Re-authenticating Microsoft Authenticator after swapping your phone
This one of those posts that is more a note to self as I keep forgetting how to do this, but I hope it helps others.
Background
I use Microsoft’s Authenticator to provide MFA on a number of accounts. I recently swapped my Android phone and had to, after restoring a backup, re-authenticate some accounts on the new device.
This was a simple process for most accounts, just a case of validating the code generated by the new device, but I had a problem with the entries where my Black Marble Entra ID account was a guest in other company’s Entra ID directories.
I could not remember the process.
The Solution
When the Authenticator app shows the message
Action Required
Scan the QR code provided by your organization to finish recovering your account
and the account is in the form richard_domain.com#EXT#@anothercompany.onmicrosoft.com
The steps are as follows (assuming you still have access to the old MFA device):
- In a browser open https://mysignins.microsoft.com/security-info
- Sign in with your own company Entra ID account i.e. in this example
richard@domain.com
- Click the ‘organisation’ button (a icon of a directory tree, in the top right near the help button).
- A list of organisations you are a member of will appear as a panel on the right of the page
- Pick the required organisation from the menu on the right, in my
richard_domain.com#EXT#@anothercompany.onmicrosoft.com
example, this would be an organisation calledanothercompany
- You will need to authenticate with the old MFA device
- On the refreshed https://mysignins.microsoft.com/security-info page for the selected organisation you can now use the
add a new device process
to generate the QR code - On the new MFA device pick the account to be re-authenticate and scan the QR code. This is all that is required to add the new device as sign-in method (note you do not have to completed the new device wizard in the browser, but it is probably a good idea as a final check.).
If you don’t have access to the old MFA device, you will need to contact the organisation’s IT support to get them to reset the MFA for you.
For the original version of this post see Richard Fennell's personal blog at Re-authenticating Microsoft Authenticator after swapping your phone