Forum Discussion
Don't lose access to your account!
Hi, I'm a global admin for our tenant and keep getting this when I'm logging in: If I'm trying to enter anything other than my personal email address I will get this error message: ...
Thanks for the reply. I tried changing the settings there yesterday but there's a text box that says:
"These settings only apply to end users in your organization. Admins are always enabled for self-service password reset and are required to use two authentication methods to reset their password. Click here to learn more about administrator password policies."
And behind that link it says:
"By default, administrator accounts are enabled for self-service password reset, and a strong default two-gate password reset policy is enforced. This policy may be different from the one you have defined for your users, and this policy can't be changed. You should always test password reset functionality as a user without any Azure administrator roles assigned.
With a two-gate policy, administrators don't have the ability to use security questions.
The two-gate policy requires two pieces of authentication data, such as an email address, authenticator app, or a phone number."
So the authenticator app should be an option too but I don't see it and instead it's asking me for my phone number and my personal email address.
"These settings only apply to end users in your organization. Admins are always enabled for self-service password reset and are required to use two authentication methods to reset their password. Click here to learn more about administrator password policies."
And behind that link it says:
"By default, administrator accounts are enabled for self-service password reset, and a strong default two-gate password reset policy is enforced. This policy may be different from the one you have defined for your users, and this policy can't be changed. You should always test password reset functionality as a user without any Azure administrator roles assigned.
With a two-gate policy, administrators don't have the ability to use security questions.
The two-gate policy requires two pieces of authentication data, such as an email address, authenticator app, or a phone number."
So the authenticator app should be an option too but I don't see it and instead it's asking me for my phone number and my personal email address.
Tomas_S_ How does it look here for you? I assume you can use the Authenticator app in your tenant.
If you can't figure it out with the settings simply add your personal address and later head over to your profile page properties and remove it.
Walk through these too.
https://mysignins.microsoft.com/security-info
https://account.activedirectory.windowsazure.com/r/#/profile (the alt. address will show here)
https://account.activedirectory.windowsazure.com/UserManagement/MfaSettings.aspx
https://portal.azure.com/#blade/Microsoft_AAD_IAM/PasswordResetMenuBlade/AuthenticationMethods
https://portal.azure.com/#blade/Microsoft_AAD_IAM/AuthenticationMethodsMenuBlade/AdminAuthMethods
- Thank you for the help. I still had to enter my personal email, no matter what I tried. I'll have to investigate more later.