![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(204.8, 35%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EB%3C/text%3E%3C/svg%3E)
Microsoft Security | Microsoft Authenticator
A Microsoft app for iOS and Android devices that enables authentication with two-factor verification, phone sign-in, and code generation
Take the following steps immediately to secure the account and regain control of the sign-in email.
- Run the official hacked-account recovery flow
Use the Microsoft hacked/compromised account helper so the account is flagged and guided recovery steps are applied:
Go to How to recover a hacked or compromised Microsoft account and select Start. Follow the prompts to:- Enter the affected email/phone.
- Verify identity with any available security info.
- Get to an agent if the tool offers that option.
- Complete the Microsoft Account Recovery form (if you lose access again)
If the hacker changes details again and sign-in fails, use the account recovery form (ACSR) referenced in the Q&A examples. Provide:- Old passwords.
- Devices and locations commonly used.
- Purchase or subscription details.
Submit from a familiar device/location to improve success.
- Harden security once signed in
After regaining access, immediately:- Change the password to a strong, unique one.
- Turn on two-factor authentication (Microsoft Authenticator or SMS/phone).
- Use the “sign out everywhere” option in the Microsoft account security area to invalidate all active sessions.
- Clean up any malicious access methods
Because the account was hacked, check for persistence methods:- In Outlook on the web: review Rules and Forwarding for anything suspicious and remove it.
- Review app permissions and revoke any unknown apps that have access to the account.
- About changing the primary alias
The “try again next week” message is a temporary restriction on changing the primary alias. While waiting:- Keep the new, safe alias on the account.
- Focus on securing the account (password, MFA, sessions, rules, app permissions) so the hacker cannot continue using it even if the primary alias is still theirs.
- When the restriction period ends, go back to Manage how you sign in to Microsoft and set the trusted alias as the primary one.
If the automated recovery and security steps fail and access is lost again, repeat the hacked-account helper flow. If the system ultimately cannot verify ownership, support and forums cannot override that, as noted in the referenced Q&A.
References:
- How to recover a hacked or compromised Microsoft account
- Change the email address or phone number for your Microsoft account
- Cannot Access Microsoft Account After Hacker Changed Email, Advice Needed - Microsoft Q&A
- hello my email was (Moderator note: PII removed)@icloud.com and now its (Moderator note: PII removed)@jerkoffmail.com can please someone help me and the team change it my username in xbox is (Moderator note: PII removed) please help me team and change it - Microsoft Q&A
- Hacker set up continuous draft ransomware email - Microsoft Q&A