Tag Archives: Authenticator app

No MFA in Microsoft 365 due to lost phone (locked out)

December 27, 2024 jaapwesselius 1 Comment

I have lost my phone and thus lost my Microsoft Authenticator app. Too bad, two admin accounts in two different tenants only have the Authenticator app configured. So, when logging on to a tenant, the password is accepted, and the second factor is requested. It’s too bad this won’t work since the new phone is not configured for this tenant. I didn’t notice this earlier because in older tenants, you have the SMS option as a backup by default, and for newer tenants, this is no longer the case. My bad I’m afraid.

If the option “I can’t use my Microsoft Authenticator app right now” is selected, only a verification code is possible, which is only available in the Authenticator app. No phone number, no phone call-back, and no SMS are possible, so it’s an endless loop.

The only option right now is to log a call with Microsoft Support from a different tenant. To my surprise, the initial support agent called me within 15 minutes. After verifying that it was me, he added some notes and escalated to the compliance team.

Within two days, an engineer from the compliance team contacted me. After checking again, he found that it was me. He created a new incident in the original (not accessible) tenant and closed the current incident. He then reset the MFA configuration, and within a couple of hours, I was able to log on again with my existing password and configure MFA on my new authenticator app.

Valuable lesson learned: make sure that you have a backup MFA solution, otherwise there’s the risk of locking yourself out.

Office365

How to change MFA method for your Office 365 account

August 10, 2021 jaapwesselius Leave a comment

This might look like an easy blogpost (actually, it is) but every time I’m struggling with this, so I decided to write it down.

My default MFA authentication method was a text message (SMS) on my phone. This works fine, but it is not always easy to work with, especially not when using the native mail app on a mobile device. So, to change it, logon to OWA or the Microsoft Portal, click the initials in the upper right corner and click View account:

You can also navigate to https://myaccount.microsoft.com to get here directly. In the overview page click on Security Info to see the MFA methods available. To add a new method, click +Add Method.

In the pop-up window, select another method, for example the authenticator app and click Add. The first step is of course to download the authenticator app on your device, if it’s already installed click Next.

In the Setup your account pop-up box click next and a QR code will appear on your screen:

In the authenticatorapp, click the + icon in the upper right corner, select your account type and select Scan QR code. Approve the sign-in on your device, the security info will show Notification approved and you’re good to go.

The last step you have to do is to change the default sign-in method on the security info page by clicking Change next to Default sign-in method.

Office365

Authenticator app for Office 365

December 16, 2019 jaapwesselius Leave a comment

I have been running MFA for Office 365 user accounts up-and-running for quite some time now and very satisfied with it. But as you may have seen in the blogpost, I have been running SMS only, and with a 30 days renewal that works fine. But I was also interested in the Authenticator app, especially when running multiple clients on mobile devices.

Changing the authentication can be done on a per-user basis. Logon to the Microsoft portal (portal.office.com) using your regular work account. Select My Account (under your thumbnail profile picture) and select Security and Privacy and click Additional security verification as shown in the following screenshot:

Select Update your phone numbers used for account security, check the Authenticator app or token checkbox and click Setup authenticator app button.

Scan the QR code on your mobile device in the authenticator app, confirm the registration, click Save and you’re all set. The next time you logon to Office 365 you’ll see the following Approve Sign in Request window: