Unknown Login

Daniel Farling 0 Reputation points
2026-07-03T21:10:51.4133333+00:00

Two days ago, I saw an unknown log in and denied it on my authenticator. I changed my password and didn't think too much about it. Saw it again today, and now I'm concerned. Is there a way to see the IP the login attempt is coming from? I'm hoping it's just my computer automatically trying to login or sync something, but I can't confirm because the authenticator doesn't give information more specific than Country and OS.

Microsoft Security | Microsoft Authenticator
0 comments No comments

2 answers

Sort by: Most helpful
  1. Nathan Roberts (SN) 12,236 Reputation points Student Ambassador Volunteer Moderator
    2026-07-04T20:41:00.62+00:00

    Hey there, Daniel Farling

    Yes, you can view the recent sign‑in activity for your account. You just need to use the right page depending on the type of account you have.

    If you are using a personal Microsoft account, please sign into your Microsoft account on the activity page here: https://account.live.com/Activity

    Your recent activity for the account will be displayed along with what was changed, if you have changed anything on your Microsoft account.

    If you are using a work/school account, please sign into your activity page, using your work/school account here: https://mysignins.microsoft.com/

    Once you have signed into your account, please click onto "Recent activity" found under "My Account" to view the sign‑in attempts for your organisation account.

    User's image

    If the failed sign‑in attempt isn’t showing, it usually means the attempt didn’t make it through the full authentication workflow. When it doesn’t reach the final stage, it simply doesn’t get logged.

    Given that this only happened a few times, it could be someone typing the wrong email address by mistake. It doesn’t sound like credential stuffing, although it doesn’t completely rule out someone trying to access your account. In case, please make sure your security info is up to date on your account’s security page so everything stays protected.

    Hope this helps,
    Nathan

    Was this answer helpful?

    0 comments No comments

  2. AI answer

    2026-07-03T21:11:10.18+00:00

    Yes. The IP address and more detailed information about those sign-in attempts can be viewed in your account’s sign-in activity pages.

    For a work or school account (Microsoft Entra / organizational account):

    1. Go to the My Account portal and sign in with the same work/school account.
    2. In the left navigation, select Recent activity.
    3. Expand the relevant sign-in entries. You’ll see details such as:
      • IP address
      • Approximate location (based on IP)
      • Device/OS and browser/app used
    4. If any sign-in looks unfamiliar, change your password again and review your security info at Security info.

    You can also:

    • Filter/search sign-ins (for example, by Unsuccessful or by device/OS) on the Review recent activity page to narrow down suspicious attempts.
    • Use the Microsoft Authenticator app (Android) → open your work/school account → Recent account activity to review sign-ins from mobile.

    For a personal Microsoft account:

    1. Go to your Recent activity page (from the Microsoft account dashboard).
    2. Expand each activity under Recent activity or Unusual activity to see:
      • IP address
      • Map-based location
      • Device/OS and browser/app used
    3. Mark entries as This was me or This wasn’t me in the Unusual activity section, and if anything looks suspicious, go to the Security settings page to change your password and update security info.

    Note that IP-to-location mapping is approximate, and mobile networks/VPNs can make a legitimate sign-in appear from a different region. Always cross-check device, OS, browser, and app details, not just the location.


    References:

    AI-generated content may be incorrect. Read our transparency notes for more information.

    Was this answer helpful?

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.