Share via

I do not have any Azure Portal services yet I'm receiving alerts from Microsoft.

Diane Macomber 20 Reputation points
2026-03-05T15:01:06.7466667+00:00

I received an Azure Monitor Alert but I don't have any Azure services. This came from azure-noreply@microsoft.com. I tried to login into the Azure Portal to see if my account was used but it says I have no access there. What is this?

Azure monitor alert rule Transaction Completed-22190633 was triggered for receipt22190633 at March 5, 2026 14:23 UTC.

To be clear: I do not have any Azure portal deployments or services;

Outlook | Web | Outlook.com | Email

3 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Bharath Y P 7,340 Reputation points Microsoft External Staff Moderator
    2026-03-18T13:18:20.5466667+00:00

    Hello Diane Macomber Thank you for posting your query on Microsoft Q&A platform..

    What you’re describing closely aligns with a known scam pattern involving Azure alert emails.

    In these cases, attackers first gain access to an Azure subscription and then deliberately configure alert rules to send notifications to external email addresses (such as yours). They subsequently trigger those alerts. While the emails are technically generated by Azure, the alert message content itself is authored by the attackers.

    These emails typically include alarming language such as:

    • references to a “Fraud Prevention System” or “Windows Defender,”
    • warnings about large, suspicious charges,
    • threats of account suspension, and
    • a so‑called “Fraud Resolution” or “Support Hotline” phone number.

    The objective is to pressure recipients into calling that number, where the scam continues.

    Important guidance:

    • Do not call any phone number mentioned in the email.
    • Do not click any links included in the message.
    • Simply delete the email.

    It’s worth noting that these messages can appear convincing because they are sent from legitimate Microsoft email infrastructure. However, Microsoft does not include phone numbers or urgent call‑to‑action language like this in genuine Azure alert notifications.

    Reference: https://malwaretips.com/blogs/microsoft-azure-alert-was-triggered-scam-exposed-investigation/

    If the provided information helped, kindly consider marking the answer as "Accepted" and "Upvote" it. This helps other community members who may encounter a similar issue in the future.

    If you have any queries, please feel free to reach out us.

    Thanks,

    0 comments
  2. Deleted

    This answer has been deleted due to a violation of our Code of Conduct. The answer was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.

    Comments have been turned off. Learn more

  3. Q&A Assist
    2026-03-05T15:01:18.19+00:00
    AI generated content. This question contains an answer created with AI from Q&A Assist. Learn more

    The email is an Azure Monitor alert notification sent from a legitimate Azure alerts sender address, but it does not by itself prove that an Azure subscription or resource is under control.

    Azure Monitor alerts are generated when an alert rule on some Azure resource fires. When that happens, Azure sends notifications (email/SMS/push/webhook, etc.) to the recipients configured in the alert rule’s action group. The sender addresses used for email alerts include:

    • azure-noreply@microsoft.com
    • azureemail-noreply@microsoft.com
    • ******@mail.windowsazure.com

    If an alert was received but there is no visible access to any Azure resources in the portal, the most likely explanations are:

    1. The email address is configured as a recipient in an action group on someone else’s Azure subscription (for example, a former employer, a shared project, or a tenant where there is no longer access).
    2. The email was forwarded via a distribution list or alias that is configured in an action group.
    3. The alert is legitimate but unwanted because there is no current relationship with the Azure environment that owns the alert rule.

    To stop receiving such alerts, the relevant action group configuration in Azure Monitor must be changed by an administrator of the subscription/tenant that owns the alert rule (for example, removing the email address from the action group or suppressing actions via an alert processing rule). If there is no way to contact that administrator, the only direct control is on the mailbox side (for example, treating the messages as unwanted and filtering or blocking them), but that does not change the Azure configuration.

    If similar alerts are expected but individual messages are missing, the troubleshooting steps for “I didn’t receive the expected email” in Azure Monitor include checking alert processing rules, action group configuration, and email filtering, and verifying that the sender addresses above are allowed.

    References:

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.