A Microsoft app for iOS and Android devices that enables authentication with two-factor verification, phone sign-in, and code generation
Unrequested prompts in Microsoft Authenticator almost always mean someone is repeatedly trying to sign in with the account and has reached the MFA step. The app itself does not show who the person is, but the sign-in activity pages do show what they are trying to access.
- Treat every unrequested prompt as suspicious
- When a prompt appears that was not initiated, select Deny.
- This protects the account even if someone has the correct password.
- Check what they are trying to log into (work/school account)
- Go to the My Account portal: sign in with the work or school account at My Account.
- In the left navigation, select Recent activity.
- Expand each sign-in item and review:
- App name (what they tried to access).
- Location/IP.
- Device/OS and browser.
- If any successful or unsuccessful sign-ins are not recognized, immediately change the password and then go to Security info to update MFA/security methods.
- Check sign-in activity directly in Authenticator (Android work/school)
- Open Microsoft Authenticator.
- Select the work or school account tile.
- Tap Recent account activity.
- Review each sign-in item; if anything looks unfamiliar, change the password and update security info as above.
- If this is a personal Microsoft account (Outlook.com/Hotmail/Xbox/OneDrive)
- Sign in to the Security basics page.
- Select Review activity to open the Recent activity page.
- Review all sign-ins; for anything not recognized:
- In Unusual activity: expand and choose This wasn’t me.
- In Recent activity: expand and choose Secure your account.
- Then select Change password on Security basics and set a strong, unique password.
- If there are many repeated attempts
- Microsoft Entra multifactor authentication can temporarily block further attempts when it detects repeated sign-ins.
- If these attempts are not from the legitimate user, contact the organization’s IT administrator so they can review Microsoft Entra sign-in logs and investigate possible malicious activity.
In summary: the prompts mean someone is trying to sign in to the account and has reached the MFA step. Use the Recent activity / My sign-ins pages to see what app, location, and device are involved, deny any prompts not initiated, and change the password plus review security info if anything looks suspicious.
References:
- Using Outlook mobile to sign in
- View your work or school account sign-in activity from My Sign-ins
- What happens if there's an unusual sign-in to your account
- Common problems with two-step verification for a work or school account
- Troubleshoot problems with Microsoft Authenticator
- Microsoft Authenticator FAQs