πŸ” Self-Service: Change / Replace Your 2FA (MFA) Device Microsoft 365 & Duo Security 🎯 Purpose 🟒 This guide explains **how to change or add a new MFA (2FA) device BEFORE you replace your phone**. Following these steps **prevents account lockouts**. ⚠️ IMPORTANT – DO THIS FIRST πŸ”΄ **Do NOT wipe, reset, or replace your phone before completing this guide.** If you lose access to your MFA device **without adding a new one**, you **WILL be locked out** and require IT intervention. πŸ”‘ Systems Covered This guide applies to MFA used for: Microsoft 365 Duo Security (VPN, RDS, Windows logon, remote access) βœ… What You Need Before You Start Your old phone (still working) Your new phone (powered on, internet access) Ability to log in to Microsoft 365 and Duo Both phones available at the same time 🟦 PART 1: Microsoft 365 – Change MFA Device Step 1: Sign in to Microsoft Security Info Open a browser Go to: πŸ‘‰ https://mysignins.microsoft.com/security-info Sign in with your Microsoft 365 email & password Approve MFA on your old device Step 2: Add Your New Phone (Recommended) 🟒 **Always ADD the new device first before removing the old one** Click βž• Add sign-in method Select Authenticator app Install Microsoft Authenticator on your new phone (if not already installed) Follow the on-screen steps to: Scan the QR code Approve the test sign-in Step 3: Verify New Device Works Confirm the new device appears under Security info Ensure it shows Default sign-in method (if applicable) Perform a test login if prompted Step 4: Remove Old Phone (Only After Success) ⚠️ Remove the old device **ONLY once the new one is working** Select your old phone Click Delete Confirm removal 🟦 PART 2: Duo Security – Change MFA Device Step 1: Open Duo Device Management Go to: πŸ‘‰ https://portal.duosecurity.com Log in using your normal credentials Approve MFA using your existing Duo device Step 2: Add a New Device Click Add a new device Select Mobile phone Enter your new phone number Install Duo Mobile on your new phone Scan the QR code shown on screen Step 3: Confirm Duo Push Works Send a Duo Push Approve it on the new phone Confirm successful authentication Step 4: Remove Old Duo Device Select the old device Choose Remove or Delete Confirm removal πŸ§ͺ Final Checks (VERY IMPORTANT) βœ… Confirm BOTH systems work before wiping your old phone Test the following: Microsoft 365 login (Outlook / Web / Teams) VPN login (if applicable) RDS / Remote Access Any system protected by Duo ❌ What NOT To Do ❌ Do not reset your phone before adding a new MFA device ❌ Do not assume MFA will β€œmove automatically” ❌ Do not remove your old device first ❌ Do not delay this until after the phone replacement πŸ†˜ Locked Out? If you are already locked out: πŸ“§ Contact IT Support πŸ“© Email: **help@mmc24.com** Account recovery requires identity verification and manual MFA reset. πŸ“Œ Summary βœ” Add new device first βœ” Verify MFA works βœ” Remove old device last βœ” Test all services Following this process ensures zero downtime and no lockouts πŸ”