SandeepBatta-7061 avatar image
0 Votes"
SandeepBatta-7061 asked SandeepBatta-7061 commented

Unable to SWITCH to my directory because phone with MFA is lost

I am able to logon with my corporate email address
But when I try to SWITCH to my directory, I have an MFA challenge and I lost access to the Phone on which I had MFA configured

Microsoft support says - contact your corporate IT support
My IT support says - contact Microsoft support

Tired of being bumped around. Any other options?

· 3
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Thank you for your post!

Because you can't complete the MFA challenge since you lost your phone, can you answer some of the questions below so I can gain a better understanding of your issue?

  • Do you have any Admins that can Require you to Re-register for MFA?

  • Do you have any other authentication methods listed for your user when you login (i.e. Phone, Email, etc.)?

  • Are there other users within your Azure Active Directory Tenant?

  • When it comes to MFA, since you lost your phone, are you required to perform MFA within the Authenticator app or are you using a 3rd party app?

Any additional information would be greatly appreciated!

If you have any other questions, please let me know.
Thank you for your time and patience throughout this issue.

0 Votes 0 ·

I just wanted to check in and see if you had any other questions or if you were able to resolve this issue?

0 Votes 0 ·

Hi @JamesTran-MSFT ,

My question has been answered with help from Support.

0 Votes 0 ·

1 Answer

soysoliscarlos avatar image
0 Votes"
soysoliscarlos answered

Hi @SandeepBatta-7061

Thank you for asking this question on the Microsoft Q&A Platform.

Your Global administrator or User Administrator of your Azure AD has to follow the steps below to reset and unblock MFA in Azure Active Directory via Azure Portal and PowerShell.

Using Azure Portal:
- Sign in to the Azure portal with the tenant Global Administrator account.
- Navigate to Azure Active Directory > Users > All users > Choose the user you wish to perform an action on > select Authentication methods > Require Re-register MFA.
- Once this is done, the next time the user signs in, he/she will be requested to set up a new MFA authentication method.

Note: The user's currently registered authentication methods aren't deleted when an admin requires re-registration for MFA. After a user re-registers for MFA, we recommend they review their security info and delete any previously registered authentication methods that are no longer usable.

Using PowerShell:
- Install the MSOnline PowerShell module.
- Run ``Connect-MSOLService`` and sign in with the Global Administrator account.
- Run ``Set-MsolUser -UserPrincipalName -StrongAuthenticationMethods @()`` cmdlet to reset the MFA registration information.

Read MoreManage user authentication methods for Azure AD Multi-Factor Authentication

Hope this helps,
Carlos Solís Salazar

Accept Answer and Upvote, if any of the above helped, this thread can help others in the community looking for remediation for similar issues.

NOTE: To answer you as quickly as possible, please mention me in your reply.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.