Repeated Microsoft Authenticator sign-in requests from unknown person

7 Olsen 0 Reputation points
2026-06-30T16:40:09.02+00:00

Hello,

I have a Microsoft account that uses my Gmail address as the sign-in email.

For the past several weeks/months, I have been receiving repeated Microsoft Authenticator number-matching sign-in requests that I did not initiate. Someone appears to be repeatedly trying to sign in to my account.

I have:

  • Changed my Microsoft account password multiple times.
  • Enabled Microsoft Authenticator with number matching.
  • Verified that only my own PC appears under Devices.
  • Never approved any unexpected sign-in requests.

Despite this, I continue receiving unauthorized Authenticator prompts.

I would like assistance with:

  1. Determining whether someone has access to my account or is only attempting to sign in.
  2. Stopping these repeated unauthorized sign-in attempts.
  3. Confirming whether changing my sign-in alias is the recommended solution.
Microsoft Security | Microsoft Authenticator
0 comments No comments

1 answer

Sort by: Most helpful
  1. Julie Huynh 1,530 Reputation points Independent Advisor
    2026-07-01T10:03:08.1633333+00:00

    Dear @7 Olsen,

    Good day! Welcome to Microsoft Q&A forum!

    Based on your description, I understand that you have been receiving repeated Microsoft Authenticator sign-in requests that you did not initiate, despite changing your password, enabling MFA with number matching, and verifying that only your device is associated with the account. You would like assistance determining whether these are unsuccessful sign-in attempts or signs of account compromise, how to stop the unauthorized prompts, and whether changing your sign-in alias is the recommended solution.The good news is that, based on the information you've shared so far, there is no indication that someone has successfully accessed your account.

    In most cases, this happens when your email address becomes exposed online, this can occur through past data breaches, leaks from websites you’ve signed up for, or even public listings where your email is visible. Once an email address is out there, it often gets picked up and circulated in large databases that are traded or shared across the internet.

    That’s why you may suddenly see repeated sign-in alerts or 2FA prompts even though nothing has happened to your account directly.

    Since you've changed your password, enabled Microsoft Authenticator with number matching, verified your devices, and have not approved any unexpected sign-in requests, your security controls appear to be working as intended and are helping prevent unauthorized access.

    Furthermore, depending on your account type:

    1-If this is a Personal Microsoft Account:

    One of the most effective solutions is the alias sign-in method, which is commonly recommended when attackers continue targeting a known sign-in address.

    This involves:

    This prevents attackers from attempting to sign in using the email address they already know while allowing you to continue using the account normally.

    2-If this is a Work or School Account: I recommend contacting your organization's IT administrator. They can:

    Kindly let me know when there are updates or if you need further assistance. Any updates you’re able to share would be really helpful. I appreciate your time and look forward to hearing how things are going! 

    Thank you for your time and patience.


    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".  

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    Was this answer helpful?

    3 people found this answer helpful.

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.