I keep getting notifications through Authenticator asking me to approve or deny a login, which tells me that someone is trying to access my account, even after I change my password. What can I do to stop this?

Stefan Griffith 0 Reputation points
2026-07-01T05:04:52.2533333+00:00

The problem is described well enough in the title. I’ve been getting notifications from Authenticator at random times, even after I change my password on my email account, and I have used the option to log out of everywhere. What can I do?

Microsoft Security | Microsoft Authenticator
0 comments No comments

2 answers

Sort by: Most helpful
  1. Alina Le 3,175 Reputation points Independent Advisor
    2026-07-01T09:10:43.2133333+00:00

    Hello @Stefan Griffith

    I understand that receiving a lot of unauthorized access attempts to your account is very concerning. I will do my best to assist you based on information I have gathered from similar cases. To better assist you, may I confirm:

    • Are you using a personal email account (e.g., @outlook.com, @hotmail.com) or a business account (e.g., @companyname.com) that belongs to an organization?

    This activity can sometimes occur when an email address or username becomes exposed to automated traffic or repeated sign-in attempts online. As a result, the issue may continue even after a password change, although changing the password remains an important security measure. When an unauthorized sign-in attempt is made using your email, the system automatically sends a notification to your Microsoft Authenticator app as part of its security design. 

    You did the right thing by consistently denying these requests and signing out everywhere. This helps protect your account and prevent unauthorized access at that time.

    Besides, I recommend taking the following steps to further strengthen your account security and prevent repeated notifications based on your account type:

    1/ If you are using personal account:

    You can set up an additional sign-in alias. These options help reduce unwanted sign-in attempts and provide an extra layer of protection.

    -Sign in to your Microsoft account 

    -Choose “Add email” 

    • Start adding a new alias (do not remove anything yet). 

    -Create a new email alias 

    • Use a strong, hard-to-guess address (e.g., random string). 
    • Set it as your primary login email 

    -Make the new alias your main sign-in address. 

    -Disable login for your old email 

    • This is critical, it blocks attackers from using the old address. 

    -Remove the old email alias if you no longer need it (Optional, last step)  

    For your reference: Change the email address for your Microsoft account | Microsoft Support

    2/ If you are using business account:

    You can reach out to your IT Admin, who has global administrative rights in your organization’s tenant, to help strengthen your account security and prevent repeated notifications by referencing this thread.

    Getting too many authentication attempts on my account - Microsoft Q&A

    If you still need my assistance, please come back with screenshots or any additional details so I can review it again and see if there’s anything more I can help you with.  

    Wishing you all the best!


    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".  

    Note: Please follow the steps in "our documentation" to enable e-mail notifications if you want to receive the related email notification for this thread.

    Was this answer helpful?


  2. AI answer

    2026-07-01T05:05:11.0566667+00:00

    Unrequested Microsoft Authenticator prompts mean that something (a person, app, or device) is repeatedly trying to sign in with the account. Changing the password and signing out everywhere is a good start, but additional steps can reduce or stop these prompts and secure the account.

    1. Deny every prompt not initiated
      • For any "Are you trying to sign in?" or approval request that was not started intentionally, always select Deny.
      • As long as the prompt is denied, the sign-in attempt fails and the account remains protected.
    2. Review recent sign-in activity
      • Go to the Security basics page.
      • Select Review activity to open the Recent activity page.
      • Expand entries under Unusual activity or Recent activity:
        • If an event is clearly not yours, select This wasn't me (for Unusual activity) or Secure your account (for Recent activity).
      • This helps Microsoft detect and block suspicious sign-ins and guides through securing the account.
    3. Confirm no one else has access
      • If there is any sign-in activity that was not performed personally, follow the guidance under If someone has accessed your account:
    4. Check for delayed or mistaken prompts
      • Unrequested prompts can also occur when:
        1. Someone accidentally entered the wrong phone/email when trying to sign in.
        2. Delivery of a prompt requested earlier was delayed.
      • Even in these cases, continue to Deny any prompt not initiated.
    5. Review and update security info
      • On the Security basics page, verify alternate email addresses, phone numbers, and sign-in methods.
      • Remove any contact method or sign-in option that is not recognized.
      • Ensure there is at least one trusted method (such as Microsoft Authenticator) that is fully under control.
    6. Consider passwordless sign-in to strengthen security
      • For work or school accounts, going "passwordless" can reduce reliance on passwords and improve security:
        • Use methods such as Windows Hello, Microsoft Authenticator, SMS/Email codes, or physical security keys.
      • See How to go passwordless with your Microsoft account for details.

    If prompts continue after these steps, keep denying them and monitor Recent activity regularly. Persistent attempts usually indicate ongoing automated or manual sign-in attempts, but they cannot succeed without the correct approval.


    References:

    AI-generated content may be incorrect. Read our transparency notes for more information.

    Was this answer helpful?

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.