Introduction: Contacting Microsoft for Account Recovery
Despite best practices like setting up Microsoft Authenticator, enabling SMS fallback, configuring secondary devices, and using physical backup options – nothing is bulletproof and you could still find yourself locked out of your Microsoft 365 account. Emergency MFA recovery via Microsoft typically happens when:
- Your mobile device used for MFA is lost or damaged beyond repair.
- No backup or secondary authentication method is available.
- Recovery codes were never generated or stored securely.
- There is not another Global Administrator for your tenancy to revert to for help.
If this happens to a member of staff, Global Administrator can usually restore services. What do you do if YOU are Global Administrator, though? When this happens, contacting Microsoft is the last resort. Be prepared: the process is strict, time-consuming, and necessarily designed to protect your data. This article explains how to prepare for Microsoft intervention. You can avoid this difficult prospect by following our guidelines in this article:
Also, read about enabling secondary devices to reduce the risk of MFA recovery problems in this article:
Click open the headers below to learn about MFA Recovery if you cannot access your Microsoft 365 tenancy. Please read through this entire article before engage Microsoft for restoration of service. Be sure to contact us for general advice if you are in doubt. Support options are available for professional assistance.
What Microsoft Needs to Verify Your Identity
To recover your account if it is blocked, Microsoft must validate that you are the rightful owner of the tenancy. MFA Recovery involves:
- Filling out the Microsoft’s online questionnaire at:
- Providing a working email address:
- This is where Microsoft will send updates about your recovery request.
- Answering detailed questions about your account usage, including:
- Services used (365 licenses types and quantities)
- Previous passwords
- Billing information
- Devices and locations used to access the account
Verification is not easy – document and prepare a procedure
Microsoft’s online recovery form will detail more fully what you need to complete the document. Microsoft can take 24 hours or as long as several days or weeks to validate your identity. This is because of the catastrophic risk that both you face if Microsoft mistakenly provides MFA recovery credentials to a malicious party. So, Microsoft has no choice. ID verification is going to be laborious.
Therefore, even for legitimate tenancy owners, verification can be problematic. Larger organizations maintain thorough documentation to comply with GDPR, and occasionally they run stress tests to evaluate preparedness for this kind of eventuality. If you maintain thorough docuentation, verification will be easier to accomplish. If your GDPR compliance practices are well prepared, you may already have documented procedures.
Step-by-Step: MFA Recovery Workflow
Recovering access to your tenancy is not easily accomplished. This is because you are asking Microsoft for access to not just to your tenancy, but to Global Administrator privileges. Giving MFA Recovery credentials to the wrong entity could have catastrophic consequences for your business. Therefore, Microsoft have to be sure that you are the legitimate Microsoft 365 tenancy owner.
How to apply for MFA Recovery/restoration of access
- Try the Sign-In-Helper to try all alternative sign-in options.
- Prepare your information:
- Use a computer and location previously associated with your account:
- This helps Microsoft match geography and known hardware from past connections.
- Gather as much detail as possible about your account history.
- Use a computer and location previously associated with your account:
- Complete Microsoft’s online recovery form:
- Submit the form via the Account Recovery Portal
- Expect a preliminary response within 24 hours.
- If recovery fails:
- You may retry twice per day
How Long Does Successful MFA Recovery Take?
- Initial response: Within 24 hours.
- Full recovery can take several days depending on the accuracy of your information and the complexity of your account.
- Retry limit: Up to 2 attempts per day.
Summary - Prevention Is Better Than Cure
Microsoft’s MFA recovery process is intentionally rigorous. Microsoft enforces strict verification to protect sensitive data and prevent unauthorized access. Tenancy owners are strongly encouraged to:
- Set up multiple MFA methods. See this article for configuring secondary devices:
- Backup and store recovery codes securely. See this article:
If you have followed the guidance in Comstat’s setup and backup articles, this situation should be avoidable. Hopefully you are here to prepare a test-run for a GDPR Compliance stress test. If you are here because your credentials have failed, Microsoft’s MFA recovery form is your best hope.
About ComStat.uk: Internet Service Provider Comstat provides IT support, web hosting, and media services including website design, Microsoft 365 setup, and audio/video production, serving businesses across Denbighshire, North Wales and Wirral from Ruthin, and Lancashire and the Northwest from Bolton.
