![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(198.4, 46%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECP%3C/text%3E%3C/svg%3E)
Microsoft Security | Microsoft Authenticator
A Microsoft app for iOS and Android devices that enables authentication with two-factor verification, phone sign-in, and code generation
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(76.8, 85%, 17%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJS%3C/text%3E%3C/svg%3E)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(310.4, 52%, 40%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ET%3C/text%3E%3C/svg%3E)
Those prompts mean someone or something is repeatedly trying to sign in to the account using the correct username and password, and Microsoft Authenticator is blocking the attempts at the second factor.
What to do:
- Continue to deny any requests not initiated personally
Authenticator and Outlook mobile are designed so that if a prompt appears that was not requested, selecting Deny keeps the account safe. - Change the account password immediately
Since repeated prompts indicate ongoing attempts, change the password for the affected account to a strong, unique one. This invalidates any stored or stolen password that might be in use. - Review recent sign-in activity
In the account’s security/sign-in activity page, check for unfamiliar locations, devices, or times. If anything looks suspicious, sign out of all sessions and change the password again if needed. - Keep multifactor authentication enabled
Do not turn off Microsoft Authenticator or MFA. MFA is what is preventing these attempts from succeeding. - Be alert for phishing and social engineering
Attackers may call, text, or email pretending to be support or a bank and ask to read out the Authenticator code or approve a prompt. No legitimate company should ever ask for verification codes over the phone or ask to approve a sign-in that was not initiated.
If unrequested prompts continue frequently even after changing the password, consider updating all recovery info (phone, email), and review devices and sessions again to ensure only trusted devices remain associated with the account.
References: