![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Hello, this is Emily.
There are only two scenarios when you received these codes.
Scenario 1: Someone indeed has your password and triggers the code to be sent to you. In this case, you should be able to see these sign in attempts in your sign in activities. And it should stop as long as you change your password.
Scenario 2: Someone used your email address as their security method. In that case, you have nothing to lose as it is not a way for them to get into your account. In fact, it is their account more at risk than yours. So hopefully they will give up or change the security info on their account after they realize the mistake. Microsoft wouldn't be able to reveal to you who that is and intervene. Also people like us in this forum are not Microsoft employees, so we wouldn't be able to do that either. We are simply peer users/more experienced users.
I will suggest that you go to your account https://account.microsoft.com, sign in, then go to Security > Advance Security Option, and consider adding a different security contact info there, and then use that as your preferred method. That way, you know for sure the code is not requested by anyone trying to get into your account if the code is received in your currrent contact method.