Constant sign in attempts

Robin Brown 0 Reputation points
2026-06-28T20:50:56.98+00:00

I’m get constant sign in attempt notifications from scammers who are obviously trying to hack my account. I need them to stop.

Microsoft Security | Microsoft Authenticator

1 answer

Sort by: Most helpful
  1. AI answer

    2026-06-28T20:51:24.09+00:00

    To reduce or stop constant sign-in attempt notifications while keeping the account secure, use these steps and checks.

    1. Review recent sign-in activity
    • For a personal Microsoft account, go to the Security basics page.
    • Select Review activity to open the Recent activity page.
    • Check each sign-in entry:
      • If any activity is not recognized, in the Unusual activity section select This wasn't me, or in Recent activity select Secure your account.
      • Follow the prompts to secure the account (this can include changing the password and reviewing security info).
    1. Change password and strengthen security
    • From the Security basics page, select Change password and set a strong, unique password.
    • On the Advanced security options page, select Add a new way to sign in or verify and add at least one extra method (for example, phone, alternate email, or Microsoft Authenticator). This makes it easier to recover the account if attackers keep trying.
    • Ensure all phone numbers and email addresses listed for verification are up to date and belong only to the account owner.
    1. Use Outlook/Microsoft Authenticator notifications safely
    • If sign-in notifications are coming via Outlook mobile and they are unwanted, open Outlook mobile:
      1. Go to SettingsAccounts → select the account.
      2. Select AccountSign-in requests.
      3. Turn off Allow sign-in requests.
    • If Outlook mobile is used as a sign-in method and later needed again, the same path can be used to re-enable Allow sign-in requests.
    • Microsoft Authenticator can also be used as a secure sign-in method instead of Outlook mobile.
    1. Handle unusual sign-in alerts correctly
    • When email or SMS alerts about unusual sign-ins arrive:
      • Only trust messages from the Microsoft account team (for example, the sender described in the guidance).
      • If the alert is about activity that is not recognized, follow the link in the alert to review activity and secure the account.
    1. If repeated attempts continue
    • Repeated failed attempts may be attackers trying to guess the password or trigger MFA. Microsoft systems may temporarily block additional attempts when unusual patterns are detected.
    • If unable to sign in because of too many attempts, wait for the lockout to clear or use another configured MFA method.
    • For work or school accounts, contact the organization’s IT administrator and ask them to review Microsoft Entra sign-in logs for suspicious activity.

    These steps do not stop attackers from trying altogether, but they ensure that:

    • The account remains secure even if attackers keep attempting sign-ins.
    • Any suspicious or successful sign-in is quickly detected and blocked by changing the password and updating security info.

    References:

    AI-generated content may be incorrect. Read our transparency notes for more information.

    Was this answer helpful?

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.