Don't freak out, follow these steps
If you’re reading this, you probably received an email claiming there’s “Unusual sign-in activity” on your Microsoft Account. The message makes it clear what it’s all about. But is it legit? Is your Microsoft Account compromised?
Reasons Why You Get the “Unusual Sign-in Activity” Email
If you’re a Microsoft Account user, then the chances are good that you’ll receive an “Unusual sign-in activity” message to your email account sooner or later. It’s a security alert that warns of a potentially unauthorized attempt to access your account. It could be due to:
- Someone trying to guess your password: If someone repeatedly enters the wrong password for your account, Microsoft will flag the activity as suspicious and notify you about it.
- Someone trying to access your account from a new device or location: If someone tries to sign into your account from an unusual device or location, you will receive an email.
- Someone trying to use your account to reset a password or recover an email address: If someone tries to reset your password or recover an email address associated with your account, Microsoft will inform you about it.
- Microsoft detecting other forms of suspicious activity: Microsoft uses various security protocols to identify sign-in attempts that originate from brute force attacks, phishing emails, and malware. Expect an email if that happens.
It is important to note that just because you receive this email, it does not necessarily mean that someone has attempted to enter your account. Most likely, it’s because of your own activity—you entered your password incorrectly or signed into a desktop or mobile device for the first time.
Regardless, it is always a good idea to verify the authenticity of the email, check your account activity, and change your password if you believe your account may have been compromised.
Check the “Unusual Sign-in Activity” Email for Authenticity
When you receive an email claiming there’s an unusual sign-in attempt, you must determine if it’s a legitimate Microsoft email because you could be the target of a phishing attack.
Check the email address of the sender—if it’s from account-security-noreply@accountprotection.microsoft.com, the email isn’t fake. If it reads something else, just move it into your spam email folder.
Note: Depending on the mail client you use, you might have to select the sender’s name—Microsoft account team/Microsoft team—to unhide the email address.
The email consists of a Review recent activity button that, when you select it, automatically loads up your web browser, where you can sign in and check your activity for additional information.
However, it’s best to avoid clicking it and log in to your Microsoft Account by manually loading the URL https://account.microsoft.com/activity through your web browser. That rules out all chances of you clicking on a malicious link.
What You Should Do to Secure Your Account
After signing into your Microsoft Account, select the Security tab and choose to View my activity under the Sign-in activity section. On the Recent Activity page that shows up, you’ll then see a list of login attempts.
Expand each recent sign-in to reveal additional details, such as the operating system of the device used in the attempt (Windows, macOS, etc.), the browser or app (Chrome, Outlook, etc), and the IP address and location. You’ll also see if the attempt was successful or not.
If you notice a suspicious login attempt, then you must immediately select the Secure your account option and follow the onscreen instructions to change the account password and beef up other areas of security.
You’ll be asked to verify your identity—e.g., via an SMS security code to your registered phone number—before you can proceed.
If you haven’t already, we strongly recommend you add two-factor authentication (2FA) or switch to a passwordless account to increase security to keep your account safe.
Visit the Security section of your Microsoft Account and select Get started under Advanced security options. You’ll find options to activate 2FA and remove your Microsoft user account password under the Additional security section.
Can You Recover a Hacked or Locked Account?
If you can’t log into your Microsoft Account, it’s likely that someone successfully accessed it and changed your password. It could also be that Microsoft locked down the account for your security.
To deal with that, Microsoft provides an interactive account recovery tool that you can work through. Select the nature of the problem, verify your identity, and follow the on-screen recovery instructions to regain access.
Keep Your Microsoft Account Protected
As you just learned, the “Unusual sign-in activity” error on your Microsoft Account is a security notification that you should not dismiss. First, rule out that it’s not a fake email from a phishing scam. Then, review the sign-in attempt and take action if you notice anything suspicious. Use strong passwords and change them regularly.
Again, make sure to activate two-factor authentication for your Microsoft Account; that alone can drastically reduce the chances of a would-be hacker breaching your account. Additionally, consider switching to a passwordless login for even better security.