Locked out of Microsoft 365 admin account due to lost phone and MFA (Authenticator) – need reset

Hi @Subhasri,

Thank you for posting your question in the Microsoft Q&A forum.      

I’m very sorry to hear about your situation.Regarding that you’re unable to log in to your global admin account.   

If you don't have any other admin account in this situation, the Microsoft Data Protection team has tools and processes in place to verify identity and regain access to administrator accounts.    

Please note that forum moderators have no control over user accounts, especially when it comes to logging in to your account, resetting your password, changing your access, etc.    

Therefore, If you are the only administrator in your organization,  then you need to involve Microsoft data protection team. Please try to find the related hotline number to call the frontline let them raise a ticket for you: Customer service phone numbers - Microsoft Support 

*(Important Note: Depending on your country or region, when you call the support number, you may hear an introduction of about 30 seconds such as "you can visit the link...". You can ignore this introduction and wait until you are presented with the options. Then press "1" as a business email user, and again "1" for technical help.)     

In some countries, this is an automated conversation: First, when you call the hotline, they will ask you what kind of problem you are struggling with.    

Answer: Authenticator.    

A: What products do you use?    

B: Office 365 for business.    

Verification: Education or company account?    

B: For companies    

A: Are you an administrator?    

B: Yes.    

A: Are there any other administrators in your organization?    

B: No.    

A: I need one.... Service request?    

B: Yes    

If your organization's Office 365 Business/Education subscription is from a partner or reseller, and the global administrator is unable to open a service request on your end, contact the reseller's support provider to help open a service request on behalf of you instead.    

Alternatively, you can try set up a new trial tenant and submit your support request:   

1. Visit the Microsoft 365 Enterprise Plans page: Go to Compare Office 365 Enterprise Pricing and Plans | Microsoft 365.   
2. Choose a plan and start a free trial: Select any of the available plans and click "Try for free" to begin the trial setup process.   
3. Follow the guided setup: Complete the steps to create a new Microsoft account and a new tenant. This will be a separate and independent Microsoft 365 environment.   
4. Access the Microsoft 365 Admin Center: Once the new tenant is created, navigate to https://admin.microsoft.com/.   
5. Go to Support: In the left-hand navigation menu, click on "Support" and then "Help & support."   
6. Raise a support ticket: Describe your issue in detail. Crucially, you must clearly state that you are locked out of a different, pre-existing Microsoft 365 tenant where you are the administrator. Provide the following information about your locked account:    
   • Your administrator account email address for the locked tenant.   
   • The domain name of your locked tenant    
   • Any error messages you are receiving.   
   • Details about the authentication issues you are experiencing.   
   • Confirmation that you are the administrator of the locked tenant.   
7. Submit your ticket: Follow the prompts to submit your support request. You will likely receive a ticket number for tracking.   

When you open a support ticket, please make sure to turn off the Support Assistant (AI) in the help panel.  

Several customers have reported issues when the Support Assistant is turned on  the system sometimes fails to display the “Contact Support” option.  

As shown in the screenshot, simply switch Support Assistant → Off, then type your issue description.  Once the AI is off, the “Contact Support” button will appear normally, allowing you to submit a ticket directly.  

Important notes:    

• This new trial tenant will not give you access to any of the data or settings in your original locked tenant. It is solely a temporary means to contact Microsoft support.   
• Be prepared for Microsoft support to ask for verification of your identity and administrative rights for the locked tenant.   
• The resolution time might be longer as you are contacting support from a different tenant.   
• Remember to cancel the trial subscription for the new tenant once your issue with the original account is resolved to avoid any unintended charges. You can typically do this within the Microsoft 365 Admin Center under "Billing" -> "Your products."   

I hope these steps will help resolve your issue. If you need further assistance, we are always here to help.     

Thank you again for your time and understanding. While my initial response may not resolve the issue immediately, I’d like to gather more details about your situation so I can assist you more effectively.    

I really appreciate your patience, and I’m here to help. Looking forward to your response.   

If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".    

