tl;dr
Always set up more than one method for Multi Factor Authentication whenever possible. It will help you out, no matter the platform.
Based on my answer @ Stackoverflow:
multi factor authentication – How does a Guest User reset their MS Authenticator MFA settings in Azure Active Directory? – Stack Overflow
Table of Contents
The Pain
Last month I needed to reset my phone because it was stuck in a boot-loop. So, I could write a blogpost about what kind of phone it was and why it showed this behavior. But instead, I like to address another kind of hassle that followed: Resetting my MFA in Azure tenants i was a guest in.
The only way out of the boot-loop was a hard factory reset of my phone. And this meant losing the authenticator app and all its MFA accounts.
Manage MFA settings (if all is good)
When you go to https://myaccount.microsoft.com/ you can manage the MultiFactor settings of your account, also for organisations in which you are only guest. Click on ‘Security Info’, there you can add, delete and change the methods of signing into your account.
Note: This is for one organisation. Keep reading to find out how to change the settings for all your organisations.
So, this way you are able to (re)set your MFA options in your account. But, this will only apply to the one organisation in which you are currently logged in. To change the same settings for other organisations you’ll need to go back to (1) ‘Overview’, (2) click your profile picture (top right corner) and (3) select ‘Switch organisation’.
A window will open with all your organisations. Pick the one you would like to change the MFA settings for. Microsoft will ask you to log into that organisation, using MFA if configured. Then you can repeat the steps above; go to ‘Security info’ etc.
But wait! I need MFA to change my MFA settings?
To change your MFA settings in an organisation for which you previously set your MFA, you need to log in using your MFA.
This means, that if you lost your MFA method, you cannot change the MFA by yourself.
TIP:
When setting your MFA for your microsoft account ALWAYS set multiple methods!
What to do if you lost all MFA methods for a particular organisation
When you are completely locked out of the tenants you are guest in, because you lost access to all your configured MFA options, what needs to be done is this:
- Contact a global administrator of the organization you are guest in
- Let her/him/them go to you user account (Azure Active Directory>Users)
- Then she/he/they needs to select ‘Profile > Authentication Methods’
- And click ‘Require re-register MFA’
- After that you are asked to set-up MFA again for that organization when logging in.