Share via

MCT Azure Portal Lockout - MFA Code Mismatch & No Push Notification?

M Hadis Khan 0 Reputation points
2026-03-23T00:47:32.8766667+00:00

I am an active Microsoft Certified Trainer (MCT). I am currently locked out of portal.azure.com due to a synchronization error with the Microsoft Authenticator app i guess.

Access Status: I can log into Outlook and other services, but the Azure Management API is failing. I am the only administrator for this benefit tenant.

Push Notification Failure: When attempting to log into portal.azure.com, the "Approve a request" notification never arrives on my mobile device.

Code Mismatch: When I select "Use a verification code" as an alternative, the portal provides a 6-digit entry field. However, my Microsoft Authenticator app only generates 8-digit codes for this account.

Device Status: I am using the latest iOS on my iPhone and the Microsoft Authenticator app is fully updated.

Admin Status: I am the only Administrator of this Azure account/tenant and have no other way to access the portal to reset my own security settings.

Need your assistance. Thank you.

Microsoft Security | Microsoft Authenticator
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. M Hadis Khan 0 Reputation points
    2026-04-07T18:32:08.6233333+00:00

    Updating this thread as I am still unable to access my MCT benefit tenant. As the sole Global Admin, I am completely blocked from managing my resources. Is there a way to escalate this to the Data Protection Team for a manual MFA reset?

    0 comments
  2. Q&A Assist
    2026-03-23T00:47:47.15+00:00
    AI generated content. This question contains an answer created with AI from Q&A Assist. Learn more

    The symptoms indicate an MFA problem where the only registered method (Microsoft Authenticator) is not working and there is no alternative verification method or additional admin to reset it. In this situation, self-service recovery is not possible and the tenant must be recovered by Microsoft support.

    Based on similar cases:

    1. When another global admin exists, that admin can fix this by:
      • Signing in to the Azure portal → Microsoft Entra ID → Users → select the affected user → Authentication methodsRequire re-register multifactor authentication.
      • After this, the next sign-in prompts a fresh MFA registration.
    2. When there is no other global admin (your case):
      • This is treated as a tenant lockout / Data Protection scenario.
      • Microsoft support (Data Protection / Tenant Recovery team) must verify tenant ownership and then reset MFA or restore access.
    3. For similar lockout situations (lost phone, bad phone reputation, only one global admin), resolution was achieved only after:
      • Opening a support ticket and having the Data Protection team reset MFA or restore access to the tenant.

    Action path for this scenario:

    1. From any Microsoft 365/Azure-related support entry point where sign-in is still possible (for example, using the same account in Outlook or other services), initiate a support request describing:
      • Global admin locked out of Azure portal.
      • Only admin on the tenant.
      • Microsoft Authenticator push not arriving and code mismatch.
      • No alternative MFA methods configured.
    2. In the support request, explicitly ask for escalation to Data Protection / Tenant Recovery to:
      • Verify ownership of the tenant.
      • Reset MFA registration for the global admin account.
    3. After Data Protection resets MFA:
      • Sign in again; the account will be prompted to re-register MFA.
      • Configure multiple methods (e.g., Microsoft Authenticator plus phone/SMS) and, if possible, add a second global admin to avoid future lockouts.

    There is no supported way to bypass or reset MFA from the portal when the only global admin is locked out and no alternative methods exist; Microsoft support must intervene.

    References:

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.