What is the first safe action for MFA Device Lost (Account Recovery Steps)?

Before making any MFA changes, complete the organization's identity verification process (manager confirmation, HR data checks, ticket validation, or other approved controls). MFA reset without identity verification is a security incident risk.

Does MFA Device Lost (Account Recovery Steps) require administrator access?

This runbook includes steps that require administrator access and should be handled by IT support.

When should this issue be escalated?

Before making any MFA changes, complete the organization's identity verification process (manager confirmation, HR data checks, ticket validation, or other approved controls). MFA reset without identity verification is a security incident risk.

← Back to Corporate Tech Fixes

Designed for Enterprise IT Support & Corporate Environments

Security

MFA Device Lost (Account Recovery Steps)

Use this runbook when a user loses or replaces a device used for MFA. Recovery must follow identity verification and security procedures; support staff should not bypass MFA policy or grant unmanaged access outside approved workflows.

Severity: HighAdmin Required

Estimated Fix Time

15-45 min

Access Level

Admin Required

Total Steps

Author & Verification

Tamem J

IT Solutions Engineer

Last verified: March 3, 2026

Runbooks and troubleshooting guides are reviewed for enterprise-safe usage and avoid security bypass patterns.

Tested on Windows 11 23H2Tested on macOS Sequoia 15

Trust Signals

No ratings yet

0 total helpfulness votes

• Enterprise Microsoft 365 Administration
• Endpoint Management (Intune, Jamf, Kandji)
• Identity & Access (Entra ID, Okta)

#mfa#account-recovery#security#identity#entra-id#authenticator

Note: “Download as PDF” opens the browser print dialog. Choose “Save as PDF” for a printable runbook copy.

Step-by-Step Resolution

Expand each section as needed

1
Verify identity using approved helpdesk process
Warning
Review carefully before proceeding
Before making any MFA changes, complete the organization's identity verification process (manager confirmation, HR data checks, ticket validation, or other approved controls). MFA reset without identity verification is a security incident risk.
2
Determine what recovery methods are still available
Info
Recommended validation or troubleshooting step
Check whether the user still has access to a secondary authenticator method (hardware token, backup phone, temporary access pass, SMS if still allowed by policy). Prefer approved stronger methods first.
3
Perform an admin-assisted MFA method reset
Info
Recommended validation or troubleshooting step
Have the identity admin reset or remove the lost device's MFA registration in the identity platform, then require re-registration on the new managed device at next sign-in.
4
Revoke or review active sessions after reset
Warning
Review carefully before proceeding
If the lost device may still be accessible by another person, coordinate with IT security to revoke sessions and review sign-in activity. Escalate immediately if the user reports theft, suspicious sign-ins, or any account compromise indicators.
5
Document the recovery action
Info
Recommended validation or troubleshooting step
Record the recovery method used, identity verification evidence, and who approved the reset. This is important for auditability and repeat incident analysis.