A Microsoft app for iOS and Android devices that enables authentication with two-factor verification, phone sign-in, and code generation
Dear @7 Olsen,
Good day! Welcome to Microsoft Q&A forum!
Based on your description, I understand that you have been receiving repeated Microsoft Authenticator sign-in requests that you did not initiate, despite changing your password, enabling MFA with number matching, and verifying that only your device is associated with the account. You would like assistance determining whether these are unsuccessful sign-in attempts or signs of account compromise, how to stop the unauthorized prompts, and whether changing your sign-in alias is the recommended solution.The good news is that, based on the information you've shared so far, there is no indication that someone has successfully accessed your account.
In most cases, this happens when your email address becomes exposed online, this can occur through past data breaches, leaks from websites you’ve signed up for, or even public listings where your email is visible. Once an email address is out there, it often gets picked up and circulated in large databases that are traded or shared across the internet.
That’s why you may suddenly see repeated sign-in alerts or 2FA prompts even though nothing has happened to your account directly.
Since you've changed your password, enabled Microsoft Authenticator with number matching, verified your devices, and have not approved any unexpected sign-in requests, your security controls appear to be working as intended and are helping prevent unauthorized access.
Furthermore, depending on your account type:
1-If this is a Personal Microsoft Account:
One of the most effective solutions is the alias sign-in method, which is commonly recommended when attackers continue targeting a known sign-in address.
This involves:
- Creating a new Outlook.com alias with a unique name
- Setting the new alias as the primary sign-in alias
- Disabling sign-in permissions for the current Gmail alias
- For your reference: Change the email address for your Microsoft account | Microsoft Support
This prevents attackers from attempting to sign in using the email address they already know while allowing you to continue using the account normally.
2-If this is a Work or School Account: I recommend contacting your organization's IT administrator. They can:
- Review sign-in logs in detail
- Apply stricter security policies
- Help reduce or block repeated authentication prompts
- For your reference: Getting too many authentication attempts on my account - Microsoft Q&A
Kindly let me know when there are updates or if you need further assistance. Any updates you’re able to share would be really helpful. I appreciate your time and look forward to hearing how things are going!
Thank you for your time and patience.
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.