Share via

Microsoft Authenticator requests from multiple jurisdictions

tim c 0 Reputation points
2026-06-10T15:41:28.4033333+00:00

I have recently experienced multiple authentication attempts from lots of different jurisdictions. These are all fraudulent and not initiated by me. Why are these being received and is there anything I should do to stop more attempts? I have already changed my password but this does not seem to have helped.

Microsoft Security | Microsoft Authenticator
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest

  1. AI answer

    2026-06-10T15:41:42.8266667+00:00

    These unrequested Microsoft Authenticator prompts and verification attempts are typically caused by one of the following:

    1. Someone is trying to sign in to the account using the correct username but guessing/brute‑forcing the password or MFA.
    2. Someone has accidentally entered the email/phone when trying to sign in to their own account.
    3. A delayed delivery of a prompt or code that was requested earlier.

    Changing the password is important, but it does not stop attackers from continuing to try to sign in. As long as they know the username, they can keep triggering MFA prompts or codes when they hit the sign‑in page.

    Actions to take:

    1. Deny every unrequested prompt or code
      • For any "Are you trying to sign in?" prompt or verification code that was not initiated, always select Deny or simply ignore it. Without the correct response or code, the account remains protected.
      • Do not respond to any verification codes that were not requested.
    2. Review recent/unusual sign‑in activity
      • Go to the Security basics page and select Review activity to open the Recent activity page.
      • If any sign‑in attempts are not recognized, mark them as This wasn't me or Secure your account (depending on where they appear). This helps secure the account and may trigger additional protections.
    3. Harden the account sign‑in
      • Ensure multifactor authentication is enabled and working correctly on the account.
      • Consider going passwordless (for work/school accounts) using methods such as Windows Hello, Microsoft Authenticator, SMS/Email codes, or security keys. Passwordless methods are more resistant to guessing, theft, or phishing.
    4. If sign‑in is being blocked after multiple attempts
      • Microsoft Entra multifactor authentication can temporarily block further attempts when it detects repeated sign‑ins or unusual activity. If legitimate sign‑ins are being blocked, wait for the block to clear or use a different MFA method.
      • If there is concern that someone else is actively trying to access the account, contact the organization’s IT administrator and ask them to review Microsoft Entra sign‑in logs and MFA configuration.
    5. If alerts show unusual sign‑ins
      • When emails or texts report unusual sign‑ins that are not recognized, follow the guidance on the Security basics page: review activity, mark unknown activity, and change the password again if necessary.

    As long as unrequested prompts are denied/ignored and MFA is correctly configured, these attempts cannot succeed, but monitoring activity and strengthening sign‑in (including passwordless options) will help reduce risk and impact.

    References:

    AI-generated content may be incorrect. Read our transparency notes for more information.

    Was this answer helpful?

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.