Share via

Reset B2C Tenant MFA

Raymond Brack 1 Reputation point
2022-08-22T04:54:43.503+00:00

I am attempting to access a B2C tenant however I have lost access to the MS Authenticator account. How can I reset the MFA option for the tenant and my account?

Microsoft Entra External ID
Microsoft Entra External ID
A modern identity solution for securing access to customer, citizen and partner-facing apps and services. It is the converged platform of Azure AD External Identities B2B and B2C. Replaces Azure Active Directory External Identities.
2,775 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,629 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Harpreet Singh Matharoo 7,621 Reputation points Microsoft Employee
    2022-08-22T07:32:19.227+00:00

    Thank you for reaching out.

    It seems that you are currently unable to login to B2C tenant. There can be multiple ways to fix this depending on following scenarios.

    Scenario 1:

    • If you have additional admins in your B2C tenant, then you can reach out to them to have the user MFA/Authentication Methods reset from Azure Portal.
    • B2C tenant/global admin can login to the tenant, browse to affected user profile, Select Authentication Methods and click on Require re-register multifactor authentication. More details available on https://learn.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-userdevicesettings.
    • Also, if you are are using Security Defaults on your B2C tenant, then it would require you to register using Authenticator Method again.
    • Hence once admins complete above process and you are able to register again than we would recommend backing up the authenticator accounts to avoid getting into similar situation again. For more information, please review following article: Back up and recover account credentials in the Authenticator app (microsoft.com)

    Scenario 2:

    • If you are the only admin on the B2C tenant than this would be a tenant lockout scenario and you would need to open a support ticket either by using this link (If you have access to any other Azure tenant) or using Global Customer Service Phone Number (If you don't have any other Azure Account).
    • The support team will engage data protection team and they will require some evidence that proves your ownership to the verified domain and the tenant that you want to get access to. After reviewing and verifying the request, access to the tenant will be provided.
    • Unfortunately, there is no other way to get access to the tenant in such scenario.
    • Going forward, to avoid lockout please configure a break-glass/emergency access account. Read more about emergency access accounts here: https://learn.microsoft.com/en-us/azure/active-directory/roles/security-emergency-access

    I hope this helps you to fix your issue.

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    0 comments