Forum Discussion

AT1's avatar
AT1
Copper Contributor
Jan 20, 2026

Microsoft Authenticator help

keep getting Microsoft Authenticator attempts on my Hotmail account every 15 mins or so from an overseas location that im not aware of. I have changed my password, however im still getting attempts. ...
Lucaraheller's avatar
Lucaraheller
MCT
Apr 16, 2026

Hi AT1​ ,

What you are describing usually means someone already knows your email address and is repeatedly trying to sign in, but they are being stopped by Microsoft Authenticator because they do not have the second factor.

The good news is that if you did not approve the request, they did not successfully sign in.

The reason it may not appear clearly in sign-in history can be:

  • Some failed MFA prompts do not always show the way users expect in the consumer account portal
    • Attempts may be blocked very early in the process
    • Risk systems may suppress some noise events
    • Consumer Hotmail account logs are not as detailed as enterprise Entra ID logs

Most important action right now:

Do not keep simply denying forever. Strengthen the account so the prompts stop.

Recommended steps:

  1. Change password again to a strong unique password

Use a password never used anywhere else.

  1. Enable passwordless or number matching in Microsoft Authenticator

This reduces accidental approvals.

  1. Sign out everywhere

Go to Microsoft account security settings and sign out of all sessions.

  1. Remove unknown trusted devices

Check your security page for recognized devices and remove anything unfamiliar.

  1. Check forwarding rules and recovery info

Verify backup email, phone number, aliases, and any mail forwarding settings.

  1. Add or review account aliases

If attackers keep targeting the Hotmail address, using a separate sign-in alias can help.

  1. Never approve any prompt you did not initiate

Even once.

Important note:

If prompts continue every 15 minutes after password change, it may simply be an attacker repeatedly trying old credentials or using a password spray attempt.

Short answer:

This does not necessarily mean they are inside your account. It more commonly means MFA is successfully blocking them.

If you want to stop the spam prompts completely, the best next move is usually changing the sign-in alias plus reviewing all security methods.

You are doing the right thing by denying every request.