So my iPhone 7 did the “No Service” thing that they do, and is currently on the way to Apple to be repaired or replaced. I have my old iPhone 6 with the same SIM card and phone number and iCloud account from the iPhone 7.
My issue has to do with Microsoft Authenticator app and Office 365 multi-factor authentication. When I reinstalled the app and did the Recovery portion, it recovered most of my accounts for the app, but said I needed to perform additional verification to enable my Office 365 account. I seem to be in a Catch-22 here because I can’t verify my authenticator app because it needs a QR code that seems to only be available after I sign into my O365 account, which I can’t do without the authenticator app working. I have tried the “Other ways to get a code” and both options require the authenticator app to already be working.
I called O365 support and waited on hold for almost 30 minutes before I gave up and went to work on something else.
Most of the articles I can find reference getting the administrator to fix the issue for me, but I am the administrator for this O365 domain.
Anyone ever run into this? What are my options?
5 Spice ups
There should be an administrator-level account with just @yourdomain.onmicrosoft.com as the domain, this was what you used when first creating the tentant on O365. Hopefully you haven’t disabled or lost track of that account.
Did you keep backup codes stashed away when you set up Authenticator?
2 Spice ups
L5257
(L5257)
3
Yeah, you are probably going to need MS Support to help you out of this pickle.
Here are couple tips for the future:
-
Print (make a hard copy) of your authenticator QR code when you are first presented with it. Keep that in a safe place. If your phone breaks or you have to replace it, just scan that QR code in the new app. No fuss no muss.
-
Configure a backup device with every authenticator code. You can have as many devices as you want registered with the same key.
1 Spice up
I did not print or save any other backup codes. Every other 2FA that I have setup has allowed me to send text messages to my phone number or to a backup email account. This is the first one I’ve had problems with involving 2FA.
I will look into the .onmicrosoft.com account, but I can’t remember what it was right now.
This is scaring me a bit about adding 2FA to my other accounts. I have about 12 accounts from various services that all have 2FA setup. Now I need to go through them all and making sure they are not vulnerable to the same scenario.
bbigford
(bbigford)
5
If you’re the admin, log into Azure and disable MFA for that account using your global admin creds (hopefully your daily user account isn’t a GA).
If this is in your admin account, is there a second admin?
1 Spice up
bbigford
(bbigford)
6
Your QR code for Microsoft services is a one time use. That’s been in place for the last several months
If you try to re-add using the QR code, it will error and state it has already been used.
@lburlingame
1 Spice up
L5257
(L5257)
7
Perhaps in the case of the MSA you can’t re-add using QR code, but you can certainly add more than one device.
We have 3 IT admins that utilize our O365 global admin and we all are able to use our individual phones for MFA on the same account.
I waited on hold for 2 hours MS O365 support last night before giving up.
bbigford
(bbigford)
9
You can absolutely add more than one device, yes, but you cannot re-use the same QR code as of recent.
@lburlingame
1 Spice up
I was able to get in touch with Microsoft support and get bounced around between a few departments until they could verify me and reset the MFA on the account. I then added my iPhone 7 back and then I went to add my iPad and the option to add additional devices was missing and the tech support agent could not tell me where to go to add additional devices.
In the end, I had to assign a license for essentials to my admin account in order to get the option of adding additional devices for MFA.
