Microsoft authenticator

Question

I keep getting notifications from Microsoft authenticator if someone trying to access an account I don’t know what account cause it doesn’t tell me in it all day long multiple times per day

Answer 1

Hello @Zachary Ballstaedt,

It appears that you are experiencing unauthorized sign-in attempts that are repeatedly triggering Microsoft Authenticator notifications.

1 - If You Are Using a Personal Microsoft Account

You can use any of your aliases to sign in, and you can select any of them for sending and receiving email. Verification codes sent by email can only be sent to your primary alias or another email address added as a verification method. Therefore, you can change your primary email address while you still able to use it as alias email. Prevent from unknown sign-in attempts.

You may follow the steps in the Microsoft KB below to add a new alias: Change the email address for your Microsoft account | Microsoft Support

To help stop unauthorized sign-in attempts, you can:

• Create a new email alias (a random string)
• Set the new alias as your primary sign-in email
• Disable sign-in access for the old email alias

As a result: Unknown users will no longer be able to attempt sign-ins using your old exposed email address.

2 - If you are using Business Account

If you are an end-user, you can reach out to your Global Administrator or IT Support team to further improve account security and help prevent repeated authentication notifications. They can support to change your primary email address and keep the current email as alias so you can keep send and receive email from the alias email address. For more information on how to change alias: Add another email alias for a user - Microsoft 365 admin | Microsoft Learn

To review your account activity, you can go to https://mysignins.microsoft.com/ . Then select Recent activity from the left pane

If you are an administrator, you can check the sign-in logs in https://entra.microsoft.com/

1. Navigate to Users > All users. 
2. Search for your account and open the Sign-in logs. 
3. The sign-in logs will display all login attempts, including whether they were successful or failed. You can review the status messages in the event details for more information. For example:  

Supported KB:  

• Sign-in logs in Microsoft Entra ID - Microsoft Entra ID | Microsoft Learn
• Learn about the sign-in log activity details - Microsoft Entra ID | Microsoft Learn 

If you have any further concern, please feel free to let me know.

---

If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment" 

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread. 

Answer 2

I have been trying to add my employers information to Microsoft authenticator. And I continue to get I can’t use a personal email for work in school, but that is my email for my job. How can I rectify this issue?

Answer 3

Those notifications mean Microsoft Authenticator is receiving sign-in approval requests for an account that is configured in the app. Each prompt is an MFA attempt for that account, and repeated prompts usually indicate either:

• Someone (possibly an attacker) is repeatedly trying to sign in to that account, or
• The account is still configured on another device (old phone/tablet) that is being used or has background sign-ins.

To handle this safely:

1. Never approve any unexpected request
   Always choose Deny on any notification that is not clearly from a sign-in just initiated.
2. Identify which account is being targeted
   Open Microsoft Authenticator and check which account tile shows the incoming requests (work/school vs personal Microsoft account). Authenticator acts as a repository for multiple accounts and may show inactive or SSO helper accounts that can be ignored, but the one showing prompts is the one being used for sign-in attempts.
3. Secure the affected account immediately
   For that account, change the password and review/update security info (phone, backup email, Authenticator) using the normal sign-in and verification flows. If this is a work/school account, contact the organization’s IT admin so they can review Microsoft Entra sign-in logs and investigate suspicious activity.
4. Remove old or unused devices
   If Authenticator is still installed on an old phone, uninstall it or remove the account from that device. Also review and clean up devices in the account’s security settings so notifications don’t keep going to old hardware.
5. If sign-in attempts continue
   Keep denying the prompts and work with support/IT to reset MFA or adjust authentication methods if needed. For work/school accounts, an admin can require re-registering MFA so new methods can be set up.

If at any point access to the account is lost (for example, if an attacker manages to change the password or remove Authenticator), contact Support for personal accounts or the IT admin for work/school accounts to recover access and reset MFA.

---

References:

• Troubleshoot problems with Microsoft Authenticator
• Microsoft Authenticator FAQs
• Authentication methods in Microsoft Entra ID - Microsoft Authenticator app
• Common problems with two-step verification for a work or school account
• Troubleshoot Microsoft verification code issues