Problem with the Authenicator app

Because the old phone with Microsoft Authenticator is broken and cannot be used to approve the sign-in, the account must be verified or MFA reset using an alternative method or by an administrator/Microsoft support.

Use these options depending on the type of account and what is still accessible:

1. If this is a work or school (Microsoft 365/Entra) account and there is an admin
   • Contact the organization’s Microsoft 365/Entra administrator.
   • The admin can go to Microsoft Entra admin center → Users → All users → select the user → Authentication methods → choose the option to require re‑register multifactor authentication. After that, the next sign‑in will prompt to set up Authenticator again on the new phone.
   • This avoids the loop where Authenticator is required to add Authenticator.
2. If this is a work or school account and there is no other admin (you are the only admin)
   • This is a locked‑out admin scenario. The Microsoft Data Protection team must reset MFA after verifying identity.
   • Call Microsoft support using the regional number from the Customer service phone numbers page and ask to open a ticket with the Data Protection team for an admin locked out by Authenticator.
   • When the automated system or agent asks, clearly state:
     • The problem is with “Authenticator”
     • The product is “Office 365 for business” / company account
     • You are the only administrator and cannot pass MFA because the phone is broken
   • If direct phone support is hard to reach, create a temporary trial Microsoft 365 tenant, sign in as admin there, and from that new tenant’s admin center open a support ticket explaining that access is needed to reset MFA on the original tenant. This trial tenant is only for contacting support; it does not give access to the original data.
3. If this is a personal Microsoft account and another sign‑in method exists
   • On the sign‑in screen, choose “I don’t have access to my Microsoft Authenticator app” or similar, then select another verification method (SMS, email, etc.) if it is configured and working.
   • If SMS or email verification fails with service errors, wait and retry, or follow the guidance in the verification‑code troubleshooting article referenced in the Authenticator FAQ.
4. If no alternative method works and there is still some access to the account (for example, logged in on a PC browser)
   • Temporarily disable or change MFA methods from the account’s security settings while still signed in, then set up the new phone:
     • Turn off or adjust 2FA/MFA on the security page.
     • Install Microsoft Authenticator on the new phone.
     • Re‑enable MFA and add the new Authenticator registration.
5. If completely locked out (no old phone, no alternative method, no admin, and cannot reach support through normal path)
   • For business/tenant admins, the only supported path is via Microsoft support/Data Protection as described above.

Until the old device is removed or MFA is reset, sign‑in will continue to request approval on the previous Authenticator instance, so resolving this requires either an admin reset or Microsoft’s Data Protection process.

References:

• Troubleshoot problems with Microsoft Authenticator
• Microsoft Authenticator FAQs
• I have a Micrsoft business account and I am the admin and the only user registered under this account. I can't log in because i have replaced my phone and the authenticator doesn't work. - Microsoft Q&A
• Microsoft authenticator sending me into a spiral - Microsoft Q&A
• Requesting a Tenant Admin MFA Reset - Microsoft Q&A
• Cannot authenticate with E-mail when logging into Microsoft Authenticator(iOS). - Microsoft Q&A