![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(16, 84%, 11%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDM%3C/text%3E%3C/svg%3E)
Do not use the code or reply to the message.
- Ignore and delete any verification or single-use code email that was not requested.
- Check that the email is genuinely from Microsoft:
- The sender domain for legitimate Microsoft account security emails is @accountprotection.microsoft.com.
- If the domain is different, treat it as phishing and delete it.
- Even if the email is genuine, it usually means either:
- Someone else is trying to sign in to the account using the email/phone by mistake, or
- Someone is trying to access the account without permission. Without the code, they cannot complete sign-in.
- To improve security:
- Sign in to the Microsoft account security page and review security info and recent activity.
- Consider enabling or switching to passwordless sign-in methods such as Microsoft Authenticator, Windows Hello, SMS/Email codes, or a physical security key to better protect the account.
Do not respond to any codes that were not requested. As long as the code is not used, the account remains safe.
References: