Share via

How to find origin of authenticator requests not initiated by me?

MH 5 Reputation points
2026-03-25T08:45:57.1666667+00:00

Lately I'm having unusual authenticator requests for signin which are not initiated by me. How can I find where or on what site they originate from? I know I can see successful authentication requests in my Microsoft account, but since I'm obviously declining these foreign requests, they are unsuccessful and thus I dont see them listed anywhere.

Microsoft Security | Microsoft Authenticator
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Q&A Assist
    2026-03-25T08:46:14.4866667+00:00
    AI generated content. This question contains an answer created with AI from Q&A Assist. Learn more

    Unrequested Microsoft Authenticator prompts generally mean someone or something is trying to sign in with the account. The exact origin site/app of failed prompts is not exposed in a detailed log, but there are a few ways to narrow it down and secure the account:

    1. Always deny unknown prompts
      • For any "Are you trying to sign in?" prompt that was not initiated, select Deny. Without approval, the account remains safe.
    2. Check recent/unusual sign-in activity
      • For a work or school account, go to the My sign-ins page in the My Account portal:
        1. Sign in to My Account with the work or school account.
        2. Select My sign-ins or Review recent activity.
        3. Review each sign-in item (successful and unsuccessful) and confirm that the OS, browser, app, and approximate location make sense.
      • For a personal Microsoft account, use the Recent activity page:
        1. Go to the Recent activity page (linked from the Microsoft account dashboard).
        2. Expand entries to see when and where the account was used and how it was accessed (browser, phone, etc.).
        3. In the Unusual activity section, mark entries as This was me or This wasn’t me so Microsoft can better block unauthorized access.
      Even though the specific failed Authenticator prompts may not appear as full sign-ins, related unsuccessful sign-in attempts can still show up as Unsuccessful entries that help identify the source (location, device type, app).
    3. Treat repeated prompts as an attack and harden the account
      • If there are unsuccessful sign-ins, it may mean someone is trying to guess the password.
      • Recommended actions:
        • Change the account password immediately.
        • Ensure multi-factor authentication (two-step verification) is enabled.
        • For work/school accounts, review security info at Security info and update methods.
        • For personal accounts, go to the Security settings / Security basics pages to change password, update security info, and remove trusted devices.
    4. Understand why prompts appear
      • Unrequested prompts can be caused by:
        1. Someone actively trying to access the account.
        2. Someone accidentally entering the phone/email when signing in to their own account.
        3. A delayed delivery of a prompt that was requested earlier.
      Regardless of cause, denying any prompt not initiated and reviewing recent activity is the correct response.

    There is no supported way to see a full, per-prompt list of every failed Authenticator request with exact originating site, but combining My sign-ins / Recent activity details with strong security settings is the available method to identify and mitigate the source.

    References:

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.