How do I restore access to Micrososft 365 Global Admin account stuck in Multi-Factor loop in MS Authenticator?

To restore access to a Microsoft 365 Global Admin account that is stuck in an MFA/Auth­enticator loop, the recovery path depends on whether there is another Global Administrator in the tenant.

1. Check if there is another Global Admin

• If any other Global Administrator exists, ask that admin to reset the MFA registration for the locked-out Global Admin account:
  1. Sign in to the Azure portal and open Microsoft Entra ID.
  2. Go to Users and select the affected Global Admin account.
  3. Open Authentication methods.
  4. Select Require re-register multifactor authentication.
  5. The next time the affected Global Admin signs in, they will be prompted to set up MFA again (new Authenticator registration) and should be able to complete sign-in without the loop.

2. If there is no other Global Admin (you are the only one) When the only Global Admin is locked out and cannot complete MFA, the issue must be escalated to Microsoft’s Data Protection team; forum moderators or normal support channels cannot directly change MFA for the account.

Use one of these approaches:

Option A – Call Microsoft Global Customer Service (recommended)

• Call the appropriate Customer service phone numbers - Microsoft Support number for the region.
• When interacting with the IVR/agent, clearly state:
  • The issue is an admin account locked out due to Microsoft Authenticator / MFA.
  • It is an Office 365 / Microsoft 365 for business tenant.
  • The caller is the only Global Administrator and cannot access the admin portal.
  • A Data Protection / Tenant Recovery case is needed to reset the authentication methods for the Global Admin account.
• Ask to be routed specifically to the Data Protection team. They will verify tenant ownership and can remove/reset the MFA layer so the Global Admin can sign in again and reconfigure MFA.

Option B – Create a temporary tenant to open a support ticket (workaround)

• If reaching a live agent is difficult, create a new temporary tenant by signing up for a Microsoft 365 trial subscription.
• In that new tenant, sign in to the admin console and open a support ticket.
• In the ticket, request to speak with the Data Protection team on behalf of the original tenant, explaining that the only Global Admin on the original tenant is locked in an MFA/Auth­enticator loop and cannot access the admin portal.

3. After Data Protection resets MFA

• Once Data Protection has reset or removed MFA for the Global Admin account:
  • Sign in again with the Global Admin username and password.
  • Complete any required verification steps.
  • When prompted, reconfigure MFA (Microsoft Authenticator or other methods) carefully and ensure at least one backup method (phone, alternate email, etc.) is configured to avoid future lockouts.

This process is the supported way to recover a tenant when the only Global Admin is locked out by MFA and cannot get past the Authenticator loop.

References:

• You don't receive a text or voice call that contains the verification code for Microsoft Entra multifactor authentication
• Global Admin Locked out - Microsoft Q&A
• Requesting a Tenant Admin MFA Reset - Microsoft Q&A
• I need to reset my mfa methods - Microsoft Q&A
• Severity A Situation - Locked out of global admin account (MFA) - business down - Microsoft Q&A
• Microsoft authenticator sending me into a spiral - Microsoft Q&A

Hi @KMO, 

I hope you are having a wonderful day. 

I'm sorry to hear you're experiencing difficulties accessing your admin account. This situation can happen, and there are steps available that may help address the issue and restore access. 

This issue commonly occurs when your Multi-Factor Authentication (MFA) settings need to be reset, particularly after changing devices or reinstalling the Microsoft Authenticator app. Since your new device hasn’t been configured with the Authenticator yet, you're currently unable to access your account. The app remains linked to your previous device, preventing you from completing the sign-in process. 

To move toward a resolution, I suggest the following steps: 

1/ Contact other IT admins 

• If you're an admin, please check to see if there are other IT admins in your organization who can help you with the reset MFA for your account and you can share the steps outlined in the article Manage user authentication methods for Microsoft Entra multifactor authentication. This will help them assist you in resetting your MFA settings and restoring access to your account.  
• Once your IT admin has reset your MFA, the next time you log in to your account, you will be guided through the process of setting up the Microsoft Authenticator app again from the beginning by scanning a QR code. This will break the loop and allow you to access your account normally.  

2/ Contact Microsoft Data Protection Support by phone 

• If you're the only admin, in this situation, the Microsoft Data Protection Team has tools and processes in place to verify identity and regain access to administrator accounts. You can try reaching out to our Global Customer Service phone to raise a request for resetting your authentication method here: Customer service phone numbers - Microsoft Support.  

Please note that forum moderators do not have access to user account settings and cannot assist with logging in, resetting passwords, or changing access rights. While we do not have access to internal systems or administrative tools required to resolve account-specific or backend-related issues but we’ll continue doing our best to support you within the scope of our responsibilities.       

Here are some tips and an example of a prompt to help you navigate the IVR more effectively:        

(When you call the support number, you may hear an introduction of about 30 seconds such as "you can visit the link...". You can ignore this introduction and wait until you are presented with the options. Then press "1" as a business email user, and again "1" for technical help.)    

IVR: What kind of problem are you concerned about?    

You: Authenticator.    

IVR: What products do you use?    

You: Office 365 for business. 

IVR: Education or company account?    

You: For companies 

IVR: Are you an administrator?     

You: Yes. 

IVR: Are there any other administrators in your organization?     

You: No. 

IVR: Do you need a... Service request?     

You: Yes. I need to create a ticket. Please send me directly to the Data Protection Team. 

3/ Create a new tenant to submit a support ticket 

If you cannot reach a live agent, there is still a workaround, you might consider registering for a new tenant by signing up for a trial subscription and submit your request from there.      

To set up a new tenant, please follow these steps below:  

Visit  Microsoft 365 Business Plans and Pricing | Microsoft 365. This would allow you to create a new tenant following the prompts provided. Once set up, you can access the admin console of the new tenant and submit a support ticket requesting to speak with the Data Protection team on behalf of your previous tenant.      

Follow the guided setup process to create a new account for a new tenant.   

Once your tenant is created, you should be able to access the support portal and submit your ticket referencing your locked account without further issues 

In your ticket description, you'll need to clearly explain that you're trying to regain access to your previous Microsoft 365 tenant and need help from the Data Protection team. Here's a message you can use or adapt:   

"Hello, I’m currently unable to access my previous Microsoft 365 tenant due to losing MFA access, which prevents me from receiving verification codes. I’m the global admin, but I’m locked out and unable to generate a QR code or bypass MFA.   

I created this new tenant solely to request assistance. I kindly ask to be connected with the Data Protection team to verify my identity and help me recover access to the original tenant.   

This is urgent, as I rely on Microsoft 365 for my work and have been unable to operate for several days. I’m available to provide any documentation or verification needed to support the recovery process."   

Ticket Support: In the Microsoft 365 Admin Center > Support > Help & Support. You can raise support ticket at https://admin.microsoft.com/#/support/requests     

Please remember to cancel the trial subscription after your issue is resolved, as this will help you avoid any accidental billing. You may prefer the following resource for detailed instructions: Cancel your Microsoft business subscription in the Microsoft 365 admin center | Microsoft Learn 

I hope this helps you regain access to your account quickly. I'm glad to assist and truly hope the information provided has been useful. Please feel free to reach out anytime if you need further assistance.  

If you find my post helpful, kindly consider marking it as the accepted answer. Doing so can assist others in the community who may have similar questions in finding solutions more quickly.  

Thank you for your kindness and contributions to the forum.   

If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have any extra questions about this answer, please click "Comment".             

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.