I keep receiving Authenticator notifications

Question

I keep receiving notifications that someone has tried to login to Authenticator. How do I know which account and who did it?

Answer 1

Each Microsoft Authenticator notification is tied to a specific sign-in attempt on one of the accounts configured in the app. To understand what is happening and who might be trying to sign in, use these steps:

1. When a notification appears, open Microsoft Authenticator and look at the account name shown on the approval screen. This tells which account the sign-in is for.
2. On the notification prompt, review the details shown (such as app name, location, or approximate address). Authenticator uses the phone’s operating system location and may show an approximate or slightly incorrect address, but it helps identify whether the attempt could be yours.
3. If the location or app does not match activity that was initiated, deny the request.
4. Sign in to the account’s security page (for Microsoft accounts, go to the Security basics page) and select Review activity to see recent and unusual sign-in attempts. Expand each event to see sign-in details and, if it was not initiated by the legitimate owner, select This wasn’t me or Secure your account.
5. Change the account password immediately from the security page and ensure two-factor authentication is enabled with only trusted methods (phone number, email, or Authenticator on owned devices).
6. If notifications are going to an old or unused device, remove that device or Authenticator registration from the account’s security settings so only the current device can approve sign-ins.

If repeated unknown attempts continue, keep denying them, review recent activity regularly, and consider strengthening the password and security info (removing any unrecognized phone numbers, emails, or devices).

---

References:

• Troubleshoot problems with Microsoft Authenticator
• What happens if there's an unusual sign-in to your account