Why isn’t my Microsoft Authenticator app working anymore?

General
1

My Microsoft Authenticator app suddenly stopped working and I can’t approve sign-ins or see my usual accounts. I haven’t changed my phone or settings recently, so I’m not sure what broke it. I’m currently locked out of a few important Microsoft services for work and personal use. What could be causing this, and how can I safely restore access without losing my accounts?

2

This happens a lot with Microsoft Authenticator, even when you swear nothing changed.

Here are the main things to check and what to do next:

  1. Check the time on your phone

    • Go to Date & Time.
    • Turn on “Set automatically”.
    • Wrong time breaks OTP codes and push approvals.

  2. Check notifications

    • Make sure Microsoft Authenticator has:
      • Notifications allowed.
      • “Allow pop-up” or similar enabled.
    • On Android, check Battery optimization and remove Authenticator from “optimized” apps.
    • On iPhone, check Focus / Do Not Disturb and notification style.

  3. Check network

    • Test on Wi‑Fi and on mobile data.
    • If you use a VPN, disable it and try again.
    • Some corporate networks block the push traffic.

  4. Check for app corruption
    Do NOT uninstall yet if you have no backup, or you lose your accounts.

    • Force close the app.
    • Reboot the phone.
    • Then open Authenticator and see if your accounts show again.
    • If it shows blank or errors, it is likely corrupted or your account is removed from it.

  5. See if your account still trusts that device
    On a computer where you are still logged in somewhere, or a different device:

    • Go to https://mysignins.microsoft.com
    • Sign in if possible.
    • Check “Security info”.
    • See if “Microsoft Authenticator” is still listed.
    • If not listed, your phone was removed as an MFA method, so approvals will never arrive.

  6. If you are fully locked out and have no backup

    • Find any backup method you set before:
      • SMS to a phone number.
      • Alternate email.
      • Backup codes printed or saved.
      • FIDO key like a YubiKey.
    • Use one of those to sign in and then re-add Microsoft Authenticator.

  7. If this is a work or school account

    • Your org admin might have:
      • Disabled push notifications.
      • Forced number matching or passwordless and broke old setups.
      • Reset your MFA or blocked the device.
    • Contact IT support or helpdesk, tell them “Microsoft Authenticator app no longer approves sign-ins and I am locked out, I need MFA reset”.
    • They can clear your MFA methods and let you set it up again.

  8. If nothing works and you have no backup
    For personal Microsoft account:

    • Go to Recover your account
    • Fill the recovery form with as much detail as possible.
    • This process takes time, and sometimes fails.
    • You might lose access if you never set recovery methods.

Next time, after you regain access:

  • Enable cloud backup inside Microsoft Authenticator.
  • Add at least two MFA methods, like Authenticator plus SMS or a FIDO key.
  • Store recovery codes offline.

The sudden stop often tracks back to one of these: wrong time, notifications blocked, IT policy change, or Authenticator entry removed from your security info.

3

Couple more angles to check that @cacadordeestrelas didn’t really dive into:

  1. Quiet “security” changes on Microsoft’s side
    Microsoft sometimes flips MFA policies silently, especially for work/school accounts. Example: your org turns on “passwordless” or “number matching” and disables classic push or codes without warning. Result: app looks fine, but approvals stop or your account vanishes.

    • If this is work/school, someone else’s policy might have broken you overnight.
    • Only your IT / admin can see this. Ask them specifically if any “Authentication methods” or “Conditional Access” policies changed.

  2. Device integrity / jailbreak / root detection
    Authenticator can refuse to work properly on:

    • Rooted Android
    • Jailbroken iPhone
    • Phones with bootloader unlocked or custom ROMs
      Sometimes a security update suddenly starts enforcing these checks. You think “I didn’t change anything,” but a system update did. Symptoms: app opens, sometimes accounts disappear or it refuses to add / restore them.
    • Check if you recently got a system update or security patch.
    • If you are on a custom ROM or rooted device, that’s likely the culprit.

  3. Storage / permissions weirdness
    If the app lost access to secure storage, your accounts can quietly vanish. Common causes:

    • Phone storage almost full.
    • You changed screen lock type (PIN to pattern / no lock) and the OS invalidated secure keys.
    • You disabled some “special” permissions like “Install unknown apps,” “Device admin,” or “Allow to run in background,” which sometimes breaks key containers.
    • Corporate MDM / Intune profile got removed or modified.
      Check:
    • Free at least a gig or two of storage.
    • Make sure you still have a proper screen lock set (PIN, password, biometrics).
    • Look in Settings → Apps → Authenticator → Permissions and make sure nothing obvious is blocked.

  4. Backup / restore confusion
    If your accounts are suddenly gone but the app itself opens fine, the app might have:

    • Switched to a different backup identity
    • Restored from the wrong Microsoft account
    • Been reinstalled in the background during an OS update
      Go to Authenticator settings and check which Microsoft account is signed in for backups. A ton of people discover they had it linked to an old personal account while trying to use it for a work tenant. If those do not match, your “missing” accounts are probably in a different cloud backup you’re not loading.

  5. Apple / Google auto-kill behavior
    On newer iOS and Android versions, the system can get very aggressive about killing apps in the background, especially after an update or battery-related tweak from the manufacturer. Result: pushes never show, even though notifications are technically “on.”
    You already got the generic “check notifications” advice, but also:

    • On Android, turn off both battery optimization and any vendor “power saving mode.” Even after you did this once, some OEM updates reset these silently.
    • On iOS, check if “Background App Refresh” is enabled for Authenticator.

  6. Cross-tenant or “stale” sessions problem
    If your sign-in is for another tenant (like a partner organization), it might be prompting the wrong Authenticator registration or a stale one. The prompt on the sign-in page can give clues:

    • If it says “Approve sign in request in the Authenticator app” but your sign-in history shows no attempts, the registered method might be for a different tenant or user.
      Try:
    • Sign in on a browser with your email, then click “Use a different verification option” and see if it even lists Authenticator. If not, you are chasing a method that is no longer valid.

  7. When you truly have nothing and are locked out
    People hate this, but it’s worth saying bluntly: if

    • Accounts are gone from the app,
    • Authenticator is not listed as a method on Security info,
    • No SMS, no backup codes, no alternate email, no FIDO key,
      then there is no “magic bypass.” For work/school, IT has to reset MFA. For personal, the account recovery form is literally your only path, and sometimes it fails.
      The “I changed nothing” scenario often hides small things like:
    • Phone clock off after a battery drain
    • OS update that changed secure storage or root detection
    • Quiet admin policy changes

Once you get back in, seriously:

  • Keep at least two MFA methods active.
  • Print or save recovery codes somewhere offline.
  • Enable Authenticator cloud backup and verify it is tied to the account you actually use.

Right now, your fastest route depends on what type of account it is:

  • Work/school: contact IT and ask for an MFA reset, mention Authenticator shows no accounts / no prompts.
  • Personal: try any old device/browser where you might still be logged in, check Security info, then if that fails, use the recovery form.
4

Short version: if Authenticator suddenly died on you without you touching anything, think “account side” or “phone silently changed something” rather than “the app randomly broke.”

Let me add angles that weren’t really covered by @cacadordeestrelas, and push back on a couple of their points.

1. Check whether you were silently switched to “passwordless” sign‑in

Sometimes Microsoft nudges consumer accounts toward passwordless, not just work/school like people usually say.

What can happen:

  • You enrolled in “phone sign‑in” months ago (tap “Approve” instead of typing a password).
  • Microsoft or you disabled passwords for that account.
  • Now the device record used for passwordless is invalid (phone ID changed, app reinstalled, or device flagged as non‑compliant).

Result:
The sign‑in page keeps asking for an Authenticator approval, but the app does nothing or shows fewer accounts than you remember.

What to try:

  • On a browser where you might still be logged in, go to your security info page and check if “Phone sign‑in” is still listed and if the device name matches your current phone.
  • If there is an “X” next to a device or it says something like “Not working,” remove that device and re‑register Authenticator from scratch.

I slightly disagree with the idea that only admins or policy changes do this. On personal Microsoft accounts, your own earlier clicks to “try passwordless” can come back to bite you in exactly this way.

2. Clock skew & regional changes are more common than people think

Most folks ignore this, but TOTP codes and push trust checks rely on accurate time and sometimes region.

Check for:

  • Time is not set to “Automatic” or your phone’s time zone changed (travel, DST, SIM swap).
  • You used a VPN that set a weird local time or changed locale, then Authenticator or the OS cached odd region data.

What to do:

  1. Turn off and then on automatic date/time and automatic time zone.
  2. Reboot the phone.
  3. Try a code‑based login (if the site gives you a 6‑digit code option) rather than push. If codes suddenly work again, time drift was the issue.

This one is subtle and rarely mentioned, but causes “I changed nothing” failures a lot.

3. “Ghost uninstall” or app corruption after OS updates

Modern OS updates sometimes effectively reinstall apps under the hood. The app icon remains, but some private data store is reset or corrupted.

Symptoms:

  • Authenticator opens, but:
    • UI feels “first run” again, or
    • Your accounts list is partially missing, or
    • It crashes right after a sign‑in prompt comes in.

Checks that differ from what’s already been suggested:

  • In your phone’s app store history, see if Authenticator shows a very recent “update” aligned with your problem starting.
  • On Android, check if the Authenticator app size is suspiciously small under App info, as if the data portion is nearly empty.

If it looks like a ghost reinstall:

  • Back up anything you can (screenshots of remaining OTPs, etc.).
  • Fully uninstall Authenticator.
  • Reboot.
  • Reinstall and re‑add accounts from the account‑side “Security info” pages where possible.

There is no magic restore if cloud backup was not properly configured beforehand, which is the painful part.

4. Microsoft account aliases confusing Authenticator

Even without tenant / cross‑org complexity, aliases can break your brain.

Example:

  • You sign in as yourname@outlook.com.
  • Your primary alias later gets changed to yourname@live.com.
  • Authenticator backup is bound to the alias you do not usually type.

Result:

  • You think you are restoring the right thing, but the Authenticator backup identity does not match the actual login alias you are using in the browser, so the app never shows the “correct” accounts.

Try this:

  • On a browser where you can still access the account, go to account settings and list the aliases.
  • Note which email is the primary alias.
  • In Authenticator, ensure the backup account signed in at the top is that primary alias, not just “something that looks like you.”

If they do not match, sign out from the wrong backup identity in Authenticator and sign in with the correct alias, then check if the old accounts appear.

5. Push channel broken specifically for this app

@cacadordeestrelas already mentioned general notification and battery‑saving issues. There is a more targeted failure: the push registration token for Authenticator can become invalid while other apps are fine.

Hints:

  • Other notification apps (WhatsApp, Gmail) work perfectly.
  • Only Authenticator never receives prompts, even though it used to.

To isolate:

  1. Try a login that explicitly lets you choose: “Use a verification code from the app” instead of push, if offered.
    • If codes work, but pushes never appear, the problem is the push channel, not the account itself.
  2. Temporarily switch your MFA method to SMS or email, sign in, then:
    • Remove Authenticator as an MFA method,
    • Re‑add it while using the same phone.

This forces a fresh push registration. In my experience this fares better than just toggling notification settings.

6. Intune / MAM confusion for work profiles

If this is a company phone or has a work profile:

  • Sometimes the work profile version of Microsoft Authenticator is the one actually linked to your corporate account, not the personal‑profile one you are tapping.
  • An Intune policy change can leave your personal‑profile Authenticator looking normal, but all real corporate prompts are being routed to a work‑profile Authenticator that you do not open.

Quick check:

  • Open the app drawer and see if Authenticator appears twice (one in the work container).
  • Try opening the work profile version and see if your accounts show there instead.

If that is the case, you need IT to clarify which one they expect you to use and potentially retire the unused profile.

On this part I slightly diverge from the “it’s always policy” idea. Yes, policy changes can trigger it, but users also sometimes accidentally add Authenticator inside both profiles, and the “wrong” one becomes visually familiar.

7. Reality check: locked out, zero options

If all the following are true:

  • You cannot access any trusted device or logged‑in browser.
  • Authenticator shows no relevant accounts.
  • “Use another verification method” does not list anything usable (no SMS, alt email, codes, or FIDO key).

Then there is indeed no clever client‑side trick. You are stuck with:

  • Work/school: MFA reset by IT.
  • Personal: Microsoft account recovery.

Where I disagree a bit with the usual advice is this: people are told to “just fill the recovery form carefully,” but practically:

  • Do it from a device and location you have historically used with that account.
  • Use the same IP or ISP you commonly used before, if possible.
  • Submit only accurate information. Random guesses reduce your trust score.

The recovery system weighs device & location history heavily. That often matters more than how many fields you fill.

8. For when you get back in: multiple methods, no excuses

Once you escape the lockout, harden your setup:

  • Add at least two of:
    • Microsoft Authenticator
    • SMS or phone call
    • FIDO2 security key
    • Backup email
  • Print or store recovery codes offline.
  • Turn on Authenticator cloud backup and verify it uses the exact account or alias you sign in with.

@cacadordeestrelas covered many angles already and their advice is solid. The extra points above focus more on subtle account‑side weirdness, app corruption after updates, alias confusion, and more precise recovery behavior.

There is no single “product” that completely eliminates the pain here, but using Microsoft Authenticator plus at least one hardware security key works very well in practice.

Pros of relying on Microsoft Authenticator in this mix:

  • Deep integration with Microsoft accounts and Entra ID.
  • Supports passwordless sign‑in and number matching.
  • Simple backup and restore if configured correctly.

Cons:

  • Single‑device failure can still lock you out if you did not add other methods.
  • Highly sensitive to admin policies for work/school.
  • Tied closely to your phone’s integrity, OS updates, and secure storage quirks.

If you share what type of account this is (personal vs work/school, any Intune/MDM, any recent OS or alias changes), it is possible to narrow down which of these scenarios you are probably in.