If you use Microsoft Authenticator for 2FA/MFA codes when accessing work or secure accounts, make sure you do this BEFORE you lose, damage or transfer to a new phone
iPhone users are used to the fact that as long as you have an iCloud backup of your phone, recovering your data to a new or replacement phone is easy (as long as they are both using the same iOS see post here)
… however, in the last three years the need for 2FA/MFA security on all sensitive accounts has many of us using Microsoft Authenticator or Google Authenticator to secure accounts.
Like most iPhone users I would have thought that ALL apps and settings would be backed up as long as iCloud backup was switched on? Wrong. After restoring the backup to a new phone I found all the Microsoft authenticator accounts missing.
Luckily I still had the old phone and could investigate. This is what I found in Microsoft Authenticator Settings
I turned it on in the old phone and when the accounts appeared in the new phone, switched the setting on that phone also.
Not all accounts are backed up?
On further investigation, we found that some accounts had not transferred over and that these accounts were very, very important as they provided master admin access to domains we administer on behalf of clients.
“Action Required” basically means, delete and re-add. Which is impossible if the app is the only means of obtaining MFA.
Luckily we still had the old phone and could access those accounts. So we did so in Microsoft Entra/Identity and added a mobile phone number as a MFA alternative. If we had lost or could not use the old phone, we (and our clients) would have lost access to that email domain.
A lesson learned
iTech WA have a great deal of experience in everything Microsoft and Apple (iPhone, iPad, Mac) and happy to help you out with issues relating to this article If so please contact us here
