Share via

single-use code

Vladimir Jovanovic 0 Reputation points
2026-05-19T07:36:44.19+00:00

I didn't send a request for a single-use code to use with my Microsoft account and yet I've received an email with it.

Outlook | Web | Outlook.com | Account management, security, and privacy
0 comments

3 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. EmilyS726 240.2K Reputation points Independent Advisor
    2026-05-19T13:13:13.7933333+00:00

    Sign into the account here: https://account.microsoft.com, then go to Security to review the sign in activities. When you reviewed the account's sign in activities, Click into those labeled as "unsuccessful sign in", you can click on it to expand it to review the Session activity. If it is incorrect password, it won't generate a code. And there's nothing to worry about. If it is request denied xxx, that means this activity had your password entered correctly, and a code was generated, but it didn't pass the two factor verification. In the latter scenario, you want to change the password asap.

    If you can NOT find any unsuccessful sign-in with the "request denied" labeling, it can mean that someone else left your contact information as their security info, usually due to typo. In this case, your account is not in any danger. Unfortunately there's also nothing you can do about it until this other user realized they needed to update their contact info.

    Another way to find out which scenario is yours is to go to the account https://account.microsoft.com click on Security > Advanced Security options, set up authentication app instead. That way, if you continue to receive code via text or email instead, you would know 100% that it is NOT about your account, but someone else left your phone/email as their contact info due to typo.

    Was this answer helpful?

    0 comments
  2. Victor1-V 9,280 Reputation points Microsoft External Staff Moderator
    2026-05-19T12:56:56.19+00:00

    Hello Vladimir Jovanovic,

    I understand why receiving a single-use code that you did not request can be concerning.

    Have you had a chance to try the steps suggested by Q&A Assist? The answer is generally correct. I would just like to add a few safe checks, especially to avoid using any link inside an unexpected email.

    Please manually open your browser and go to your Microsoft account Security page. From there, review your recent sign-in activity, or open the Recent activity page. This page can help you check where and how your Microsoft account was used, and if an entry appears under “Unusual activity,” you can choose “This wasn’t me” if you do not recognize it.

    For the email itself, you may also review Can I trust email from the Microsoft account team?. It explains that messages from the Microsoft account team can include security codes, and that an unrequested verification code may happen if someone is trying to access the account or if someone entered the wrong phone or email when signing in.

    If you see any activity that was not yours, please change your password and review your security information. This article may also help: What happens if there’s an unusual sign-in to your account.

    Please note that this is a user-to-user forum, so contributors here cannot check your account activity or verify the exact source of the code email. However, if you did not share or enter the code, and there are no successful unfamiliar sign-ins in your recent activity, that is a good sign that the account was not accessed.

    I hope this clarifies the situation.

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread. 

    Was this answer helpful?

  3. AI answer

    2026-05-19T07:36:55.0366667+00:00

    This usually means someone else tried to sign in using that email address or phone number, or a delayed code from an earlier request has just arrived.

    Do not use or reply to the code if it was not requested. Without the code, an attacker cannot complete sign-in, so the account remains protected.

    To reduce the chance of this happening again and to better secure the account, enable a passwordless sign-in method (such as Microsoft Authenticator, Windows Hello, SMS/Email codes, or a security key) on the Microsoft account by following the guidance in Go passwordless.

    If unrecognized verification prompts continue, review and update the account’s security info and consider changing the password and enabling additional protections.

    References:

    AI-generated content may be incorrect. Read our transparency notes for more information.

    Was this answer helpful?

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.