Share via

I am the admin, I switched iPhone and transferred authenticator, now not getting request approval or codes.

Abhishek Desai 0 Reputation points
2026-03-23T09:55:13.56+00:00

3 months ago I switched iPhones and cloned my iPhone using in-built feature and after that have lost access to my admin account because the authenticator account is not getting any request approvals or verification code for the admin account but for some reason I still see my admin account in the authenticator but again no codes no request approvals and I am completely locked out.

Microsoft 365 and Office | Subscription, account, billing | For business | iOS
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Liora D 15,800 Reputation points Microsoft External Staff Moderator
    2026-03-23T10:43:37.9533333+00:00

    Dear @Abhishek Desai,

    I’m very sorry you’re running into this situation, I understand how disruptive it is to lose access to your admin account after switching phones.

    According to Microsoft’s official documentation on Microsoft Authenticator backup, what you’re seeing is expected behavior. When you back up or clone an iPhone, Microsoft Authenticator only restores the account name for work or school accounts. The backup does not include the MFA registration itself, such as push‑approval trust, verification keys, or the secure binding between your account and the device.

    image

    Because of this design, after restoring to a new iPhone the admin account can still appear in the Authenticator app but the device is no longer trusted to receive approval requests or generate codes. Which results in sign‑in loops and a complete lockout

    If your organization has another Global Administrator, that admin can sign in to the Microsoft 365 admin center and reset MFA for your admin account, reconfigure Microsoft Authenticator on your phone.

    Your administrator can follow the guidance in the following article: Manage authentication methods for Microsoft Entra multi-factor authentication

    User's image

    Please also note that this forum is a user-to-user support space. Forum moderators do not have access to user accounts and are unable to reset passwords, change authentication methods, or intervene in sign-in issues.

     

    Therefore, if you are the only administrator in your organization, then you need to involve Microsoft data protection team. Please try to find the related hotline number to call the frontline let them raise a ticket for you: Customer service phone numbers - Microsoft Support 

    In some countries, this is an automated conversation: First, when you call the hotline, they will ask you what kind of problem you are struggling with. 

    Answer: Authenticator. 

    A: What products do you use? 

    B: Office 365 for business. 

    Verification: Education or company account? 

    B: For companies 

    A: Are you an administrator? 

    B: Yes. 

    A: Are there any other administrators in your organization? 

    B: No. 

    A: I need one.... Service request? 

    B: Yes 

      If your organization's Office 365 Business/Education subscription is from a partner or reseller, and the global administrator is unable to open a service request on your end, contact the reseller's support provider to help open a service request on behalf of you instead. 

     

    If you still cannot reach to agent, there is still a workaround, you might consider registering for a new tenant by signing up for a trial subscription via this link Compare All Microsoft 365 Plans | Microsoft. This would allow you to create a new tenant following the provided prompts. Once set up, you can access the admin console of the new tenant and submit a support ticket requesting to speak with the Data Protection team on behalf of your previous tenant.  

    Please remember to cancel the trial subscription once your issue is resolved to avoid any unintended charges.  

    I understand that this entire process can feel long and complicated, and I truly appreciate your patience while working through it. These steps are in place to protect the security of your account, so I hope you can understand why they are required. I sincerely hope you’ll be able to regain access to your account soon. If you need help at any point, or if you have any questions during the process, please feel free to reach out, I’m always here and happy to assist.  

    Thank you again for your understanding and patience. 

    Warm regards, 

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".    

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.   

    Was this answer helpful?

  2. AI answer

    2026-03-23T09:55:31.6366667+00:00

    Because the previous iPhone was cloned, the Microsoft Authenticator entry for the admin account is still visible but is no longer providing valid approvals or codes, leaving the tenant effectively locked when there is no other admin available to reset MFA.

    For a Microsoft 365 business tenant where the only global admin is locked out due to Authenticator and there are no working alternative MFA methods (SMS, email, etc.), the supported path is to involve Microsoft’s Data Protection team via a support request. Forum moderators and normal support channels cannot directly reset admin MFA without that process.

    Use these steps:

    1. Contact Microsoft support by phone and request Data Protection
      • Call the appropriate number from the “Customer service phone numbers - Microsoft Support” page.
      • When the IVR asks what the problem is, answer along these lines (as shown in the referenced guidance):
        • Problem: “Authenticator”
        • Product: “Office 365 for business”
        • Account type: “For companies”
        • Are you an administrator?: “Yes”
        • Any other administrators?: “No”
        • Request: “Yes, I need to create a ticket and speak with the Data Protection team to reset my admin MFA.”
      • Clearly state that this is a tenant lockout and that the only global admin has lost access to Microsoft Authenticator and cannot complete MFA.
    2. If phone support cannot be reached, create a temporary trial tenant to open a ticket
      • Sign up for a new Microsoft 365 trial tenant using the “Microsoft 365 Business Plans and Pricing | Microsoft 365” page.
      • After the trial tenant is created, go to the Microsoft 365 admin center for that new tenant and open a support ticket.
      • In the ticket, explain that the ticket is about a different, existing tenant where the only global admin is locked out due to MFA (Authenticator on a replaced iPhone). Provide:
        • The admin email address of the locked tenant.
        • The tenant domain name.
        • Error/behavior details (no approval prompts or codes in Authenticator after phone switch).
        • Confirmation that this account is the only global admin.
      • Ask explicitly for the case to be routed to the Data Protection team to reset MFA for the locked admin account.
    3. Work with the Data Protection engineer
      • Be prepared to verify identity and ownership of the tenant (business details, contact info, etc.).
      • Once verified, the Data Protection team can reset MFA on the admin account so that new authentication methods (including a fresh Authenticator registration on the new iPhone and an additional backup method such as SMS) can be configured.

    After access is restored, add at least one extra MFA method (e.g., phone or another app/device) and, if possible, another global admin account to avoid future lockouts.

    References:

    AI-generated content may be incorrect. Read our transparency notes for more information.

    Was this answer helpful?

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.