Forum Discussion

AT1's avatar
AT1
Copper Contributor
Jan 20, 2026

Microsoft Authenticator help

keep getting Microsoft Authenticator attempts on my Hotmail account every 15 mins or so from an overseas location that im not aware of. I have changed my password, however im still getting attempts. I deny the request every time, and when i look at security section under my account > view my sign-in activity. it doesn't appear here .

2 Replies

  • Lucaraheller's avatar
    Lucaraheller
    MCT
    Apr 16, 2026

    Hi AT1​ ,

    What you are describing usually means someone already knows your email address and is repeatedly trying to sign in, but they are being stopped by Microsoft Authenticator because they do not have the second factor.

    The good news is that if you did not approve the request, they did not successfully sign in.

    The reason it may not appear clearly in sign-in history can be:

    • Some failed MFA prompts do not always show the way users expect in the consumer account portal
      • Attempts may be blocked very early in the process
      • Risk systems may suppress some noise events
      • Consumer Hotmail account logs are not as detailed as enterprise Entra ID logs

    Most important action right now:

    Do not keep simply denying forever. Strengthen the account so the prompts stop.

    Recommended steps:

    1. Change password again to a strong unique password

    Use a password never used anywhere else.

    1. Enable passwordless or number matching in Microsoft Authenticator

    This reduces accidental approvals.

    1. Sign out everywhere

    Go to Microsoft account security settings and sign out of all sessions.

    1. Remove unknown trusted devices

    Check your security page for recognized devices and remove anything unfamiliar.

    1. Check forwarding rules and recovery info

    Verify backup email, phone number, aliases, and any mail forwarding settings.

    1. Add or review account aliases

    If attackers keep targeting the Hotmail address, using a separate sign-in alias can help.

    1. Never approve any prompt you did not initiate

    Even once.

    Important note:

    If prompts continue every 15 minutes after password change, it may simply be an attacker repeatedly trying old credentials or using a password spray attempt.

    Short answer:

    This does not necessarily mean they are inside your account. It more commonly means MFA is successfully blocking them.

    If you want to stop the spam prompts completely, the best next move is usually changing the sign-in alias plus reviewing all security methods.

    You are doing the right thing by denying every request.

  • Uhuru's avatar
    Uhuru
    Copper Contributor
    Jan 25, 2026

    Have you tried blocking also reporting as a potential spam or fraudulent activity?