identity with a code generated by your Microsoft Authenticator App. If you haven't set up the Authenticator app, you can select Use a different verification option to have a security code sent to the registered email within your Azure AD user account.

If you have any other questions, please let me know.
Thank you for your time and patience throughout this issue.

----------

Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.