π Self-Service: Change / Replace Your 2FA (MFA) Device
Microsoft 365 & Duo Security
π― Purpose
π’ This guide explains how to change or add a new MFA (2FA) device BEFORE you replace your phone. Following these steps prevents account lockouts.
β οΈ IMPORTANT β DO THIS FIRST
π΄ Do NOT wipe, reset, or replace your phone before completing this guide. If you lose access to your MFA device without adding a new one, you WILL be locked out and require IT intervention.
π Systems Covered
This guide applies to MFA used for:
Microsoft 365
Duo Security (VPN, RDS, Windows logon, remote access)
β What You Need Before You Start
Your old phone (still working)
Your new phone (powered on, internet access)
Ability to log in to Microsoft 365 and Duo
Both phones available at the same time
π¦ PART 1: Microsoft 365 β Change MFA Device Step 1: Sign in to Microsoft Security Info
Open a browser
Go to: π https://mysignins.microsoft.com/security-info
Sign in with your Microsoft 365 email & password
Approve MFA on your old device
Step 2: Add Your New Phone (Recommended)
π’ Always ADD the new device first before removing the old one
Click β Add sign-in method
Select Authenticator app
Install Microsoft Authenticator on your new phone (if not already installed)
Follow the on-screen steps to:
Scan the QR code
Approve the test sign-in
Step 3: Verify New Device Works
Confirm the new device appears under Security info
Ensure it shows Default sign-in method (if applicable)
Perform a test login if prompted
Step 4: Remove Old Phone (Only After Success)
β οΈ Remove the old device ONLY once the new one is working
Select your old phone
Click Delete
Confirm removal
π¦ PART 2: Duo Security β Change MFA Device Step 1: Open Duo Device Management
Go to: π https://portal.duosecurity.com
Log in using your normal credentials
Approve MFA using your existing Duo device
Step 2: Add a New Device
Click Add a new device
Select Mobile phone
Enter your new phone number
Install Duo Mobile on your new phone
Scan the QR code shown on screen
Step 3: Confirm Duo Push Works
Send a Duo Push
Approve it on the new phone
Confirm successful authentication
Step 4: Remove Old Duo Device
Select the old device
Choose Remove or Delete
Confirm removal
π§ͺ Final Checks (VERY IMPORTANT)
β Confirm BOTH systems work before wiping your old phone
Test the following:
Microsoft 365 login (Outlook / Web / Teams)
VPN login (if applicable)
RDS / Remote Access
Any system protected by Duo
β What NOT To Do
β Do not reset your phone before adding a new MFA device β Do not assume MFA will βmove automaticallyβ β Do not remove your old device first β Do not delay this until after the phone replacement
π Locked Out?
If you are already locked out:
π§ Contact IT Support π© Email: [email protected]
Account recovery requires identity verification and manual MFA reset.
π Summary
β Add new device first
β Verify MFA works
β Remove old device last
β Test all services
Following this process ensures zero downtime and no lockouts π