![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(294.40000000000003, 1%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ENA%3C/text%3E%3C/svg%3E)
Microsoft Security | Microsoft Authenticator
A Microsoft app for iOS and Android devices that enables authentication with two-factor verification, phone sign-in, and code generation
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(291.2, 38%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMP%3C/text%3E%3C/svg%3E)
These generally indicate that someone is repeatedly attempting to access your account and is triggering the approval requests. Since you have already changed your password, updated your apps, and completed security checks, the next step is to determine whether these prompts are coming from legitimate activity on your devices or from ongoing unauthorized sign-in attempts.
Review your account's recent sign-in activity in the Microsoft security portal. Look for unfamiliar locations, IP addresses, devices, applications, or repeated failed sign-in attempts. If you find suspicious activity, sign out of all sessions and remove any devices you do not recognize.
Check the authentication methods registered on your account. Ensure that only your phone and any expected authentication methods are listed. Remove old phones, unknown devices, backup email addresses, or phone numbers that you do not recognize.
If you are receiving approval requests that you did not initiate, do not approve them. Repeated approvals can sometimes help an attacker gain access if they eventually catch you at a moment of distraction. This type of activity is often referred to as MFA fatigue or MFA bombing.
If your organization manages the account, contact your Microsoft 365 or Azure administrator and ask them to review the Entra ID sign-in logs and audit logs. They can identify the source of the requests and determine whether conditional access policies, legacy authentication, misconfigured applications, or attack attempts are causing the prompts.
Also verify whether any devices or applications are repeatedly failing authentication because they are using outdated credentials. Email clients, mobile apps, VPN clients, Teams, Outlook, OneDrive, or third-party integrations can continuously trigger MFA requests if they are stuck in an authentication loop.
If available in your environment, consider enabling number matching in Microsoft Authenticator. This adds an extra verification step and helps prevent accidental approval of fraudulent requests.
If the account is a personal Microsoft account, review security activity at https://account.microsoft.com/security
If it is a work or school account, review sign-in activity at https://mysignins.microsoft.com
If the above response helps answer your question, remember to "Accept Answer" so that others in the community facing similar issues can easily find the solution. Your contribution is highly appreciated.
hth
Marcin