Managing Multiple M365 Administrator Accounts with Microsoft Authenticator Backup
Hello Tech Community,
I am looking for some advice on how to efficiently manage and back up multiple M365 Administrator accounts using the Microsoft Authenticator app. As an IT Support professional working with multiple clients, I have a dedicated Global Administrator account for each client, and all accounts are secured with Multi-Factor Authentication (MFA) using Microsoft Authenticator.
Setting up each Global Admin account with the Authenticator app is fairly straightforward, but I’ve run into an issue when trying to transfer these accounts to a new smartphone. While the Microsoft Authenticator app does transfer accounts to the new device, it seems that MFA will no longer work unless you scan a new QR code for each account. However, logging into these Global Admin accounts to obtain the new QR code is not feasible since MFA is required, creating a bit of a catch-22.
I’d prefer not to resort to other authentication methods (SMS, email, etc.) for these Global Admin accounts, as it adds unnecessary complexity and potential vulnerabilities. Has anyone found a reliable solution for seamlessly backing up and transferring these MFA-enabled Global Admin accounts to a new phone without needing to re-authenticate via QR code? Any insights or best practices would be greatly appreciated!
I like that Microsoft Authenticator MFA cannot be restored. Allowing this would weaken security. Yes this means I must redo the non-M365 Authenticator IDs when getting another iPhone. Protocol requires one to have a minimum of two admin IDs in a M365 account, thus another admin can setup a TAP (temporary access password) to have a user reset their Microsoft Authenticator ID.