![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(316.8, 45%, 40%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EK%3C/text%3E%3C/svg%3E)
Microsoft Security | Microsoft Authenticator
A Microsoft app for iOS and Android devices that enables authentication with two-factor verification, phone sign-in, and code generation
Unrequested Microsoft Authenticator prompts usually mean that someone (or something like a bot) is repeatedly trying to sign in with the account’s username, even though they do not know the password. As long as every unexpected prompt is denied, the account remains protected.
Actions to take:
- Continue denying all unrequested prompts
- Any “Are you trying to sign in?” or approval request that was not initiated must be denied immediately. This prevents unauthorized access even if the attacker knows the password.
- Review recent sign-in activity
- Go to the Security basics page and select Review activity.
- On the Recent activity page, expand any sign-ins that are not recognized and mark them as This wasn’t me or Secure your account, as described in the unusual sign-in guidance.
- Secure the account beyond just changing the password
- After changing the password, ensure it is strong and unique.
- Check and update security info (phone numbers, email addresses, and registered authenticators). Remove anything that is not recognized.
- Consider moving to passwordless sign-in
- For work or school accounts, going passwordless (for example, using Microsoft Authenticator, Windows Hello, or a security key) can reduce reliance on passwords that can be guessed or phished. See the guidance under Go passwordless for more secure sign-in methods.
- Understand why prompts continue
- Even after a password change, attackers or automated scripts may keep trying known usernames from many locations worldwide. This can generate repeated prompts, but without the correct approval from the Authenticator app, they cannot complete sign-in.
If the volume of prompts suddenly increases or there is any sign-in that appears successful and is not recognized, immediately review activity again and change the password from a trusted device and network.
References: