This one of those posts that is more a note to self as I keep forgetting how to do this, but I hope it helps others.

Background

I use Microsoft’s Authenticator to provide MFA on a number of accounts. I recently swapped my Android phone and had to, after restoring a backup, re-authenticate some accounts on the new device.

This was a simple process for most accounts, just a case of validating the code generated by the new device, but I had a problem with the entries where my Black Marble Entra ID account was a guest in other company’s Entra ID directories.

I could not remember the process.

The Solution

When the Authenticator app shows the message

Action Required

Scan the QR code provided by your organization to finish recovering your account

and the account is in the form richard_domain.com#EXT#@anothercompany.onmicrosoft.com

The steps are as follows (assuming you still have access to the old MFA device):

1. In a browser open https://mysignins.microsoft.com/security-info
2. Sign in with your own company Entra ID account i.e. in this example richard@domain.com
3. Click the ‘organisation’ button (a directory tree), in the top right near the help button. A list of organisations you are a member of will appear as a panel on the right of the page
4. Pick the required organisation, in my example anothercompany
5. You will need to authenticate with the old MFA device
6. You can use the usual add a new device process to generate the QR code
7. On the new MFA device pick the account to be re-authenticate and scan the QR code, this is all that is required to add the new device as sign-in method (note you dd not have to completed the new device wizard in the browser).

If you don’t have access to the old MFA device, you will need to contact the organisation’s IT support to get them to reset the MFA for you.

For the original version of this post see Richard Fennell's personal blog at Re-authenticating Microsoft Authenticator after swapping your phone