Multiple sign in attempts from overseas per day

Question

Multiple sign in attempts from overseas per day

Jess Knight 0

Hi

Every single day from 2pm I begin to get inundated with notifications from authenticator that someone from Germany is trying to log into my account - I live in Australia.

My account is secure, I have done everything (complex password, 2FA, text a code, email a code etc - so I have no worries about someone actually logging in.

I am asking more so because it is incredibly annoying to get so many notifications each day to my phone while I am working etc.

What can I do to stop people trying to log in? Can I change the username to log into my account?

Shubham Sharma 13,000 Reputation points Microsoft External Staff Moderator

2026-03-23T03:18:48.6633333+00:00
Hey Jess, that sounds super frustrating—getting bombarded with Authenticator push notifications every afternoon! Since your password and 2FA are solid, these daily requests are almost certainly a brute-force or password-spray attack coming from Germany. They can’t get in, but the constant pings are a pain. Here’s what you can do:

Enable Smart Lockout (it’s on by default in Entra tenants)

Blocks repeated bad password attempts after a threshold so attackers can’t keep hammering your account.

Docs: https://aka.ms/entra-smart-lockout

Use Microsoft Entra ID Protection risk policies

Create a sign-in risk policy to block or challenge sign-ins from unfamiliar locations.

Automatically detect and block risky logins without you having to click “Deny.”

Docs: https://aka.ms/entra-risk-detections

Block by location with Conditional Access (requires Entra ID P1/P2)

Define “Named locations” for Germany (or any region) and block sign-ins from there.

Optionally allow only your trusted countries (e.g., Australia).

Docs: https://aka.ms/entra-ca-location

Switch to number-matching or one-time codes only

If you’re getting too many push requests, turn off phone-sign-in pushes and use the 6-digit code option instead. That way you get fewer notifications and zero accidental taps.

(If this is a personal Microsoft account)

You won’t have Conditional Access, but you can disable push notifications in the Authenticator app settings and rely solely on text/email codes.

Changing your username/UPN isn’t really going to stop attackers discovering your account and trying again—they’ll just pivot to the new one. It’s better to lock down the sign-in surface with the steps above.

Let us know the above steps helps

Reference list:

• Smart lockout overview: https://learn.microsoft.com/entra/identity/authentication/howto-password-smart-lockout

• Use risk detections for user sign-ins: https://learn.microsoft.com/azure/active-directory/authentication/tutorial-risk-based-sspr-mfa

• Conditional Access: Block access by location: https://learn.microsoft.com/azure/active-directory/conditional-access/howto-conditional-access-policy-location#create-a-conditional-access-policy

• What is Microsoft Entra ID Protection?: https://docs.microsoft.com/azure/active-directory/identity-protection/overview-identity-protection

• Sign-in logs in Microsoft Entra ID: https://docs.microsoft.com/azure/active-directory/reports-monitoring/concept-sign-ins
Shubham Sharma 13,000 Reputation points Microsoft External Staff Moderator

2026-03-31T03:06:59.3333333+00:00

Hello Jess Knight

Following up to check if the resolution provided was helpful. Please let us know if you need any further assistance.

1 answer

Your answer

Shubham Sharma 13,000 Reputation points Microsoft External Staff Moderator

2026-03-31T03:06:59.3333333+00:00

Hello Jess Knight

Following up to check if the resolution provided was helpful. Please let us know if you need any further assistance.

Answer 1

Microsoft Entra multifactor authentication detects unusual activity such as repeated sign-in attempts and may block additional attempts automatically to counter security threats. When many attempts are made, it can also lead to sign-in issues or lockouts for the legitimate user.

To reduce the impact on daily work, the following actions are available within the documented behavior:

Rely on Entra MFA protections
- Entra MFA is already identifying these as unusual attempts and can prevent additional attempts after repeated failures.
- If sign-in attempts are being blocked, no further action is needed to keep the account secure from those attempts.
Work with the IT administrator
- For a work or school (Entra ID) account, an IT administrator can review the Microsoft Entra sign-in logs to confirm the source and pattern of the attempts and adjust security policies if needed.
- If malicious activity is suspected, the IT administrator is the escalation path to investigate and tune protections.
Username and sign-in
- The provided documentation does not describe a way, in Entra ID, to globally prevent attackers from attempting username/password entry or to stop all prompts while still using MFA.
- It also does not describe a supported method in Entra ID to change the sign-in name specifically to stop such attempts.

If sign-in has already been attempted many times and access is temporarily blocked, waiting for the block to expire or using a different MFA method is recommended. If there is concern that someone else is trying to access the account, contacting the IT administrator to review sign-in logs is the documented next step.

References:

Common problems with two-step verification for a work or school account

Share via

Multiple sign in attempts from overseas per day

1 answer

Your answer