question

NandhiniVelu-5229 avatar image
0 Votes"
NandhiniVelu-5229 asked XinMa commented

Sole admin of tenant, have lost access to the authenticator app and unable to login azure portal


I created one tenant in azure account and using that for my work. I am the sole admin of that tenant. The only 2FA options I have to log in are via the authenticator app, which I now can't do. Even i am not able to change tenant for the subscription. Please help me to resolve this issue.

azure-active-directorymicrosoft-authenticatorazure-ad-authenticationazure-ad-passwordless-authentication
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

learn2skills avatar image
0 Votes"
learn2skills answered AytacKirmizi edited

Hi @NandhiniVelu-5229

Refer the below URL, if this helps your request.

Change your two-factor verification method and settings

To setup QR verification on the mobile, follow the below steps


  1. Sign in to https://myapps.microsoft.com using your azure ID.

  2. Select your account name in the top right, then select profile

  3. Select additional security verification
    85186-image.png


  4. Add a new account to the Microsoft authenticator app – follow steps from the below URL
    https://docs.microsoft.com/en-us/azure/active-directory/user-help/multi-factor-authentication-end-user-manage-settings


If the Answer is helpful, please click Accept Answer and up-vote, this can be beneficial to other community members.

· 3
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

I created tenant other than default one. So dont able to switch to that directory. If I do it is directly going to 2fa authentication page.

0 Votes 0 ·

Did you able to fix this? I am having same problem.

0 Votes 0 ·

Hi, I have the same problem. Is there any easy fix, or did we involve the MS Support? I don´t need my "faulty" tenant anymore, but I can´t leave the roganization neither I am able to delete that tenant.To be able, to delete the tenant is also an option for me, but I am not able to do that on the UI, is there maybe a way through Azure CLI. I have a MS MPN Subscription, which is assigned to me through my company. I have created a new AAD Tenant for test some scenarios. I activated mfa through the Authenticator app. In the meanwhile I have changed my phone, did an export of my Authernticator profiles and imported them after setting up my new phone. Unfortunatly not all profiles could be exported successfully... The other tenants were from customers, so I have contacted them and they could reset my MFA settings. But for my tenant I am the only admin and user ... and I am not able to access this ressoruce as an admin anymore.

0 Votes 0 ·
amanpreetsingh-msft avatar image
0 Votes"
amanpreetsingh-msft answered

Hi @NandhiniVelu-5229 · Welcome to QnA platform and thank you for reaching out.

The recommendation is to always keep break-glass admin account, by excluding one or more global admins so that you can revert the settings. However, if you forgot to keep a breakglass account, the only option is to open a support ticket to get Microsoft Data Protection team engaged for this issue. If you are unable to sign into your tenant, you can use any other tenant or signup for a new one to open a support ticket.

After providing required information and evidence to prove the company ownership on the subscription, they can help you with providing admin access to your tenant.


Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

hyaman avatar image
0 Votes"
hyaman answered XinMa commented

We have been facing the same issue for the last five days; the support doesn't understand how critical this issue is. As a result, we are unable to access our DevOps, Emails, Azure subscription. More strangely, the MFA has never been set up on our subscription.

Now I'm spending my time trying to convince MS support how critical the situation is :(.

I appreciate any help you can provide.

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

have got any Feedback from MS

0 Votes 0 ·
XinMa avatar image
0 Votes"
XinMa answered

We have the same problem, which is quite frustrating.

i created a B2C domain on side of our Azure active directory for testing. at this B2C domain i am the only admin and user , also domain is with MFA active. By switching Phone i lost Authedicator App. Now i cannot log in to this Domain. it's OK. but I can log in to the my Azure active directory no problem at all.

But huge problem is at on Visual Studio, when i want to connect a service from Azure, always ask me the MFA by logging, but i do not have any MFA on my orginal Azure Active Directory, always link to the B2C domain MFA, very frustrating.

I do not need to logging with B2C domain, any Suggestion instead of Ticket!?

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.