This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(185.6, 59%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EWC%3C/text%3E%3C/svg%3E)
This is more a feature request rather than a question
I have the Microsoft Authenticator app on my phone, and it works well for securing my account however I'm constantly getting requests from two specific countries trying to log into my account. I feel like I should be able to set a list of "Allowed countries" that actually will actually send a notification to my phone and all other countries think they have sent the request (It looks the same so they can't trial and error to spoof their location) but in reality, the attempt gets logged and investigated.
I feel like this should be a basic feature for all Microsoft accounts from both a quality of life and security position. Scammers don't even try my password anymore they just spam the authenticator even thought I always deny.
Probably not even the best place to raise this concern but I'm sure someone will point me in the right direction or make enough noise to have MS take notice. I assume this is quite a prolific issue given the number of scammers out there.
Microsoft 365 features that help users manage their subscriptions, account settings, and billing information.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(134.4, 91%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMK%3C/text%3E%3C/svg%3E)
Same issue - I ended up turning off notifications for my Authenticator as I was getting out of country authentication prompts every few hours.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(153.6, 13%, 24%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDN%3C/text%3E%3C/svg%3E)
Hello @William C,
Thank you very much for sharing your thoughts and for taking the time to describe your experience in such detail. We truly appreciate the feedback.
To clarify, for Work or School accounts managed by an organization, it is possible to control or restrict sign‑ins by location using Conditional Access policies. This allows administrators to block or allow access based on countries or regions as part of the organization’s security configuration.
For your reference: Conditional Access - Block access by location - Microsoft Entra ID | Microsoft Learn
However, for personal Microsoft accounts, this type of location‑based access control is not currently available. We completely understand your concern and agree that this would be a valuable quality‑of‑life and security enhancement for personal account users.
Your suggestion is very valid, and we truly appreciate you taking the time to raise it. To ensure your feedback reaches the right audience, we recommend submitting this idea directly through the Microsoft Feedback Portal
The Product Team actively monitors this feedback site, and many features have been developed or improved based on user comments and suggestions. After submitting your request, you’re welcome to return here and share the feedback link in this thread so other users can view and upvote it, helping bring more visibility to your idea.
Thank you again for your valuable input and for helping improve the Microsoft experience.
Kind regards,
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Country-allow lists for Microsoft Authenticator notifications are not available as an end-user feature. Microsoft Authenticator itself already uses location signals to help protect sign-ins and can deny authentications when GPS-reported locations are inconsistent, but it does not expose a setting to only allow prompts from specific countries.
For consumer Microsoft accounts, unusual sign-in attempts from new locations or devices are handled by Microsoft’s account protection system, which sends alerts (email/SMS) and may require additional verification when suspicious activity is detected. These protections are automatic and cannot be customized per country by the end user.
To provide feedback or request features such as country-based allow lists for Authenticator prompts, use the official feedback channels in Microsoft products (for example, the Feedback option in the Microsoft Authenticator app or on the Microsoft account/security pages). This ensures the request is visible to the product team for consideration.
If repeated prompts are coming from attackers who already know the password, changing the account password and reviewing recent activity for compromise is recommended, as Microsoft’s unusual sign-in detection and alerts are designed to help identify and respond to such activity.
References: