Activity Missing from "View My Sign-in Activity"

I have had the same experience as the Original Poster (OP), GaryJE. I had been visiting the recent activity page frequently in late 2024 and early 2025, and I was surprised to see the amount of activity from around the world, as the OP indicated. Essentially all of the bogus sign in attempts were unsuccessful, because of "incorrect password". For example between 12/8/2024 and 1/5/2025, there were 112 login attempts and only 2 successes. For one period, I was averaging 4 failed attempts per day. This had been typical for many months. Typically a hundred or more failed attempts/month.

The successful attempts were all recognized as legitimate, by me, and therefore not an issue. When I highlighted attempts that were not successful, the page indicated there was "no problem", because the attempts failed without the correct password. OK, so fine, at least my password was OK. At the same time, I conclude my account login name is widely available, for the time being. The last time l visited the page was a few months ago, and the information was similar, although I didn't record the numbers.

This level of attempted hacks is astounding to me. So what? What should I do to reduce this excessive load on our collective systems, (mostly Microsoft services and networks). Should I change my email/login ID? How frequently? Should I increase the complexity of my login and password? Yes, I can use a passkey, but does that help? Seems like it would, but how about a passkey AND a second factor?

Today, I looked at the same source, and found only 2 successful attempts. Yes they were still me, and thus appropriate. But what about the unsuccessful hack attempts? Did they go away? Or has Microsoft just deprecated the information available on this page of "my account".

I have a feeling that in the last few months, Microsoft has made some kind of major change in the presentation of data, such that only the information for successful logins is being shown. Or perhaps successful logins and unsuccessful logins that were precluded or prevented by other criteria, such as unusual locations?

Clearly I am no longer seeing the hundred or more sign in attempts that I was seeing a few months ago. Yes, I am happy that the only successful logins are ones that I am responsible for, but I am unhappy that information of some use to me, is now completely absent.

One more detail is important. The attempts and successes listed are not comprehensive. They represent only a part of my logins - apparently routine logins to collect my emails from my MS account do not get tracked by the subject page. I routine check and download my emails from all my accounts, one of which is a MS Hotmail account. When working, typically multiple times/day. Clearly, those logins to my Hotmail are NOT included in the account access listing provided in the aforementioned page. Perhaps it only lists logins to the account page to deal with subscriptions, security settings, account profile information, and other global data for my account? The conclusion from this observation is that the number of logins listed on the subject page significantly under-represents the totality of attempts to break into my MS account.

All of this leads me to several questions:

1. Please explain what criteria / filtering Microsoft has changed such that the larger picture of hack attempts is now gone
2. Why such a major change in the behavior of this page for our account information was made.
3. What changes should we, the users of MS services, emails, etc., implement to reduce the risk of successful break-ins to our accounts.
4. How we can all learn about the percentage of our network traffic that is bogus, and reduce it, (for example, passkeys and access only to selected devices could be a part of this). In my case, with multiple emails from multiple providers, the overall load on our computing environment is likely many times the 100 failed hacking attempts / month that I noted for one account from one provider.

Could MS and/or your volunteers suggest better sources of data and recommended actionable steps for responsible users to take, to help reduce the impact of malicious hacking and other related security and privacy concerns?  I know this is like world hunger.  But are there effective, practical steps for users to take today, to reduce the hacking traffic on our networks??

Same boat here. I just recently received an unsolicited Microsoft Authenticator login, so was curious to find why and where that came from, only to realize that the activity page only shows successful logins now. This is particularly concerning for trying to verify problematic login attempts.

If this was an intentional change on Microsoft's part, it's an unwelcome one.

HI

I check the activity at the end of each month and generally there are between 100-120 unsuccessful attempts each month. Now I can only see my current login. At least I know it's not me.

I just want to know why this information is no longer available?

I'm in the same boat. Used to see all the failed login attempts, geolocation, IP address, etc. Now, nothing. No successful logins. No failed logins. Just the column headers and no attempts of any type listed.

I went into the page because I'd just denied one of those Authenticator approval notifications on my phone, which did not correspond to my logging into anything. I wanted to look to see information about the denial, but the formerly useful activity page is now worthless. I tried multiple browsers, going into the activity from Authenticator, etc. Makes no difference.

This all seems like a step backwards. I wanted to see if the login request I'd denied was possibly Office or desktop Outlook reconfirming login credentials, as it does at intervals.

If the Activity page is now being filtered to this extent, it is now worse than showing too much info. I manually denied a login. If that doesn't appear on the page, of what use is it?

Great post, Bobc4000. I hope that you get a reply. I am still seeing the same, very limited sign-in activity as you and I described, several days after first noticing the issue. I think that this is significant lapse in Microsoft's security protocols.