Share via

Azure Portal with MFA( I am the admin on AAD) - New phone, cannot authenticate I have lost access to my Azure portal.

Akhil Thakkar 6 Reputation points
2022-07-04T18:20:02.207+00:00

MFA was achieved using the authenticator app and account was on an old iPhone. I installed the authenticator app on my replacement handset (Android) but am now unable to get access to the portal.

During the MFA process there is an option: I can't use my Microsoft authenticator app right now

Selecting that option changes the GUI and provides another option: use a verification code from my mobile app

But the outcome is always the same: You didn't enter the expected verification code. Please try again.

How do I get the MFA to allow me to recognise the authenticator app is now on a new phone, and I need to reset?

Microsoft Security | Microsoft Authenticator

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Carlos Solís Salazar 18,201 Reputation points MVP Volunteer Moderator
    2022-07-09T14:13:02.807+00:00

    Hi @Akhil Thakkar

    Thank you for asking this question on the **Microsoft Q&A Platform. **

    I have provided the steps below to reset and unblock MFA in Azure Active Directory via Azure Portal and PowerShell.

    Using Azure Portal:

    • Sign in to the Azure portal with the tenant Global Administrator account.
    • Navigate to Azure Active Directory > Users > All users > Choose the user you wish to perform an action on >** select Authentication methods** > Require Re-register MFA.
    • Once this is done, the next time the user signs in, he/she will be requested to set up a new MFA authentication method.

    Note: The user's currently registered authentication methods aren't deleted when an admin requires re-registration for MFA. After a user re-registers for MFA, we recommend they review their security info and delete any previously registered authentication methods that are no longer usable.

    Using PowerShell:

    • Install the MSOnline PowerShell module.
    • Run Connect-MSOLService and sign in with the Global Administrator account.
    • Run Set-MsolUser -UserPrincipalName John.dave@Company portal .com -StrongAuthenticationMethods @() cmdlet to reset the MFA registration information.

    Read MoreManage user authentication methods for Azure AD Multi-Factor Authentication

    However, in both cases, you require that another user with the proper permissions (Global administrator, Privileged Authentication Administrator) perform these actions.

    Hope this helps,
    Carlos Solís Salazar

    ----------

    Accept Answer and Upvote, if any of the above helped, this thread can help others in the community looking for remediation for similar issues.

    NOTE: To answer you as quickly as possible, please mention me in your reply.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.