Share via

Azure admin account lockout by enabling authenticator mfa

admin@basue.org 1 Reputation point
2022-03-19T03:23:08.947+00:00

Today I stupidly enabled MFA on my global admin account to increase security and now I can't login anymore.
When I try to login, I am asked to verify with the MS authenticator app or use code from mobile app.
The account is not registered in the authenticator app, therefore I can't use it. I do have my mobile phone and recovery email setup for the global admin account. I can change the password, but can't login due to the MFA.
When I select other sign in options I can't select mobile TXT, voice call or email authentication.
I am basically locked out and unable to do admin work for my client.
I do not have another global admin account setup.

I tried to open support ticket but need to authorize with my lockout account so I can’t open ticket…
I called support in Japan but they says just visit support.microsoft.com…
Please let me know how to disable authenticator mfa rule.

Microsoft Security | Microsoft Entra | Microsoft Entra ID

3 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. JamesTran-MSFT 36,906 Reputation points Microsoft Employee Moderator
    2022-03-22T23:09:24.39+00:00

    @Anonymous
    Thank you for your detailed post and I apologize for the delayed response!

    Since you're locked out of your Azure AD tenant because you can't access your Authenticator app, you can select the Forgot my password? option during login.

    1) Since you can't use your Authenticator App to verify your identity using the code generated within your app. Select User a different verification option.
    2) As you mentioned, if you can't use Email, Phone/Text, or the Authenticator App. You can select I don't have any of these.
    3) If you have your Recovery codes, you can use them. Otherwise, you can select No.
    4) After selecting No, you'll be redirected to fill out the Recover your account form to recover your Microsoft Account. For more info.

    174261-image.png
    174218-image.png

    If you're using your onmicrosoft.com or tenant specific account, you can still select Forgot my password?, which will take you to other authentication methods to login. If none of the above options work, you'll have to reach out to our Azure Data Protection team for further assistance - (866-807-5850).
    174195-image.png

    For future reference, I'd recommend creating and managing an emergency access account in Azure AD, this will help prevent being accidentally locked out of your Azure Active Directory (Azure AD) organization because you can't sign in or activate another user's account as an administrator.

    If you have any other questions, please let me know.
    Thank you for your time and patience throughout this issue.

    Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.

  2. Martin Seidel 0 Reputation points
    2023-02-17T08:14:53.2366667+00:00

    First I thought I forgot to add phone and email details, but I was able to reset the password with phone number and email. But I still can't login, because the only MFA option is still the Authenticator, which I lost the connection to.

    0 comments
  3. Anonymous
    2025-06-21T13:00:13.9+00:00

    Error Code: 500121

    Request Id: 285171c4-39c9-4c63-8bf5-00e065411900

    Correlation Id: 85027750-e9da-45b3-8c17-e52351ca09a8

    Timestamp: 2025-06-21T12:59:01Z Screenshot 2025-06-21 160118

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.