AAD Tenant lock-out due to Authenticator app reset

Miroslav Knezevic 1 Reputation point
2022-03-01T12:06:28.077+00:00

Hi,

I have a work account within my company, and Azure subscription under Visual Studio Professional licence.

What I've done is created new AAD tenant and switched my Azure subscription to it. The new tenant had multifactor authentication setup using Authenticatior app only (no email or sms).
Authenticator app on the phone did not have any cloud backup option enabled, and essentially I performed factory reset of the mobile phone which resulted in obliteration of Authenticatior app, and consequentially lock-out of the only admin account out of the new tenant.

Since I was the only administrator for that new tenant, I understand that my only option is to contact Azure Support team to reset MFA for the new tenant. Is this correct or are there any other options?

Thanks,
Miroslav

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,825 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. JamesTran-MSFT 36,476 Reputation points Microsoft Employee
    2022-03-01T22:22:19.897+00:00

    @Miroslav Knezevic
    Thank you for your detailed post!

    You're correct, in your specific scenario you'll have to reach out to our Azure Support Engineers so they can try to get you back into your new tenant. In the meantime, you can also try to select the Forgot my password? option during login.

    1) Since you can't use the Authenticator App to verify your identity you'll select Use a different verification option.
    2) You can see if verifying your identity via Email or Phone/Text is possible. However, since you mentioned you never set it up, you can select I don't have any of these.
    3) If you have your Recovery codes, you can use them. Otherwise, you can select No.
    4) After selecting No, you'll be redirected to fill out the Recover your account form to recover your Microsoft Account. For more info.

    174261-image.png
    174218-image.png

    If you're using your onmicrosoft.com or tenant specific account, you can still select Forgot my password?, which will take you other authentication methods to login. If none of the above options work, you'll have to reach out to our Azure Support Engineers or Azure Data Protection team for further assistance - (866-807-5850).
    174195-image.png

    For future reference, I'd also recommend creating and managing an emergency access account in Azure AD, this will help prevent being accidentally locked out of your Azure Active Directory (Azure AD) organization because you can't sign in or activate another user's account as an administrator.

    If you have any other questions, please let me know.
    Thank you for your time and patience throughout this issue.


    Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.