iPhone users, do this now

If you use Microsoft Authenticator for 2FA/MFA codes when accessing work or secure accounts, make sure you do this BEFORE you lose, damage or transfer to a new phone

iPhone users are used to the fact that as long as you have an iCloud backup of your phone, recovering your data to a new or replacement phone is easy (as long as they are both using the same iOS see post here)

… however, in the last three years the need for 2FA/MFA security on all sensitive accounts has many of us using Microsoft Authenticator or Google Authenticator to secure accounts.

Like most iPhone users I would have thought that ALL apps and settings would be backed up as long as iCloud backup was switched on? Wrong. After restoring the backup to a new phone I found all the Microsoft authenticator accounts missing.

Luckily I still had the old phone and could investigate. This is what I found in Microsoft Authenticator Settings

Microsoft Authenticator - iCloud Backup Off

I turned it on in the old phone and when the accounts appeared in the new phone, switched the setting on that phone also.

Microsoft Authenticator - iCloud Backup On

Not all accounts are backed up?

On further investigation, we found that some accounts had not transferred over and that these accounts were very, very important as they provided master admin access to domains we administer on behalf of clients.

Microsoft Authenticator Action Required

“Action Required” basically means, delete and re-add. Which is impossible if the app is the only means of obtaining MFA.

Luckily we still had the old phone and could access those accounts. So we did so in Microsoft Entra/Identity and added a mobile phone number as a MFA alternative. If we had lost or could not use the old phone, we (and our clients) would have lost access to that email domain.

A lesson learned