Share via

Lost MFA device - locked out of Authenticator App on new device

Student One 0 Reputation points
2026-05-20T09:55:41.27+00:00
  1. I lost the MFA device
  2. I am the only Global Admin
  3. It is a Microsoft 365 Developer tenant
  4. You cannot access support because MFA is enforced
  5. You require MFA reset or tenant recovery guidance
Microsoft 365 and Office | Development | Microsoft 365 Developer Program
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Michelle-N 16,635 Reputation points Microsoft External Staff Moderator
    2026-05-20T10:37:56.2866667+00:00

    We're not Microsoft support, this is a user-to-user support forum. Moderators have no backend access and cannot directly intervene in Microsoft products. We provide only technical guidance and best-practice recommendations based on reported issues

    Hi @Student One

    Based on the information provided, I understand that you are completely locked out of your Microsoft 365 Developer Program tenant. You are the sole Global Admin, your Multi-Factor Authentication (MFA) device has been lost, and you did not configure a backup. Because MFA is strictly enforced, you cannot log in to open a standard support ticket, and you need specific guidance on how to trigger an MFA reset or initiate tenant recovery for a developer account.

    In this case, there are two official paths you can take to regain access to the tenant:

    1.Please visit the following page and reach out to phone number via: Customer service phone numbers - Microsoft Support

    From what I know, you will need to get past the initial AI system to reach the live support team. You can refer to the guide below for tips on how to get through more easily:User's image

    2.If method 1 is not working, please follow this link to create a trial tenant: https://www.microsoft.com/en-us/microsoft-365/business/microsoft-365-business-basic?msockid=3eb6980b5c6860e63a588d0c5d1761d6 - after that you will be able to access to Microsoft 365 Admin Center to raise the ticket

    Assuming that you have already created an account after registering a free trial and you can go to Microsoft 365 admin center and click "Help & support" icon to raise your ticket. The agent will be able to create a ticket for you under the affected tenant and then transfer this ticket to Data Protection team who could help you to regain access.     User's image User's image

    Please mention that you are raising ticket on behalf of the affected tenant that you do not have access to. The support team will help you to create ticket on the affected tenant then later on the Microsoft Data Protection team will assist you.

    Note: This process will take more time than usual (7-14 working days) for your account to get access again as Data Protection is always overwhelmed with the number of tickets. As I am forum moderator, I do not have access to Microsoft internal system to assist or push this process to be quicker.

    On the other hand, if you do create the trial and it resolves the issue, please remember to cancel the subscription afterward to avoid any related charges. 

    I hope my information is helpful. Please give me any updates once you get this resolved.

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".  

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    Was this answer helpful?

    0 comments

  2. AI answer

    2026-05-20T09:55:55.7666667+00:00

    Because the only Global Administrator is locked out by MFA and cannot access the portal or open a support ticket, this is a tenant lockout scenario that requires Microsoft support intervention (Data Protection / Tenant Recovery).

    Use these steps, in order:

    1. Confirm there is truly no other admin
      • Verify there are no other Global Administrators or admins with roles that can reset MFA (for example, Privileged Authentication Administrator). If any exist, that admin can sign in and reset MFA for the locked-out account by using the documented “Require re-register multifactor authentication” flow.
    2. If there is another admin with the right role
      • That admin should:
        1. Sign in to the Microsoft Entra admin center.
        2. Go to Users → select the locked-out Global Admin account.
        3. Open Authentication methods.
        4. Select Require re-register multifactor authentication.
      • After this, the next sign-in for the locked-out account will prompt for MFA registration again on the new device.
    3. If there is no other admin (only one Global Admin on the tenant)
      • This matches the scenarios described where the only Global Admin has lost the MFA device and cannot complete sign-in.
      • In this case, MFA reset cannot be performed from within the tenant and must be handled by Microsoft’s Data Protection / Tenant Recovery team via a support request.
    4. Contact Microsoft Support (Data Protection / Tenant Recovery)
      • Call Microsoft’s global customer service/support phone for business and clearly state:
        • The issue is a tenant lockout.
        • It is a Microsoft 365 (commercial) / developer tenant.
        • There is only one Global Administrator, who is locked out due to lost MFA device / Authenticator.
        • A reset of MFA / security info for the Global Admin or tenant recovery is required.
      • When interacting with the automated system, explicitly request to create a service request and to be routed to the Data Protection team for tenant recovery and MFA reset, as described in the referenced guidance.
      • Be prepared to provide proof of ownership and tenant details as requested by the Data Protection team.
    5. If phone support is hard to reach
      • As an alternative (used in similar cases), create a temporary new tenant (for example, via a trial subscription) only for the purpose of accessing an admin portal and opening a support ticket that requests Data Protection assistance for the locked-out original tenant. In that ticket, clearly state that the original tenant’s only Global Admin is locked out by MFA and needs MFA reset/tenant recovery.
    6. After recovery
      • Once access is restored, immediately:
        • Add at least one additional Global Administrator.
        • Configure multiple MFA methods (Authenticator, phone, etc.) for each admin.
        • Consider creating emergency “break-glass” accounts excluded from Conditional Access and with strong controls, to prevent future tenant lockouts.

    These steps align with documented tenant lockout and single-admin MFA lockout resolutions, where only Microsoft Support’s Data Protection team can reset MFA for the sole Global Admin when no other admin is available.

    References:

    AI-generated content may be incorrect. Read our transparency notes for more information.

    Was this answer helpful?

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.