![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(272, 54%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECL%3C/text%3E%3C/svg%3E)
Microsoft Security | Microsoft Authenticator
A Microsoft app for iOS and Android devices that enables authentication with two-factor verification, phone sign-in, and code generation
Frequent Microsoft Authenticator prompts that are not initiated by the account owner usually mean someone (or something) is repeatedly trying to sign in.
Do not approve any prompts that were not initiated.
Then take these steps:
- Change the account password immediately
- Go to the account’s security page and reset the password to a strong, unique one.
- This helps stop ongoing sign‑in attempts that are using a known or leaked password.
- Strengthen sign‑in with safer methods
- Use Microsoft Authenticator number matching and location prompts where available.
- Consider moving to passwordless sign‑in (for example, Microsoft Authenticator, Windows Hello, FIDO2 security keys) so that a password is not the primary factor being attacked. See Go passwordless.
- Review and adjust verification methods
- Make sure only trusted phone numbers, emails, and devices are configured as security info.
- Remove any methods that are no longer controlled (old phone numbers, unused email addresses, lost devices).
- Monitor and secure devices
- Ensure devices used for Authenticator are not jailbroken/rooted and are fully updated.
- Keep other security apps (for example, Microsoft Defender, Intune Company Portal) updated and ensure device date/time are correct.
- If verification codes or prompts arrive that were not requested
- Treat them as a sign that someone is trying to access the account.
- Do not respond to or use any code that was not requested.
- After changing the password and securing methods, consider going passwordless to reduce these events.
If this is a work or school account and the prompts continue, contact the organization’s help desk or IT admin so they can review sign‑in logs, enforce stronger MFA policies, and help reset authentication methods if needed.
References: