MFA lockout hectorportugal no access to tenant

Dear @Richard Gonzalez,

Since you are the only Global Administrator of your tenant:

Option 1: You may need to contact the Data Protection Team at the service phone number via this link: Customer service phone numbers - Microsoft Support.

The main objective is to go through the IVR (automated system) until you reach a live agent and emphasize this very important security factor. Please help me try this script below, this is a commonly used script for authentication issues to bypass IVR, but you can try to see if it helps get through the system. Please help me to speak loudly, only keywords, clearly and patiently waiting for the machine's response. First, when you call the hotline, they will ask you what kind of problem you are facing with.

Answer: Authenticator.
A: What products do you use?
B: Office 365 for business.
Verification: Education or corporate account?
B: For companies
A: Are you an administrator?
B: Yes.
A: Are there other administrators in your organization?
B: No.
A: I need one.... Service request?
B: Yes

When you speak with a real agent, they can create a ticket for you in the affected tenant and then transfer that ticket to the Data Protection team. Please provide detailed information to the Data Protection team to prove your account's ownership

Option 2: Create a new tenant with trial subscription to access and submit a ticket in the Admin Center.

If you still can't get in touch with a real person for help, help me try the following:

Sign up for a free trial (new tenant with trial subscription) of Microsoft 365 at this link: Compare All Microsoft 365 Plans | Microsoft. The goal is to create a temporary tenant with a Global Administrator account so that you can sign in to the Microsoft Admin Center. Once connected, you can submit a support ticket directly to Microsoft. Please remember to cancel the trial subscription once your issue is resolved to avoid unwanted charges.

How to submit support ticket in Admin Center: Get support - Microsoft 365 Admin | Microsoft Learn

Once you contact the Data Protection team, you will be required to provide proof of ownership of the company. This allows them to verify their identity and help reassign the Global Administrator account.

After regaining access, you can revoke the MFA for the remained user. Here are the steps:

Go to Microsoft Entra admin center > Users > All users > Select the affected user.

In the panel, choose Revoke sessions > Yes

As a moderator, I do not have the tools to investigate your specific account directly, as this is a support forum between users. Moderators and collaborators, including external Microsoft employees, may not directly intervene in the functionality of Microsoft products or access internal systems. Our role is limited to providing technical guidance on reported problems, requests, or ideas. However, I will do my best to guide you as clearly as possible.

If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment". 

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

I think this is a tenant‑root strong‑auth lock, and the only thing u can still try is nudging “can’t use my authenticator” on the Microsoft sign‑in page — when the fallback won’t surface at all, the unlock has to be done by MS.

For this scenario, self-service recovery isn’t possible because:

• Microsoft Authenticator is the only configured MFA method.
• There are no working alternative methods (no SMS, no call).
• Both users in the tenant are affected, so no other admin can reset MFA from the portal.

To regain access, involve Microsoft support and the Data Protection team so they can verify identity and reset the authentication methods for the tenant admin account(s).

Follow this approach:

1. If there is any other Global Admin (even a hidden/secondary one)
   • Sign in to the Microsoft Entra admin center as that admin.
   • Go to Users → All users → select user hectorportugal → Authentication methods.
   • Use Require re-register multifactor authentication so the user is forced to set up MFA again on next sign-in.
   • Repeat for the second affected user if needed.
   Reference steps: “Require re-register multifactor authentication” in the user/device settings for MFA.
2. If both affected users are the only admins (tenant lockout)
   • This is a tenant lockout case; only Microsoft support/Data Protection can help.
   • Call Microsoft Customer service phone numbers - Microsoft Support and clearly state:
     • Locked out of a Microsoft 365 for business / Microsoft Entra tenant due to MFA.
     • Microsoft Authenticator is the only method and cannot be used (no codes, no notifications).
     • There is no other global admin in the tenant who can reset MFA.
   • Ask the agent to open a ticket and escalate to the Data Protection team for an admin MFA reset / tenant admin recovery.
   • Be prepared to provide business and identity verification as requested by the Data Protection team.
3. If phone support is hard to reach (fallback)
   • Create a temporary trial tenant (separate from the locked tenant) using a Microsoft 365 trial.
   • In that new tenant, go to the Microsoft 365 admin center → Support → Help & support and open a ticket.
   • In the ticket, explain that:
     • The support request is for a different existing tenant where user hectorportugal is an admin.
     • Both admins are locked out due to MFA with Microsoft Authenticator and no alternative methods.
     • You need the Data Protection team to reset MFA / restore access for that tenant.
4. After Microsoft resets MFA
   • Sign in again when instructed.
   • Re-register MFA with Microsoft Authenticator and, if allowed by policy, add at least one backup method (phone call, SMS, or additional app) to avoid future lockouts.

A direct MFA reset for hectorportugal can only be performed by:

• Another global admin in the same tenant (via “Require re-register multifactor authentication”), or
• Microsoft’s Data Protection team after identity verification, when no admin is available.

References:

• Common problems with two-step verification for a work or school account
• Frequently asked questions about Microsoft Entra multifactor authentication
• You don't receive a text or voice call that contains the verification code for Microsoft Entra multifactor authentication
• Use a screen reader to set up and troubleshoot multifactor authentication
• I need to reset my mfa methods - Microsoft Q&A
• Requesting a Tenant Admin MFA Reset - Microsoft Q&A
• Severity A Situation - Locked out of global admin account (MFA) - business down - Microsoft Q&A
• Microsoft authenticator sending me into a spiral - Microsoft Q&A
• I have a Micrsoft business account and I am the admin and the only user registered under this account. I can't log in because i have replaced my phone and the authenticator doesn't work. - Microsoft Q&A
• Microsoft Curate - Troubleshoot Multi-Factor Authentication (MFA)