Share via

Locked out as sole Global Admin – lost Authenticator and no backup methods

Mohd Umair Ansari 35 Reputation points
2025-06-24T06:36:54.2966667+00:00

I am the only Global Administrator in my Azure AD / Microsoft Entra ID tenant (<PII removed>@removed.onmicrosoft.com).

I recently changed my phone and no longer have access to the Microsoft Authenticator app.

I did not set up any alternate phone number, backup email, recovery codes, or additional admin accounts.

When attempting to sign in, it loops endlessly asking for an authenticator code I can’t provide.

I cannot access any portal or service to open a support ticket.

What I've tried so far:

  • Signing in → “Use a different verification option” → “I don't have any of these,” which leads nowhere
  • Contacting support via bot and global phone numbers, but cannot create a case because I’m locked out .
    This appears to be a tenant lockout scenario (only admin lost MFA), where only Microsoft’s Data Protection / Identity Verification team can intervene .

Request:

Please advise on the official process to regain access. What steps are required to:

Engage Microsoft Data Protection or support when I have no portal access?

Provide required verification (tenant details, phone, email, invoices, DNS records, etc.)?

Once verified, have MFA reset or access restored, then re-register authenticator?

Thank you.

Azure Role-based access control
Azure Role-based access control
An Azure service that provides fine-grained access management for Azure resources, enabling you to grant users only the rights they need to perform their jobs.
Accepted answer
  1. Sanoop M 4,330 Reputation points Moderator
    2025-06-30T02:05:58.4366667+00:00

    Hello Mohd Umair Ansari,

    The issue pertains to a tenant lockout scenario, where you are unable to log into the Azure Portal due to an incomplete MFA process and there are no other global admins in your affected tenant to revoke your current MFA sessions and then re-register MFA on your new mobile device. However, since you mentioned that you are the only Global Admin in your tenant, this qualifies as a tenant lockout scenario.

    To resolve this issue, we have engaged our Data Protection team through a support ticket. They will reach out to you via email or phone to help restore access to the tenant and assist you in resolving this issue.

    I have given the support ticket details over the Private Message for your reference.

    Once the issue has been resolved by our support team, please feel free to revisit here and kindly click "Accept Answer", and "Upvote it" as this will be helpful to other community members facing similar issues.

    1 person found this answer helpful.
    0 comments

2 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Chetan91 25 Reputation points
    2025-08-17T11:33:31.34+00:00

    I am currently facing a critical issue with my Microsoft 365 Business tenant. I am the sole Global Administrator of the account and unfortunately I have lost access to the Microsoft Authenticator app that was configured for Multi-Factor Authentication (MFA).

    Here are the key details of my situation:

    I still know my admin email ID and password.

    During login, I am prompted for verification through the Microsoft Authenticator app, which I no longer have access to.

    There are no alternative MFA methods (SMS, call, backup codes, or secondary admin).

    I am the only Global Admin for this tenant, so I cannot reset my own MFA from another account.

    I am unable to raise a support ticket through the Admin Center due to this lockout.

    This has resulted in a complete lockout from my tenant and services, which directly impacts my business operations.

    I kindly request guidance on how to escalate this case to the Microsoft Data Protection Team for identity verification and MFA reset, as I understand this is the recommended approach for such scenarios.

    Could you please advise the correct next steps or connect me with the appropriate team?

    Thank you in advance for your support.

    0 comments
  2. VILLANUEVA Angelica 0 Reputation points
    2025-08-20T04:04:05.9966667+00:00

    Hello,

    I’m experiencing an issue related to my Visual Studio subscriptions and Azure access.

    I have two paid Visual Studio subscriptions under my organization. I activated the Monthly Azure Credits for Visual Studio Subscribers benefit for both. The first subscription is linked to my organization’s Microsoft Entra ID tenant, and everything works fine there.

    For the second subscription, I created a new tenant and moved the Azure subscription to it. I did this because my organization’s tenant has restricted permissions that prevent me from deploying certain Azure resources.

    I am the only Global Administrator in this second tenant. Unfortunately, I mistakenly deleted the MFA configuration for my user account in this tenant. As a result, I can no longer access the Azure portal for that tenant.

    To clarify:

    • I can still access the Azure portal for my organization’s tenant.
    • I cannot access the Azure portal for the second tenant due to the MFA issue.

    I would appreciate assistance with either:

    1. Resetting MFA for my user in the second tenant, or
    2. Moving the Azure subscription back to my organization’s tenant.

    Thank you for your support.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.