![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(262.40000000000003, 43%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJT%3C/text%3E%3C/svg%3E)
Microsoft Security | Microsoft Authenticator
A Microsoft app for iOS and Android devices that enables authentication with two-factor verification, phone sign-in, and code generation
Unrequested approval prompts mean someone is trying to sign in with the email address shown in the prompt. The prompt itself only shows that email, not which specific “tile” in Microsoft Authenticator is being targeted.
Use these steps to narrow down which account is affected and confirm activity:
- Always deny any prompts not initiated.
- For any “Are you trying to sign in?” prompt that was not requested, select Deny. This keeps the account safe even if someone has the password.
- Check recent sign-in activity for that email address.
- For work or school accounts, open My sign-ins (for example via the Recent account activity or My sign-ins experience) and review:
- Unsuccessful sign-ins and their details (location, app, time).
- Any entries with “Additional verification failed, invalid code” under Session activity – this indicates the password was correct but MFA failed, which strongly suggests someone else is trying to use that account.
- If unfamiliar sign-ins are found, change the password and review/update security info for that account.
- For work or school accounts, open My sign-ins (for example via the Recent account activity or My sign-ins experience) and review:
- Use Authenticator’s account view for work/school accounts.
- In Microsoft Authenticator, select each work or school account and open Recent account activity (if available) to see sign-ins tied to that account. The account that shows repeated failed or unusual attempts is the one being targeted.
- Distinguish between personal vs work/school accounts.
- If the prompt shows the same email address that appears both as a Personal account and a Work or school account, the sign-in could be for either. In that case:
- Review sign-in activity for the work or school account as above.
- For the personal Microsoft account, review its recent activity and security alerts (unusual sign-in emails or SMS messages) and update password and security info if anything looks unfamiliar.
- If the prompt shows the same email address that appears both as a Personal account and a Work or school account, the sign-in could be for either. In that case:
- If you see repeated unsuccessful sign-ins.
- This can mean either mistyped credentials or an attacker guessing the password. Enabling and keeping multi-factor authentication active is recommended so that even if the password is known, the attacker cannot complete sign-in.
If any account shows unfamiliar or repeated failed sign-ins, treat that account as compromised: change its password, confirm security info, and keep denying unrequested prompts.
References: