Can't access my test AAD tenant because of MS Authenticator APP

Michał Laskowski 6 Reputation points
2021-07-09T13:54:43.32+00:00

Hello All,

Few days ago I have switched my mobile from Android to iOS. Old phone was restored to default.
From then, I lost my access to my test AAD tenant because I have a prompt to confirm my identity. I there I can only confirm from my MS APP. But I don't have any of accounts there:
113395-2021-07-09-15-52-08-sign-in-to-microsoft-azure.png

I've also tried to add the app on different android device but with no luck.

What I can do in this situation ?

Microsoft Authenticator
Microsoft Authenticator
A Microsoft app for iOS and Android devices that enables authentication with two-factor verification, phone sign-in, and code generation.
5,585 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,691 questions

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Shashi Shailaj 7,581 Reputation points Microsoft Employee
    2021-07-09T15:08:40.64+00:00

    Hello @Michał Laskowski ,

    I am sorry that you have face this situation . Did you have backup setup to your Microsoft account on your old android phone ? Android to iOS backup and restore is not possible due to design and restrictions by the OS vendors (google & apple) . The troubleshooting section describes your scenario . Your backup is stored in the iCloud for iOS and in Microsoft's cloud storage provider for Android. On android a personal Microsoft account can be used and on iOS a iCloud account is needed.

    " Changing operating systems: Your backup is stored in the iCloud for iOS and in Microsoft's cloud storage provider for Android. This means that your backup is unavailable if you switch between Android and iOS devices. If you make the switch, you must manually recreate your accounts within the Microsoft Authenticator app. "

    First I will explain the android part . The linked article above shows the backup and restore procedures. The Android phone backup option looks like below.

    backup-and-recovery-turn-on-android.png

    If you have reset the old phone to default then probably the accounts data is already gone and there is no way to recover it from old phone. However if backup was enabled then the data might still be present on your Google account side.

    You require to setup the same Microsoft account on your Android phone first and then try to install the Authenticator app .
    Now try to use the begin restore option . You must be very cognizant about using the correct sequence. because if you select add account and add it , the old data on your online backup will be erased as the device will sync again and send any existing accounts to the google backup .
    backup-and-recovery-begin-recovery.png

    113288-image.png

    There are generally 4 ways of MFA that anyone can set . Do you remember which one you had setup ? If you had setup multiple ways of logging in , you should be able to change it using your admin Azure AD account. This will work if you have a second admin account in your test tenant . or if you had setup a second method. The screenshot you shared seem to have only MS authenticator app related options so it may not work for you . But if you have a second global admin account in your azure AD tenant . you can use that to recover this.
    113358-3fcda363-6417-45a0-beb1-a61db78c1004.png

    Another way is to setup one-time bypass for this user if you have access to the azure AD test tenant . You can use your second Global Administrator to configure One-time bypass for your account using below option:

    Azure Portal > Azure Active Directory > Security > Multi-Factor Authentication > One-time bypass .
    Once this is done , you will be able to login to https://aka.ms/mfasetup using your username and password and change the MFA method.

    If none of the above work for you then you may need to engage Microsoft support . If you have a support plan with your dev/test account , please open a new ticket for the same. If you do not have any such plan , you can use the global support numbers to engage with support directly . Since this is a matter of account security and privacy and its impossible to verify all the details over a forum considering privacy compliance. You may have to call the global support as per your region and work with them to get this solved.

    Hope this helps you resolve your issue. If the information provided is helpful , please do accept it as answer. Should you have any issue with engaging support do reply and we will help you further on this.

    Thank you.

    0 comments
  2. Simon Burbery 546 Reputation points
    2022-02-19T04:59:05.627+00:00

    I think there are failings on MS part here... I used to set up push notifications as my primary method seeing as it is so easy, but when I recovered my account on a new phone, all of the push accounts I created said "Action Required" and told me I had to scan the QR code to reactivate the prompts! Who takes a screenshot of all the QR codes they use, potentially (in my case) across 15 or so accounts? All the accounts set up with a code came back without issue, so that's how I configure it all the time now to be on the safe side.

    If there is going to be "Action Required" after recovery, you must force the set up of at least the text method as well, so the user can get back into their account to rescan the QR code. If a user has to contact IT to reset MFA after 'recovering' the app, it hasn't really been 'recovered' has it?

    0 comments