Locked out of Microsoft 365 admin account due to MFA – no authenticator set up

Hi @Maydelin Gil,

Good day, and I appreciate the detailed description of your issue.

As part of the community support team, my access is limited and I cannot make changes to administrator-level settings. For security reasons, only Microsoft’s specialized support team has the necessary tools and permissions to assist with account-level issues such as MFA resets or advanced troubleshooting.

Since you are the sole Global Administrator for the tenant, please follow the steps below to complete the account recovery process and regain access.

Option 1: Contact Microsoft Data Protection Support by phone (Primary Method)

(Please proceed with the second option if contacting phone support is not applicable to the situation)

To regain access to your admin account as you can't access the Admin Portal, you can try reaching out to our Global Customer Service phone to raise a request for resetting your authentication method here: Customer service phone numbers - Microsoft Support. During the call, request to speak to an agent, and share with them every detail related to your query and also mention that you are the only admin lost access to your account. This should allow you to contact the appropriate team so you can solve this incident as soon as possible.

Here are some tips and an example of a prompt to help you navigate the IVR more effectively:

(When you call the support number, you may hear an introduction of about 30 seconds such as "you can visit the link...". You can ignore this introduction and wait until you are presented with the options. Then press "1" as a business email user, and again "1" for technical help.)

In some countries, it is an automated conversation like:

IVR: What kind of problem are you concerned about?

You: Authenticator.

IVR: What kind of product do you use?

You: Office 365 for business.

IVR confirmation: education or company account?

You: For companies

IVR: Are you an administrator?

You: Yes.

IVR: Do you have another administrator in your organization?

You: No.

You: Yes. I need to create a ticket. Please send me directly to the Data Protection Team.

Please note that forum moderators do not have access to user account settings and cannot assist with logging in, resetting passwords, or changing access rights. While we do not have access to internal systems or administrative tools required to resolve account-specific or backend-related issues but we’ll continue doing our best to support you within the scope of our responsibilities.

Option 2: Create a new tenant to submit a support ticket (Alternative method)

If you still cannot reach to a live agent, there is still a workaround, you might consider registering for a new tenant by signing up for a trial subscription via this link: Microsoft 365 Business Plans and Pricing | Microsoft 365. (please select "Try for free" under a business subscription and click Next).

When prompted, enter your email. You can use your personal email or create a new Microsoft personal account for this step.

Then select Set up account to move forward.

From this step, the system should guide you through creating your tenant and assign you a default onmicrosoft.com domain.

Once set up, you can access the admin console of the trial tenant using the onmicrosoft account and submit a support ticket requesting to speak with the Data Protection team on behalf of your previous tenant.

To create a support ticket: In the Microsoft 365 admin center > Help & Support.

In your ticket description, you'll need to clearly explain that you're trying to regain access to your previous Microsoft 365 tenant and need help from the Data Protection team. Here's a message you can use or adapt:

"Hello, I’m unable to access my previous Microsoft 365 tenant because and I'm the only admin.

I created this new tenant solely to request assistance. I kindly ask to be connected with the Data Protection team to verify my identity and help me recover access to the original tenant.

This is urgent, as I rely on Microsoft 365 for my work and have been unable to operate for several days. I’m available to provide any documentation or verification needed to support the recovery process."

It is important to note:

• Please remember to cancel turn off recurring billing for the trial subscription once your issue is resolved to avoid any unintended charges. You may prefer the following resource for detailed instructions: Cancel your Microsoft business subscription in the Microsoft 365 admin center | Microsoft Learn.
• During the initial setup of the trial tenant, please ensure MFA is configured and not skipped, as skipping this step may result in access issues or restricted recovery options later.

I hope this helps you regain access to your account quickly. I'm glad to assist and truly hope the information provided has been useful. Please feel free to reach out anytime if you need further assistance.

If you find my post useful, kindly consider upvoting it. Doing so can assist others in the community who may have similar questions in finding solutions more quickly.

