Re-authenticating Microsoft Authenticator after swapping your phone

author Richard Fennell calendar Jan 20, 2025 · 2 min read  ·
Share on: linkedin copy

This one of those posts that is more a note to self as I keep forgetting how to do this, but I hope it helps others.

Background

I use Microsoft’s Authenticator to provide MFA on a number of accounts. I recently swapped my Android phone and had to, after restoring a backup, re-authenticate some accounts on the new device.

This was a simple process for most accounts, just a case of validating the code generated by the new device, but I had a problem with the entries where my Black Marble Entra ID account was a guest in other company’s Entra ID directories.

I could not remember the process.

The Solution

When the Authenticator app shows the message

Action Required

Scan the QR code provided by your organization to finish recovering your account

and the account is in the form richard_domain.com#EXT#@anothercompany.onmicrosoft.com

The steps are as follows (assuming you still have access to the old MFA device):

  1. In a browser open https://mysignins.microsoft.com/security-info
  2. Sign in with your own company Entra ID account i.e. in this example richard@domain.com
  3. Click the ‘organisation’ button (a icon of a directory tree, in the top right near the help button). Organisation Button
  4. A list of organisations you are a member of will appear as a panel on the right of the page Organisation List
  5. Pick the required organisation from the menu on the right, in my richard_domain.com#EXT#@anothercompany.onmicrosoft.com example, this would be an organisation called anothercompany
  6. You will need to authenticate with the old MFA device
  7. On the refreshed https://mysignins.microsoft.com/security-info page for the selected organisation you can now use the add a new device process to generate the QR code
  8. On the new MFA device pick the account to be re-authenticate and scan the QR code. This is all that is required to add the new device as sign-in method (note you do not have to completed the new device wizard in the browser, but it is probably a good idea as a final check.).

If you don’t have access to the old MFA device, you will need to contact the organisation’s IT support to get them to reset the MFA for you.

For the original version of this post see Richard Fennell's personal blog at Re-authenticating Microsoft Authenticator after swapping your phone