Share via

How to Recover Admin Microsoft Account with Lost MFA Access? I am the only admin of my organization.

Techinee Akkaragumtorn 40 Reputation points
2025-02-13T06:48:58.32+00:00

I have got the same problem with this thread  

https://learn.microsoft.com/en-us/answers/questions/2156027/how-to-recover-admin-microsoft-account-with-lost-m

Please help me remove MFA 

I try to login and it keeps asking verify my identity with only 2 options which I can not answer

1.     Approve by Authenticator app

2.     With code from Authenticator app

Microsoft Authenticator
Microsoft Authenticator
A Microsoft app for iOS and Android devices that enables authentication with two-factor verification, phone sign-in, and code generation.
8,155 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
23,426 questions
0 comments
Accepted answer
  1. Raja Pothuraju 14,990 Reputation points Microsoft Vendor
    2025-02-14T11:07:46.64+00:00

    Hello @Techinee Akkaragumtor,

    Thank you for posting your query on Microsoft Q&A.

    As we discussed over email. The issue relates to a tenant lockout situation where no other global admin in the tenant has the necessary admin rights to re-register MFA.

    To resolve this, we engaged our Data Protection team through a support ticket. Please connect with our support team via the ticket, and they will assist you in resolving the issue.

    I hope this information is helpful. Please feel free to reach out if you have any further questions.

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    1 person found this answer helpful.

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Gideon Omole 0 Reputation points Microsoft Vendor
    2025-02-13T14:45:43.1366667+00:00

    Hello @Techinee Suksamran

    To resolve this, you would have to raise a support ticket to the data protection team through the Azure portal.

    Alternatively, If your subscription was acquired through, a Microsoft partner, you can reach out to them to help you sign into your tenant and create another Global Admin account.

    As best practice, Microsoft recommends that organizations have two cloud-only emergency access accounts permanently assigned the Global Administrator role. These accounts are highly privileged and aren't assigned to specific individuals. The accounts are limited to emergency or "break glass" scenarios where normal accounts can't be used or all other administrators are accidentally locked out.

    https://learn.microsoft.com/en-us/entra/identity/role-based-access-control/best-practices#5-limit-the-number-of-global-administrators-to-less-than-5

    I hope this helps

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.