MFA User cannot access Mobile Phone e.g. lost phone (work around)
One-time bypass is the solution:
The one-time bypass feature allows a user to authenticate a single time without performing two-step verification. The bypass is temporary and expires after a specified number of seconds.
In situations where the mobile app or phone is not receiving a notification or phone call, you can allow a one-time bypass so the user can access the desired resource.
Create a one-time bypass
Sign in to the Azure portal as an administrator.
Browse to Azure Active Directory > MFA Server > One-time bypass.
If necessary, select the replication group for the bypass.
Enter the username as email@example.com.
Enter the number of seconds that the bypass should last.
Enter the reason for the bypass.
The time limit goes into effect immediately.
The user needs to sign in before the one-time bypass expires.
View the one-time bypass reportSign in to the Azure portal.
Browse to Active Directory > MFA Server > One-time bypass.
Always use the MFA Phone Auth APP and make sure your have configured a secondary phone number.