Thank you for your kindness and contributions to the forum.

If the answer is helpful, please click "Accept Answer". If you have extra questions about this answer, please click "Comment".

Note: Please follow the steps in this documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

In this situation, self-service recovery is not possible because there is only one administrator and that account is blocked by MFA with no usable method. The tenant must be recovered by Microsoft Support (Data Protection team) after verifying ownership.

Use the following process:

1. Try any alternative verification method
   • If any other MFA method was ever configured (SMS, voice call, other app), use Other verification options on the sign-in screen and try those methods first.
   • If SMS/voice is configured but not working, verify that the phone numbers on the account are correct and ask another global admin to check or fix them if such an admin exists.
   • If there is no other admin and no working alternative method, continue with the steps below.
2. Confirm there is no other global admin
   • If another global administrator exists in the tenant, that admin can:
     1. Sign in to the Azure portal → Microsoft Entra ID.
     2. Go to Users → select the locked-out admin account.
     3. Open Authentication methods.
     4. Select Require re-register multifactor authentication.
     5. The next sign-in for that admin will prompt for fresh MFA setup, allowing Authenticator or another method to be registered again.
3. If this is truly the only admin: involve Microsoft Data Protection team
   • When there is only one global admin and that account is locked by MFA, Microsoft’s Data Protection / Tenant Recovery process must be used. Forum moderators and normal support channels cannot directly change the account.
   • Call Microsoft Support using the regional Customer service phone numbers listed in the documentation. This must be done by phone so identity and tenant ownership can be verified.
   • When calling, follow the automated prompts to reach business technical support and clearly state:
     • This is a Microsoft 365 for business / company account.
     • The caller is the only global administrator.
     • The admin account is locked out due to MFA and no authenticator or other MFA method is available.
     • A Data Protection / Tenant Recovery case is needed to reset MFA for the admin account.
   • In some regions the call flow is automated. Typical answers:
     • Product: “Office 365 for business” / “company account”.
     • Role: “Administrator”.
     • Other admins in organization: “No”.
     • Need a service request: “Yes”.
4. If phone support is hard to reach: optional trial-tenant workaround
   • If it is difficult to get through the hotline menus, a temporary Microsoft 365 trial tenant can be created only to open a support ticket:
     1. Sign up for a Microsoft 365 trial to create a new, separate tenant.
     2. Go to the Microsoft 365 Admin Center of the trial tenant and open Help & support.
     3. Create a support ticket explicitly stating that access is needed to a different existing tenant where the only global admin is locked out by MFA.
     4. Ask that the case be routed to the Data Protection team for tenant recovery / MFA reset on the original tenant.
   • After the original tenant is recovered, cancel the trial subscription to avoid charges.
5. What Microsoft will do
   • The Data Protection team will use internal tools and processes to:
     • Verify identity and ownership of the locked tenant (business documentation, domain, billing, etc.).
     • Reset or clear MFA registration for the locked admin account so that sign-in can succeed and MFA can be reconfigured.

Once access is restored, configure at least two independent MFA methods (for example, Microsoft Authenticator plus SMS/voice, or passkeys/certificate-based authentication) and consider adding a second global admin or a Privileged Authentication Administrator so future lockouts can be resolved internally.

References:

• You don't receive a text or voice call that contains the verification code for Microsoft Entra multifactor authentication
• About administrator roles in the Microsoft 365 admin center
• Mandatory multifactor authentication for Azure and admin portals
• Global Admin Locked out - Microsoft Q&A
• Severity A Situation - Locked out of global admin account (MFA) - business down - Microsoft Q&A
• I cant log in to my business account because it is requiring Authenticator app which I do not have - Microsoft Q&A
• I have a Micrsoft business account and I am the admin and the only user registered under this account. I can't log in because i have replaced my phone and the authenticator doesn't work. - Microsoft Q&A
• Microsoft authenticator sending me into a spiral - Microsoft Q&A