![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(80, 19%, 17%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMD%3C/text%3E%3C/svg%3E)
Hello,
Sign into the account here: https://account.microsoft.com, then go to Security to review the sign in activities. When you reviewed the account's sign in activities, Click into those labeled as "unsuccessful sign in", you can click on it to expand it to review the Session activity. If it is incorrect password, it won't generate a code. And there's nothing to worry about. If it is request denied xxx, that means this activity had your password entered correctly, and a code was generated, but it didn't pass the two factor verification. In the latter scenario, you want to change the password asap.
If you can NOT find any unsuccessful sign-in with the "request denied" labeling, it can mean that someone else left your contact information as their security info, usually due to typo. In this case, your account is not in any danger. Unfortunately there's also nothing you can do about it until this other user realized they needed to update their contact info.
Another way to find out which scenario is yours is to go to the account https://account.microsoft.com click on Security > Advanced Security options, set up authentication app instead. That way, if you continue to receive code via text or email instead, you would know 100% that it is NOT about your account, but someone else left your phone/email as their contact info due to typo.