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread

Because the account is protected by MFA and there is only one administrator on the tenant, recovery depends on whether another admin can reset MFA for the account. In this scenario, there is no second admin, so the only supported path is escalation to Microsoft Support (Data Protection team) to verify ownership and reset the authentication methods.

Use the following approach:

1. Confirm there is truly no other Global Admin
   If there is any other Global Administrator in the tenant (even a break-glass account), that admin can:
   • Sign in to the Azure portal → Microsoft Entra ID → Users → select the locked-out admin account.
   • Go to Authentication methods and select Require re-register multifactor authentication.
   • After this, sign-in will prompt to set up MFA again on a new device.
     This is the standard resolution when another global admin exists.
2. If this is the only Global Admin (your case)
   When there is no other admin who can reset MFA, Microsoft’s Data Protection / Tenant Recovery process must be used. Forum moderators and normal support agents cannot bypass MFA or change account details directly. Follow the pattern used in similar locked-out-admin cases:
   • Contact Microsoft Support by phone (preferred)
     Call the Microsoft global customer service number for the region (see “Customer service phone numbers - Microsoft Support” in the referenced answers).
     When interacting with the IVR/agent, clearly state:
     • The product: Office 365 for business / Microsoft 365 for business.
     • The issue: Locked out of the only Global Administrator account due to lost phone / Microsoft Authenticator; need Data Protection / Tenant Recovery to reset MFA.
     • Confirm there is no other administrator in the organization who can reset MFA.
     Use a script similar to what is recommended in the context:
     • Problem type: “Authenticator” or “Multi-factor authentication lockout”.
     • Product: “Office 365 for business”.
     • Account type: “Company account”.
     • Are you an administrator?: “Yes”.
     • Any other administrators?: “No”.
     • Request: “I need to create a service request and be routed to the Data Protection team to regain access to my tenant and reset MFA.”
   • Be prepared for verification
     The Data Protection team will use internal tools and procedures to verify identity and ownership of the tenant (for example, business details, domain information, billing details). Once verified, they can help restore access and reset MFA registration for the admin account.
3. Alternative escalation path if phone support is difficult
   If reaching a live agent is problematic, a documented workaround is:
   • Sign up for a new trial Microsoft 365 tenant (for example, via a Microsoft 365 Business or Enterprise trial).
   • In that new tenant, go to the Microsoft 365 admin center → Support → Help & support and open a support ticket.
   • In the ticket, clearly state that:
     • The ticket is about a different, existing tenant used for testing.
     • The admin account on that original tenant is locked out due to MFA on a lost phone.
     • It is the only Global Administrator on that tenant.
     • Request to be connected to the Data Protection team to verify ownership and reset MFA for the original tenant.
   • This temporary tenant is only a channel to reach support; it does not grant access to data in the locked tenant. Remember to cancel the trial later to avoid charges.
4. What cannot be done
   • Support agents and community moderators cannot send verification codes, bypass MFA, or directly modify security settings for the account without going through the Data Protection process.
   • If MFA is enabled and no alternate methods are accessible, self-service recovery is not possible; only the verified Data Protection workflow can restore access.

Once Data Protection completes verification and resets MFA, sign in again with username and password, then register new MFA methods (Authenticator on the new phone, plus at least one backup method such as SMS or phone call) to avoid future lockouts.

References:

• Can't use Azure Multi-Factor Authentication to sign in to cloud services after you lose your phone or the phone number changes
• You don't receive a text or voice call that contains the verification code for Microsoft Entra multifactor authentication
• Common problems with two-step verification for a work or school account
• Use a screen reader to set up and troubleshoot multifactor authentication
• Help with the Microsoft account recovery form
• About administrator roles in the Microsoft 365 admin center
• Global Admin Locked out - Microsoft Q&A
• Requesting a Tenant Admin MFA Reset - Microsoft Q&A
• I need to reset my mfa methods - Microsoft Q&A
• I have a Micrsoft business account and I am the admin and the only user registered under this account. I can't log in because i have replaced my phone and the authenticator doesn't work. - Microsoft Q&A
• Severity A Situation - Locked out of global admin account (MFA) - business down - Microsoft Q&A