This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Starting October 14, 2023, I began getting multiple notifications from
Microsoft account team <******@accountprotection.microsoft.com>
Microsoft account unusual sign-in activity
Microsoft account
Verify your account
We detected something unusual about a recent sign-in for the Microsoft account <removed>@outlook.com. For example, you might be signing in from a new location, device, or app.
To help keep you safe, we've blocked access to your inbox, contacts list, and calendar for that sign-in. Please review your recent activity and we'll help you secure your account. To regain access, you'll need to confirm that the recent activity was yours.
[Review recent activity]
Thanks,
The Microsoft account team
It started with one of the lesser used accounts (I use POP3 to fetch emails to my gmail account(s)), long history of successful sync with a google datacenter IP (IP: 2607:f8b0:4864:20::### is pretty typical, although I did notice for some reason one of my accounts seem to sync with the data center in Ireland). Then one flagged unsuccessful sync followed immediately by a successful one at same time, followed by many other successful syncs. Example:
Protocol: POP3 IP: 2607:f8b0:4864:20::227Account alias: <removed>@outlook.com Time: 12 hours ago
Approximate location: Not available
Type: Successful sync
Protocol: POP3
IP: 2607:f8b0:4864:20::227
Account alias: <removed>@outlook.com
Time: 12 hours ago
Approximate location: United States
Type: Unusual activity detected
I did go ahead and change the password on that account, but it still happens about once or twice a day. Was going to enable 2FA, but that means generating app-specific passwords, and looking at others that have had this happen - IF I can still get POP3/IMAP to work for sync, it won't fix the issue (so please don't tell me to enable 2FA and it will be fixed).
Then it propagated to ALL my other outlook and hotmail accounts, as well as ALL of my spouse's (also POP3 synched to a gmail account).
This is the same pattern - multiple successful sync sessions to a Google IP address, and the occasional "unusual activity detected" followed by a successful sync immediately after, to the same Google IP address. The following and previous successful syncs are all to Google IP addresses with variation on the last block of the interface ID.
Not just one, or a couple, or just me. It's both me and my spouse's accounts getting flagged once or twice a day. And it's not just email alerts, some of the accounts are sending text alerts (sometimes at 2 or 3AM) for unusual activity.
Clicking and confirming that I recognize unusual activity as "this was me" does not do anything, presumably because the IP address varies with the interface ID portion of the IP address.
I should also mention that every one of the accounts has a unique and complex password.
This has happened in the past, but it's been normally once or twice and only on one or two accounts.
There appears to be an increase of these false notifications recently, so I'm not the only one.
https://answers.microsoft.com/en-us/outlook_com/forum/all/unusual-activities-at-my-mail-accounts/9830404c-7ec1-453c-8be4-a5d25b814603 https://answers.microsoft.com/en-us/outlook_com/forum/all/constant-unusual-sign-in-activity-notifications/8b79ad2e-b100-4cbc-aed7-c5c37b1a9718https://answers.microsoft.com/en-us/windows/forum/all/is-my-microsoft-account-okay-after-unusual/346ad170-0d24-4ba4-8fc3-12288b26a117 I think it's pretty evident that something on Microsoft's side is incorrectly flagging these routine activities as "unusual".
What is Microsoft doing to identify the origins of these false "unusual activity" alerts?
Managing personal Outlook.com account settings, security, and privacy
Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question.
You probably turned on two-step verification or set up the Authenticator app.
The solution is to generate and use an application password: https://support.microsoft.com/en-us/account-billing/using-app-passwords-with-apps-that-don-t-support-two-step-verification-5896ed9b-4263-e681-128a-a6f2979a7944
Best,
JC
Hello!
We haven't heard from you, so we assume that your issue has already been addressed. We will not be monitoring this thread moving forward so, if you need further assistance, please create a new thread to discuss these concerns by clicking this link: Create a new question or start a discussion (microsoft.com)
Thank you for understanding.
Respectfully,
Glenn
Good morning, Steve.
Thanks for reaching out to our Microsoft Community!
We understand that you're experiencing false "unusual activity" alerts on Hotmail.com and Outlook.com accounts that you or your spouse owns. And it appears identifying these alerts as "recognized" doesn't fix the issue.
Since the usual suggestions are not working for your accounts, you need to start a service ticket with our Outlook.com in-app support team because this issue of yours involves the inner workings of our Outook.com or Hotmail.com service. They have the tools and expertise to look into this further and fix it for you.
To contact this team, please follow these instructions:
..
..
..
..
Thanks for understanding.
Sincerely,
Glenn Rue
Moderator
Microsoft Community