![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(57.599999999999994, 63%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBE%3C/text%3E%3C/svg%3E)
Microsoft Security | Microsoft Authenticator
A Microsoft app for iOS and Android devices that enables authentication with two-factor verification, phone sign-in, and code generation
Because the old phone was factory reset before Microsoft Authenticator could be used to restore or re‑register that account, the existing MFA setup is still tied to the old device and cannot be satisfied by the iPad app.
To regain access, one of the following is required (depending on the type of account and who administers it):
- If this is a work or school (Microsoft 365/Entra ID) account and there is another admin
- A global admin in the tenant must reset or require re‑registration of MFA for the affected user so new methods (including the Authenticator on the new phone) can be configured again. This is the standard resolution when a user loses access to the Authenticator app.
- If this is a work or school account and there is only one admin (you)
- This is a tenant lockout scenario. The Microsoft Data Protection team must be engaged via a support ticket to verify identity and reset MFA on the account. Forum moderators and normal users cannot do this.
- Contact Microsoft support by phone (frontline support) and clearly state that you are locked out of the only global admin account because of Microsoft Authenticator on a replaced phone. The frontline agent will create a service request and route it to the Data Protection team, who can reset MFA and restore access.
- If SMS or email are configured but failing
- Similar lockout cases (for example, SMS blocked or alternative email flow not working) have been resolved only after Microsoft support/Data Protection reset MFA or cleared the problematic factor. If all configured methods fail, self‑service recovery is not possible and support involvement is required.
- For future device changes
- Before switching phones, ensure backup/restore is working for Authenticator (for example, iCloud backup on iOS) and that the app is opened at least once on the old device so the backup is current.
- After getting a new phone, install Authenticator, restore from backup if available, then sign in to the account’s security/MFA page and confirm or re‑add methods on the new device before wiping the old one.
In the current state (old phone wiped, Authenticator on iPad not accepted, and no working alternative MFA method), recovery requires contacting Microsoft support so the Data Protection team or tenant admins can reset MFA for that account.
References:
- Troubleshoot problems with Microsoft Authenticator
- Use a screen reader to set up and troubleshoot multifactor authentication
- I don’t see my backup restored on my new iOS device. How can I troubleshoot?
- Microsoft Authenticator FAQs
- I have a Micrsoft business account and I am the admin and the only user registered under this account. I can't log in because i have replaced my phone and the authenticator doesn't work. - Microsoft Q&A
- I need to reset my mfa methods - Microsoft Q&A
- Severity A Situation - Locked out of global admin account (MFA) - business down - Microsoft Q&A
- Azure has blocked myphone number for SMS verification due to a “bad reputation” flag - Microsoft Q&A
- Cannot authenticate with E-mail when logging into Microsoft Authenticator(iOS). - Microsoft Q&A