Unusual sign in activity emails from the Microsoft Account Team received this morning

Question

I have received a number of unusual sign in activity emails from Microsoft this morning and cannot locate any of these in the system at present

Answer 1

Hello, I’m Quinn and I’m here to help!

If you’re receiving “unusual sign-in activity” emails but do not see the same activity listed in your Microsoft account’s Recent Activity page https://account.live.com/Activity , there are a few possible explanations:

The emails could be delayed notifications from earlier attempts.

The sign-in attempts may have been blocked before fully registering in your activity history.

The emails may not be legitimate Microsoft emails (phishing).

First, please verify the activity directly by signing in to your account at the official Microsoft account security page (do not use links from the email). Check the Recent Activity section there. If the activity does not appear in your account:

Do not click any links in the email.

Check the sender’s full email address carefully.

Consider marking the message as phishing if it appears suspicious.

As a precaution, I recommend:

Changing your password

• Enabling two-step verification (if not already enabled)
• Sign out of all active sessions, ensuring you have access to your password and updated recovery information beforehand

Answer 2

Thank you for your prompt response. Please note that the unusual sign in requests that were included in the emails from the Accounts Team this morning are not recognised in the system at present and therefore they cannot be marked in the system as not from me.

Answer 3

Use the Microsoft account security pages to confirm whether those emails correspond to real sign-ins and to secure the account if necessary.

1. Sign in at the Security basics page for the Microsoft account.
2. Select Review activity to open the Recent activity page. This page lists all sign-ins for the last 30 days and may include an Unusual activity section.
3. Expand each listed event and compare the date, time, location, device/OS, and browser/app details with what appears in the emails:
   • If an event is under Unusual activity and is not recognized, choose This wasn’t me so Microsoft can help secure the account.
   • If an event is only under Recent activity and looks unfamiliar, expand it and select Secure your account.
4. If any activity appears unauthorized, go back to the Security basics page and select Change password. Set a strong, unique password and do not reuse it on other sites.
5. If sign-in fails (for example, if someone changed the password), follow the steps in When you can't sign in to your Microsoft account and, when prompted, choose I think someone else is using my Microsoft account to start account recovery.
6. For Outlook.com or Microsoft consumer email specifically:
   • Go directly to the Recent activity page to see when and where the account was accessed, including security challenges.
   • If the unusual sign-in emails themselves look suspicious (strange sender address, unexpected links), do not click any links in them. Instead, always open a browser and go directly to the Microsoft account pages above to verify activity.

If the Recent activity page shows no matching unusual sign-ins for the times mentioned in the emails, the messages are likely phishing or unrelated to the real account and can be deleted or reported as junk/phishing.

---

References:

• What happens if there's an unusual sign-in to your account
• What is the Recent activity page?
• Help protect your Outlook.com email account
• Email is missing from your Outlook.com inbox
• Troubleshoot Microsoft verification code issues