Hero Banner

Multi-Factor Authentication (MFA)

Learn and ask questions on how to implement MFA

Reply
Level 1 Contributor

MFA from Microsoft 2 Factor Authentication stopped working - No backup

Hello Microsoft!

 

We are CSP partners and recently I restored my main phone to the default settings.

 

I recovered the accounts registered before but lost access / notifications to our CSP admin account.

 

The result is: We have no way to access the CSP / Partner portal, always in the business login Microsoft asks for a code in the Authenticator app but no notification is received on my phone, on my phone after tried to restore the backup, the account in question is "Action Required" asking for QR-Code / URL...

 

Please help us to recover the account, I'm logging in on this forum with the personal account registered on the same e-mail of the CSP admin account.

 

Thanks,

 

Best Regards,

 

Michel.

1 ACCEPTED SOLUTION
Microsoft

Actually you should be forced to do MFA for any AzureAD sign-in in this tenant, not only Partner Center - at least if you configured this in a compliant manner for CSP Partners.

 

Anyway - If you do not have another admin account that can log in to the Azure Portal to reset your MFA registration info for the affected user, contact support using this method: https://aka.ms/AzurePortalHelp

 

Also you might want to check if when the MFA prompt appears there is an option in the dialogue that allows to choose another verification form such as phone/SMS - if you registered those before.

 

As best practice for the future you should always have an additional emergency account for administration that you can use for recovery. This emergency admin account also needs to have MFA enabled if this tenant is used for CSP, so it is important that you register multiple MFA options, such as multiple apps and at least one phone number. Configuring multiple MFA options should also be best practice for any admin. And MS authenticator also provides a way to backup the configuration so you can recover this after phone replacement. 

 

 

Kind regards,
Janosch

View solution in original post

2 REPLIES 2
Microsoft

Actually you should be forced to do MFA for any AzureAD sign-in in this tenant, not only Partner Center - at least if you configured this in a compliant manner for CSP Partners.

 

Anyway - If you do not have another admin account that can log in to the Azure Portal to reset your MFA registration info for the affected user, contact support using this method: https://aka.ms/AzurePortalHelp

 

Also you might want to check if when the MFA prompt appears there is an option in the dialogue that allows to choose another verification form such as phone/SMS - if you registered those before.

 

As best practice for the future you should always have an additional emergency account for administration that you can use for recovery. This emergency admin account also needs to have MFA enabled if this tenant is used for CSP, so it is important that you register multiple MFA options, such as multiple apps and at least one phone number. Configuring multiple MFA options should also be best practice for any admin. And MS authenticator also provides a way to backup the configuration so you can recover this after phone replacement. 

 

 

Kind regards,
Janosch

View solution in original post

Level 1 Contributor

 Hello Janosch, thanks for the fast reply.

 

I opened a ticket case on https://aka.ms/AzurePortalHelp - Phone authentication is not working (I receive a call with an error at the end)..

 

I hope Microsoft can help me after the ticket movement.

 

Best Regards,

 

Michel.