![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(316.8, 66%, 40%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAM%3C/text%3E%3C/svg%3E)
Microsoft Security | Microsoft Authenticator
A Microsoft app for iOS and Android devices that enables authentication with two-factor verification, phone sign-in, and code generation
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(153.6, 7.000000000000001%, 24%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EC3%3C/text%3E%3C/svg%3E)
The alerts mean someone (or something like a script/bot) is repeatedly trying to sign in using the account and triggering Microsoft Authenticator as the second factor. Because Deny is always selected, the attempts are blocked and do not show as successful sign-ins in the activity log.
Key points and actions:
- Why the prompts keep coming
- Unrequested prompts can be caused by:
- Someone trying to access the account with the correct username/password.
- Someone mistyping their own email/phone and accidentally using this account.
- Delayed delivery of prompts requested earlier.
- As long as Deny is selected for prompts not initiated personally, the account remains protected.
- Unrequested prompts can be caused by:
- What to do immediately
- Continue to deny any prompts not initiated personally.
- Change the password again from a trusted device and network, using a strong, unique password not reused on other sites.
- Review account security and recent activity:
- For a personal Microsoft account, sign in to the Security basics page and use Review activity to check for unusual sign-in attempts on the Recent activity page. If anything suspicious is found, mark it as not yours and follow the Secure your account flow.
- Strengthen sign-in and MFA
- Ensure Microsoft Authenticator (or another MFA method) is correctly set up and that only personal devices are registered.
- Consider going passwordless (for example, using Microsoft Authenticator, Windows Hello, SMS/Email codes, or security keys) to reduce reliance on passwords that can be guessed or reused.
- When to involve support or admins
- If this is a work or school account using Microsoft Entra multifactor authentication and unusual activity continues, contact the organization’s IT administrator and ask them to review Microsoft Entra sign-in logs and MFA configuration.
- If there is any sign that someone has actually accessed the account (not just attempted), immediately change the password and follow the guidance under If someone has accessed your account and Notify us if you don't recognize activity on your account on the Security basics and Recent activity pages.
As long as all unrequested prompts are denied and the password and security info are secured, these attempts are being blocked even if they continue for a while.
References: