Fixing Microsoft Authenticator Issues When Transferring to a New iPhone

December 21, 2023
10 min read

Let’s say you treat yourself to a new iPhone. In this common scenario, Apple promises a smooth data transfer. Just place the devices next to each other...

Apple is learning. Almost everything works. In the past, I had problems with WhatsApp where I had to make a separate backup from the app and then import this data onto the new iPhone. Now, you can forget about clunky steps like that. Even the Signal app, whose big feature is security, has adapted perfectly to the general move from the old iPhone to the new: Place the phones next to each other and all encrypted Signal data is transferred from the old one to the new one.

However, my MVP colleague Raphael Köllner whispered to me that the iPhone data transfer process has problems with the Microsoft Authenticator. Sure enough, during a recent iPhone upgrade, I found that it does move the accounts from the old iPhone to the new one, but I also saw a lot of warnings in Microsoft Authenticator after the move. How do you solve new iPhone authenticator issues? I'll cover that in this article.

IT consultants typically have many clients, so this is the kind of problem that can multiply your workload if you don’t know how to quickly solve it. And since we are just past Black Friday and Christmas is around the corner, some of you will certainly be coming across this problem. Read on to find the solution.

Note: Some of the images in this article are shown in German. For those of you who don’t read German, reading the captions should keep you up to speed.

MFA Is Great...Until You Switch Devices

Here is a simplified model of what happens during multifactor authentication (MFA):

a highly simplified illustration of how Multifactor Authentication works.
Figure 1: A simplified diagram of the multifactor authentication process. “Login Seite aufrufen” means “open login page.” View Full Size

I log into my tenant in the browser (1). Both the username and the password are transmitted (2). The prerequisites stored by the administrators are read out (3) and displayed. Various options are possible, e.g., the code must be read out on another device (5) and entered in an input field on the device (1). Or a number is displayed on device (1) and the authenticator on device (4) must enter this number. This information then flows back to the browser, which grants access (5 to 8). There is lots of technical literature about MFA on the Internet, but nothing about what to do when you find yourself suddenly needing to move that authentication handshake from one device to another.

Fortunately, in the case I describe here, we’re not dealing with a stolen or broken phone, so we can deactivate our old phone from the Microsoft account and add the new phone in its place.

Authenticator: a general warning (1) in the Microsoft Authenticator, the detailed warning (2) requires a QR-code.
Figure 2: This is what the general warning (1) or detailed warning (2) in Microsoft Authenticator looks like. “Aktion erforderlich” means “action required.” | Used with permission from Microsoft.

The Solution

To complete the steps below, you will need:

  • The old iPhone, which I’ll call iPhone OLD.
  • The new iPhone, which I’ll call iPhone NEW.
  • A Windows device with a browser that can use private mode (Edge, Chrome).
  • An internet connection.
  • Time: Take enough time, and the whole thing is no problem.

-1- Log into the browser

On the Windows device, open the browser and switch to private mode. The Edge and Chrome browsers retain credentials even across multiple open tabs, even in private mode, but they are not logged in anywhere at first. Navigate to Select Log in and then enter the login email that appears in the Microsoft Authenticator warnings, as shown in the figure above under (1).

Standard Microsoft login in the browser with the credentials of the account.
Figure 3: Standard Microsoft login on a Windows device browser, with Back (Zurück) and Next (Weiter) buttons. | Used with permission from Microsoft.

After selecting Next, enter the password, as you would expect. However, as this account is subject to the MFA rules of the target tenant, another message appears in the browser, asking you to confirm your login by verifying a two-digit number.

The message on the Windows device for verification with the Microsoft Authenticator.
Figure 4: The message in the Windows browser prompting the user to confirm the login request with the Authenticator app. | Used with permission from Microsoft.

Leave the box checked beside Do not ask again for the next 90 days if it is displayed.

-2- MFA: Verify by entering a number.

On your iPhone OLD, it should have already registered the verification request and sent a notification. If not, start the Microsoft Authenticator app.

The Microsoft Authenticator on the iPhone waiting for the number we see in the browser of the Windows device to be entered.
Figure 5: The authenticator on the old iPhone, asking the user to verify the login and enter the corresponding number. | Used with permission from Microsoft. 

Now enter the number that appeared in the browser on your Windows device and select Yes.

-3- Call up the Security Info page

Back on the Windows device, open a new tab and enter the dynamic link or It will take a moment before the various authentication options appear under My Sign-Ins in the Security Info tab (1).

The security info of the selected tenant and the previous authenticator data.
Figure 6: The Microsoft security info is still associated with the old iPhone (in my case, my old iPhone was “iPhone von Mr.OneDrive”). | Used with permission from Microsoft. View Full Size

The Microsoft Authenticator (2) row is important, where the iPhone OLD appears, in my example with the name "iPhone von Mr.OneDrive" (3). Of course, the name is not the important thing, but rather the token that is stored with it. The page of this tenant does not recognize my iPhone NEW. Time to change that.

-4- Add new sign-in method.

Select the + sign for Add sign-in Method (4) and then select the same method that was stored on the iPhone OLD (2), i.e. Authenticator app.

The various methods for adding the sign-in are displayed.
Figure 7: When adding a new sign-in method, select Authenticator app. | Used with permission from Microsoft. 

Note that if you use a lot of sign-in methods, adding another one may result in an error message.

The Microsoft Authenticator message that only 5 sign-in methods can be stored.
Figure 8: The warning notifies us that no more than five sign-in methods can be stored. | Used with permission from Microsoft. 

Microsoft accounts cannot store more than five sign-in methods. This happened to me in a Citrix test environment. 

The Microsoft security info page showing that five methods were already stored in my test tenant.
Figure 9: Five sign-in methods were already stored in my test tenant. I had to delete an existing method before I could add a new one. | Used with permission from Microsoft. View Full Size

In that case, I had to delete my iPhone OLD first. However, in the real world, you shouldn’t run into this problem very often.

After selecting to add the Microsoft Authenticator sign-in type, it's time to go to the new iPhone NEW and navigate to the same message that is displayed in the warnings.

-5- Windows device: Assign QR code.

Still working in your Windows browser, you can skip the optional download; with Apple’s automatic migration, you already have Microsoft Authenticator on your new iPhone.

The prompt to download the Microsoft Authenticator app, which can be ignored because the Microsoft Authenticator was already migrated to the new iPhone when it was moved.
Figure 10: Microsoft will prompt you to get the Microsoft Authenticator app on your device, but in this case, it was already installed during the data transfer. | Used with permission from Microsoft. 

The initial message Set up your account appears. Select Next.

The Microsoft Authenticator Set up your account message. Regardless of whether we are adding or editing a new or existing account, it is the first step that is shown here.
Figure 11: First Step: A setup wizard guides the user in creating a new account. | Used with permission from Microsoft. 

The QR Code appears after selecting Next.

The QR code for scanning with the iPhone NEW.
Figure 12: A QR code appears in the Windows browser for scanning with the iPhone NEW. | Used with permission from Microsoft. 

On your iPhone NEW, select the Microsoft Authenticator message where your intervention is required, which will bring up your QR code scanner.

The scan mode of the Microsoft Authenticator.
Figure 13: On the iPhone NEW, the Microsoft Authenticator switches to scan mode. | Used with permission from Microsoft. 

Now scan the QR-Code from the browser of the Windows device.

-6- If You Receive an Error message.

The process of scanning the QR code can fail in one of two ways. First, if push notifications aren’t activated, you won’t receive a notification, so you can’t get to the scanning screen. However, if push notifications were activated on the iPhone OLD, that setting will be transferred to the new one. Either way, make sure push notifications are activated on the new iPhone. Second, if you take too long scanning the QR code, the process will time out. In that case, close Microsoft Authenticator and restart it.

If something goes wrong, an error message appears on the iPhone.
Figure 14: An error has occurred, so the process must be repeated. The app notifies the user that push notifications must be enabled on the phone and the activation code must not have expired. | Used with permission from Microsoft.

-7- Testing the Authenticator.

The option to test this connection now appears in your Windows device browser.

The first message when testing out the new sign-in method, with a number in the browser of the Windows device.
Figure 15: The first of two messages in the Windows browser when testing the newly registered authentication device. | Used with permission from Microsoft.

The browser on the Windows device shows the first of two messages. Note the number and then enter it on your iPhone NEW, after which you should see the success message.

The successful authenication test in the browser of the Windows device.
Figure 16: The second message of the test. | Used with permission from Microsoft. 

The new device is then displayed in the browser of the Windows device. Note that you will have to refresh the browser to see this.

In the authenticator on the new iPhone, it now looks like this:

The authenticator app on the new iPhone, which no longer shows an error.
Figure 17: No more warnings to be seen. | Used with permission from Microsoft.

There is no longer a warning, and this account has been successfully switched to the new iPhone.

-8- Clean up.

You can now delete the old iPhone on the Security Info page. This will remove any authentication connection between the Microsoft account and the old iPhone.

If there are further error messages of this type on the new iPhone, close the private browser session on the Windows device and start again at step -1- Log into the browser in Private Mode.


I have done this with several accounts that all displayed the red warning message on the iPhone. In retrospect, I also realized why the change-over doesn’t happen automatically: The sign-in method in the tenant and the new iPhone have to see and recognize each other. 

Working through the above points is relatively easy:

  • -1- Login in the browser.
  • -2- MFA: Verify by entering a number.
  • -3- Call up the Security Info page.
  • -4- Add new sign-in method.
  • -5- Windows device: Assign QR code.
  • -6- If You Receive an Error message.
  • -7- Testing the Authenticator.
  • -8- Clean up.

Links to MFA

Hans Brender

Hans Brender

Hans Brender is a Collaboration Specialist and has been a Most Valuable Professional (MVP) in Germany for 11 years. Most people around the world know him as Mr. OneDrive. For the last 11 years he has been talking about OneDrive and collaboration around the world at conferences like Microsoft Ignite, Microsoft Build and local community events. These days he is networking, mentoring, leads a monthly live show about M365 news and gives workshops to the community, mid-size- and Enterprise companies.

In addition to the social profiles below, you can find Hans at: