![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(160, 69%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAA%3C/text%3E%3C/svg%3E)
Microsoft Security | Active Directory Federation Services
Federated identity management using Active Directory Federation Services
For a fully hijacked personal Microsoft account (including Xbox/Minecraft) where the primary email and security info were replaced, recovery is only possible through the official self-service flows. There is no manual escalation path or security specialist who can override these systems for personal accounts.
Follow these steps, in order:
- Use the official hacked/compromised account flow
- Go to the guidance in How to recover a hacked or compromised Microsoft account and start from the built-in Start / sign-in helper tool: How to recover a hacked or compromised Microsoft account.
- The tool will ask for the account identifier (email/phone) and either:
- Offer self-help (password reset, security checks), or
- Route to an agent if that option is available for the scenario.
- Complete the account recovery form as thoroughly as possible
- If normal sign-in and password reset fail, use the account recovery form referenced in the same article.
- Provide every detail that proves ownership (old passwords, subject lines of recent emails, folders created, Xbox/Minecraft purchase details, etc.).
- If the form is rejected, try again from a different device and network, as suggested in similar cases in the context.
- Understand the hard limit: if security info was fully replaced and the form fails
- As described in multiple moderator responses in the context, if:
- The attacker has replaced the security info (emails/phone, authenticator), and
- The automated recovery form does not accept the information provided,
- Then the account is considered unrecoverable. Microsoft Support (including phone/chat) cannot bypass or manually override this.
- This applies even if proof such as screenshots, IDs, or transaction history is available; support agents are bound to the automated verification systems.
- As described in multiple moderator responses in the context, if:
- If the account is still partially accessible (check this carefully)
- If there is still any way to sign in (for example via an old device or session), immediately follow the steps in the hacked-account article:
- Run a malware scan on devices.
- Change the password to a strong, unique one.
- Review and fix account settings such as forwarding, connected accounts, and automatic replies.
- If there is still any way to sign in (for example via an old device or session), immediately follow the steps in the hacked-account article:
- For Outlook.com-specific lockouts
- If the issue is that Outlook.com is blocked due to unusual activity (rather than fully hijacked credentials), use the Sign-in Helper from Unblock my Outlook.com account: Unblock my Outlook.com account.
- If unblocking fails, follow the link in that article to When you can't sign in to your Microsoft account for additional reset and support options.
- If the form repeatedly fails and security info is changed
- The context explicitly states in several Q&A cases that if the recovery form does not succeed and the attacker has replaced the security info, there is no further escalation path and Microsoft Support cannot restore the account.
- In that situation, the only practical step is to secure other services (email, banking, other game accounts) that might have used the same password or email, and create a new Microsoft account for future use.
For Minecraft/Xbox access tied to the hijacked Microsoft account, recovery depends entirely on recovering the Microsoft account itself. If that is not possible, Minecraft support may be able to advise on options, but the context notes there is no guarantee the Minecraft entitlements can be moved.
References: