Receiving "Your single-use code" emails

Question

Receiving "Your single-use code" emails

T&J Netter 0

I have received two "Your single-use code" emails in the past three days that I do not recall requesting. What should I do to ensure that my account has not been compromised?

0 comments

2 answers

Your answer

Answer 1

John Jefferson Doyon 69,480 Independent Advisor

Hi, I'm John! I will help you with this.

If you did not request the code, do not use it and do not click any links in the email.

Can you share the sender email address so we can check if it is really from Microsoft? Please hide part of the address for privacy.

Sometimes this can happen if someone accidentally entered your email while trying to sign in, Or someone knows your account credentials and is trying to access the account. Have you already changed the password for that account?

If you haven't already, I would recommend checking the recent activity page and changing the password if you have not done so already. Also make sure two-step verification is enabled.

You can check account activity here: https://account.live.com/Activity

"How to help keep your Microsoft account secure" https://support.microsoft.com/account-billing/how-to-help-keep-your-microsoft-account-secure-628538c2-7006-33bb-5ef4-c917657362b9

Click "Add comment" to let me know.

T&J Netter 0 Reputation points

2026-05-11T14:22:55.24+00:00

Did not request the code, did not use the code (or provide to anyone), did not click on any links, cleaned out old phone # on account, changed account password.

This is the sender email address (looks legit)

Microsoft account team******@accountprotection.microsoft.com

Don't understand how two-step verification differs from MS sending me a code on my phone or in email ?
CR H 0 Reputation points

2026-05-11T14:26:24.81+00:00

I, too, have received this e-mail the last two days. I have NOT clicked the link to log in to see Microsoft Privacy statement. I maintained the e-mails for the message source info of each email.
John Jefferson Doyon 69,480 Reputation points Independent Advisor

2026-05-11T14:28:35.64+00:00
Thank you for letting me know.

The one you shared does look genuine, especially since it’s coming from @accountprotection.microsoft.com, which is an official Microsoft domain. However, the most important part is confirming whether you actually made this change or not.

Reference: "Can I trust email from the Microsoft account team?" https://support.microsoft.com/account-billing/can-i-trust-email-from-the-microsoft-account-team-685fd302-f52f-1a9f-cc13-065dec46fe25

To help narrow down the issue:

Did you recently add a passkey or make any security changes to your Microsoft account?

If yes, then you can safely ignore the email.

If no, don’t click any links in the email just to be safe. Instead:

Open a browser and go directly to the Microsoft account website by typing it manually or use https://account.microsoft.com

Sign in and review your Recent activity https://account.live.com/Activity to check for any unfamiliar sign-ins.

Review your security info and account aliases to make sure nothing was added without your knowledge: https://account.live.com/SignInPreferences

If you see anything suspicious, change your password immediately and remove any unknown security methods.

To be safe, I recommend:

Don’t click on any links or download anything from that email.

Go directly to the Microsoft Account Activity page https://account.live.com/Activity and check your recent sign-in activity. If there’s nothing unusual there, then the message most likely isn’t from Microsoft.

If you didn’t request any changes and the email is not officially from Microsoft, it’s a good idea to ignore or report the email as phishing.

I really hope this information is helpful.

Answer 2

Do not use or reply to any verification or single-use codes that were not requested. Without those codes, an attacker cannot complete sign-in, so the account remains protected.

To help ensure the account is secure and reduce unwanted codes:

Verify the email is legitimate
- Confirm the sender domain is @accountprotection.microsoft.com. Microsoft uses this domain for account security notifications, including verification codes.
- Ensure the account referenced in the email belongs to you and that no one else with access to your devices requested the code.
Treat unrequested codes as possible attack attempts
- Unrequested codes can mean:
  1. Someone is trying to access the account.
  2. Someone mistyped their phone/email when signing in.
  3. A delayed delivery of a code requested earlier.
- As long as the code is not entered anywhere, the attacker cannot sign in.
Strengthen sign-in security
- Sign in to the account and review security info (phone numbers, email aliases, sign-in methods) to ensure everything listed is recognized.
- Consider going passwordless to reduce reliance on passwords that can be guessed or phished. Passwordless options include Windows Hello, Microsoft Authenticator, SMS/Email codes, and physical security keys. See Go passwordless guidance in the referenced articles.
If codes continue or the device is lost/stolen
- If a mobile device used for verification is lost or stolen, either:
  - Sign in using a different method, or
  - Contact the organization’s Help desk (for work/school accounts) to clear security settings so they can be re-registered.

If at any point sign-in activity or security info looks unfamiliar, follow the hacked/compromised-account recovery guidance from Microsoft Support (see referenced articles) and update passwords and security methods immediately.

References:

Share via

Receiving "Your single-use code" emails

2 answers

Your answer