Urgent: Global Admin locked out due to MFA – unable to access Entra ID

Question

Urgent: Global Admin locked out due to MFA – unable to access Entra ID

imos04 0

Hello,

My phone was recently damaged and reset, which caused me to lose access to my Microsoft Outlook/Authenticator app. Because of this, I can no longer receive the MFA verification codes required to log in to Entra ID.

I am able to log in to Outlook and I still have an active session open in admin.microsoft.com, but MFA always tries to send verification only to the broken phone. When I try to switch to SMS verification, I get an error message and cannot proceed. This leaves me stuck in a never-ending loop.

I have already opened a support ticket through the admin portal, but so far my case has just been passed around between different teams, and I still don’t know if anyone is actually working to resolve it. This situation is very stressful because I am the only Global Admin on the tenant, and without access to Entra ID I cannot manage anything at all.

Right now, all I can do is wait indefinitely, which is not acceptable for such a critical issue. I understand that Microsoft support receives many requests, but an MFA reset for a locked-out Global Admin should not take longer than 48 hours to resolve.

Please escalate this issue urgently. I need my MFA reset as soon as possible so I can regain access to Entra ID.

Thank you,

2 answers

Your answer

Answer 1

Flora-T 7,385 Microsoft External Staff Moderator

Hi imos04

Thanks for reaching out to the Microsoft Q&A Forum and sharing your issue.

Based on your description, you're unable to access your Entra ID account due to an MFA issue with your damaged phone. Please understand that account recovery cannot be handled directly through this public forum for your privacy and security. As a forum moderator, I don't have access to Microsoft systems or user accounts, but I'm here to connect you with the right resources.

Since you are the sole administrator for your tenant, you will need to contact Microsoft's Data Protection team directly by phone: Customer service phone numbers - Microsoft Support. Be sure to have your tenant details and any existing support ticket numbers ready to expedite the process.

Reminder: To prevent similar issues in the future, I strongly recommend assigning at least two Global Administrators to your Microsoft 365 tenant. This ensures that if one admin is locked out or unavailable, the other can still manage and recover access to the account.

Create a trial business account: Go to Microsoft 365 Business Plans and Pricing and click Try for free to set up a temporary Microsoft 365 tenant with a trial license.
Use this new account to sign in to the Microsoft 365 Admin Center and submit a support request on behalf of your primary (locked) account. For further instructions, you can follow this guide: Get support - Microsoft 365 admin | Microsoft Learn

Please understand that the Data Protection team typically takes 7-10 working days to process such requests, so follow up as needed.

Note: This method doesn't require you to use your new account for your business. Instead, it allows you to create a temporary global administrator account so you can submit a support request, as your original global administrator account is locked out due to issues with multi-factor authentication. The trial account is free for one month. Be sure to delete it after submitting your support request to avoid any automatic renewals or charges from Microsoft.

Please understand that our initial response may not always resolve the issue immediately. However, with your further updates and more detailed information, we can work together to find a resolution.

I truly appreciate your patience and understanding.

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

imos04 0 Reputation points

2025-10-01T10:49:28.2533333+00:00

I have already created a support ticket through admin.microsoft.com. Do I need to sign up for a business account to create another support ticket?
Flora-T 7,385 Reputation points Microsoft External Staff Moderator

2025-10-02T14:30:23.42+00:00

Hi imos04

Thanks for the prompt update.

At this time, you don't need to sign up for a separate business account to create another support ticket. Since you've already opened one through the Microsoft 365 Admin Center (admin.microsoft.com), I recommend continuing to follow up on that existing ticket for now and kindly allow a few more days for the support team to respond.

In the meantime, if you still have an active session open in the Microsoft 365 Admin Center, you may be able to manage your authentication methods by following the steps in this official Microsoft Learn article: Manage user authentication methods for Microsoft Entra multifactor authentication. This could allow you to reset or update your MFA options (e.g., adding SMS or a new Authenticator app) without needing full re-authentication.

Finally, since you're the only Global Admin on the tenant, I strongly recommend assigning at least one additional Global Administrator to your Microsoft 365 tenant as soon as you regain access. This will help prevent similar lockout scenarios in the future and ensure business continuity.

If my response is helpful to your issue, even in part, could you kindly mark the initial answer as Accepted? It helps strengthen the community by making this thread easier for others to find.

Thanks for your understanding and contribution.
imos04 0 Reputation points

2025-10-02T15:10:57.4666667+00:00

Hello Flora,

Thank you for your response. Unfortunately, I no longer have an active session with entra.microsoft.com, and Outlook is only signed in on a secondary device where the session is still open. However, MFA seems to always send the prompt only to my first device, which is now broken and no longer available.

I am also concerned that I might not receive further assistance because my subscription is a free Microsoft 365 E5 Developer plan, which I understand may not be covered by the same SLA support as paid tenants.

That said, I have been actively developing with Microsoft technologies for more than two years, and I have applications registered in Entra ID (Azure AD) that are important to my work. I also have a community of users who follow my tutorials, and many of them have chosen to subscribe to Office 365 because of my guidance.

I sincerely hope that this issue can be resolved, as I currently have no way to access Entra ID and I have not received any follow-up updates. I am genuinely worried about this situation and would greatly appreciate your help in ensuring this case receives proper attention.

Thank you for your understanding.
Flora-T 7,385 Reputation points Microsoft External Staff Moderator

2025-10-03T11:56:09.5533333+00:00
Hi imos04

Thank you for the additional details and for sharing more about your situation. I appreciate your contributions to the Microsoft developer community and how you're helping others with tutorials and app development.

Microsoft Support can potentially assist with MFA resets for developer tenants, as these are handled on a case-by-case basis. However, since the E5 Developer subscription is intended for non-production use and doesn't include formal SLAs or guaranteed support response times, resolutions might take longer or be prioritized differently.

Based on my research on similar cases, you may consider trying recommended steps to regain access:

In case you can still access the Microsoft 365 Admin Center, you might be able to assign a second Global Administrator. If successful without triggering MFA, the new admin can log in and help reset your MFA from Entra ID.

Follow up on your ticket including the details you shared here about your developer contributions and the business/developmental impact. If you have the ticket number, you could also try reaching out via phone support for Microsoft 365.

Try accessing your security info at mysignins.microsoft.com using the active Outlook session on your secondary device. This might allow you to view or update authentication methods without triggering the broken device's MFA prompt. Please note: This will only work if you're already logged in on an accessible device or browser session.

As a forum moderator, I’m here to help guide discussions and share insights based on Microsoft documentation and community experience. I hope one of these steps is helpful in your issue.

Answer 2

Hello, Flora

Thank you for your response.

My account is a Microsoft 365 E5 Developer subscription. I can still access Outlook and admin.microsoft.com using an existing session, but I cannot access Entra ID because MFA always requires the Outlook/Authenticator app from my old phone, which I no longer have.

I have already created a support ticket through admin.microsoft.com using this tenant.

Could you please confirm if this is sufficient, or do I really need to create a separate Business tenant just to submit another ticket?

As I am the only Global Admin on this tenant, I urgently need help resetting MFA or disabling Security Defaults so that I can regain access to Entra ID.

Thank you for your assistance.

Share via

Urgent: Global Admin locked out due to MFA – unable to access Entra ID

2 answers

Your answer