Fake login. Microsoft authenticator.

Scott Byrum 0 Reputation points
2026-07-01T23:36:27.23+00:00

I keep getting a login attempts through my Microsoft authenticator. How do I find out who is doing this? What are they trying to log into?

Microsoft Security | Microsoft Authenticator
0 comments No comments

1 answer

Sort by: Most helpful
  1. AI answer

    2026-07-01T23:36:42.3066667+00:00

    Unrequested prompts in Microsoft Authenticator almost always mean someone is repeatedly trying to sign in with the account and has reached the MFA step. The app itself does not show who the person is, but the sign-in activity pages do show what they are trying to access.

    1. Treat every unrequested prompt as suspicious
    • When a prompt appears that was not initiated, select Deny.
    • This protects the account even if someone has the correct password.
    1. Check what they are trying to log into (work/school account)
    • Go to the My Account portal: sign in with the work or school account at My Account.
    • In the left navigation, select Recent activity.
    • Expand each sign-in item and review:
      • App name (what they tried to access).
      • Location/IP.
      • Device/OS and browser.
    • If any successful or unsuccessful sign-ins are not recognized, immediately change the password and then go to Security info to update MFA/security methods.
    1. Check sign-in activity directly in Authenticator (Android work/school)
    • Open Microsoft Authenticator.
    • Select the work or school account tile.
    • Tap Recent account activity.
    • Review each sign-in item; if anything looks unfamiliar, change the password and update security info as above.
    1. If this is a personal Microsoft account (Outlook.com/Hotmail/Xbox/OneDrive)
    • Sign in to the Security basics page.
    • Select Review activity to open the Recent activity page.
    • Review all sign-ins; for anything not recognized:
      • In Unusual activity: expand and choose This wasn’t me.
      • In Recent activity: expand and choose Secure your account.
    • Then select Change password on Security basics and set a strong, unique password.
    1. If there are many repeated attempts
    • Microsoft Entra multifactor authentication can temporarily block further attempts when it detects repeated sign-ins.
    • If these attempts are not from the legitimate user, contact the organization’s IT administrator so they can review Microsoft Entra sign-in logs and investigate possible malicious activity.

    In summary: the prompts mean someone is trying to sign in to the account and has reached the MFA step. Use the Recent activity / My sign-ins pages to see what app, location, and device are involved, deny any prompts not initiated, and change the password plus review security info if anything looks suspicious.


    References:

    AI-generated content may be incorrect. Read our transparency notes for more information.

    Was this answer helpful?

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.